How to Implement a Thorough Data Retention Policy

The evidence shows that major players in the legal field have been surprisingly slow to commit to a comprehensive data retention policy. The American Bar Association's 2017 Legal Technology Survey Report found that only 60% of respondents "have a policy to manage retention of information/data held by the firm." For firms with fewer than 50 employees, the numbers are even lower: 45% for solo respondents, 57% for firms of 10-49 employees, and 53% for firms of 2-9 employees.

A substandard data retention policy is risky in any field, but especially when it comes to legal work. Firms must ensure that former employees don't have access to data when they leave, data is organized and stored securely, and workers have consistent standards for the use of personal devices. They also need to prioritize mobile security, as more legal employees are working remotely.

Read the full article in Law Technology Today by iCorps VP of Technology, Jeffery Lauria here: How to Implement a Thorough Data Retention Policy

As a legal firm operating domestically, you're contending with a number of regulatory frameworks including FRCP, ESI, GDPR, and more. In order to best meet these requirements, we recommend these essential security tools for our clients in the legal services industry:

  • Managed Security
  • Managed Email Security
  • Multi-factor Authentication
  • Cloud Access Security Broker
  • End Point Detection and Response
  • Security Operations Center as a Service (SOCaaS)


Now, more than ever, take the time to review your cyber security and compliance posture. For more information about implementing any of these solutions for your legal firm, reach out to iCorps for a free IT consultation.

Contact for a Free Consultation

Related content:
There's Always a Bigger Phish: Legal Industry Security Strategies
Community Synergy: iCorps Hosts Cybersecurity Panel for ALA Boston