Wednesday, June 1, 2011

Confidentiality, Insider Trading, Information Risk Management & Technology

Law Technology News brings information risk management to the forefront with this month's cover story: "Catch Me if You Can: Guarding Firm Data From Insider Trading."

While spurred by recent insider trading scandals, the article does an excellent job of defining the fundamental tensions and challenges regarding confidentiality management:
  • First is striking the right balance between the need for security and the need to share knowledge among attorneys. Second is how crucial it is for firms to have not only detailed and clearly thought-out security policies, but also to put the right people in place ­-- with enough authority to implement and enforce them, monitor compliance, and continually review and update the protocols."
  • "But the dilemmas are obvious. The service that law firms sell is their expertise and experience. So, by their very nature, firms encourage attorneys to collaborate and share knowledge. At the same time, they have to protect clients' confidential information. In information systems, that tension often shows up in how document and knowledge management systems are configured."
  • "They can be set up either as open systems by default, whereby sensitive documents are secured only in specific cases, or as closed systems by default, where all documents are locked down and made available only to certain people in specific circumstances. While the latter approach is safer, the former approach is more conducive to the nature of law firms. After all, the reason most firms adopted these systems is to make it easier to find and share information so that attorneys can work more intelligently and efficiently. That's why nearly all firms leave their systems open. Patrick Archbold, vice president of the information risk management practice at IntApp, says he's aware of only two (one Magic Circle firm in London and one firm in New York) that have closed systems."
The article includes an excellent overview of how technology can often create risk (internal enterprise search) and help mitigate risk (automated confidentiality management and enforcement).

No comments:

Post a Comment