How to Implement a Thorough Data Retention Policy
The evidence shows that major players in the legal field have been surprisingly slow to commit to a comprehensive data retention policy. The American Bar Association's 2017 Legal Technology Survey Report found that only 60% of respondents "have a policy to manage retention of information/data held by the firm." For firms with fewer than 50 employees, the numbers are even lower: 45% for solo respondents, 57% for firms of 10-49 employees, and 53% for firms of 2-9 employees.
Implementing a Data Retention Policy
Data Retention Policy
A substandard data retention policy is risky in any field, but especially when it comes to legal work. Firms must ensure that former employees don't have access to data when they leave, data is organized and stored securely, and workers have consistent standards for the use of personal devices. They also need to prioritize mobile security, as more legal employees are working remotely.
As a legal firm operating domestically, you're contending with a number of regulatory frameworks including FRCP, ESI, the E.U.'s General Data Protection Regulation (GDPR), and more. In order to best meet these requirements, we recommend these essential security tools for our clients in the legal services industry:
- Managed Security
- Managed Email Security
- Multi-factor Authentication
- Cloud Access Security Broker
- End Point Detection and Response
- Security Operations Center as a Service (SOCaaS)
Now, more than ever, take the time to review your cyber security and compliance posture. For more information about implementing any of these solutions for your legal firm, reach out to iCorps for a free IT consultation.