System Landscape Recommendations for SAP Master Data Governance 7.0
Records and Information Governance: The Legal Landscape
Transcript of Records and Information Governance: The Legal Landscape
![Page 1: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/1.jpg)
Information Governance and the Legal Landscape
101Presented by John Isaza, Esq., FAI
![Page 2: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/2.jpg)
2
AGENDA
Scope of Information Governance
The Generally Accepted Recordkeeping Principles and Impact on Lawyerso ABA Amendments – Ethical
requirementso Security and Privacyo Challenges for global firms
How to comply?
![Page 3: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/3.jpg)
3
The Scope of Information Governance
PART 1
![Page 4: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/4.jpg)
4
GARTNER DEFINITION OF INFORMATION GOVERNANCE
“an accountability framework to encourage desirable behavior in the
valuation, creation, storage, use, archival and deletion of information.”
flickr.com/greebile
![Page 5: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/5.jpg)
5
SCOPE OF INFORMATION GOVERNANCE
![Page 6: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/6.jpg)
6
WHO IS RESPONSIBLE FOR IG COMPLIANCE?
General Counsel
Risk Management Committee
/ Partners
IG Advisory Committee
Information Technology
Records Managemen
t
Knowledge Managemen
t
Practice Group
LeadersMarketing Administrati
on
![Page 7: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/7.jpg)
7
The Generally Accepted Recordkeeping Principles
PART 2
![Page 8: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/8.jpg)
8
WHAT ARE THE PRINCIPLES?
G
A
R
P
enerally
ccepted
ecordkeeping
rinciples
Information management and governance of records
creation, organization, security, maintenance and
other activities used to effectively support recordkeeping of an
organization.
![Page 9: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/9.jpg)
9
T
A
I
P
C
A
R
D
ccountability
ransparency
ntegrity
rotection
ompliance
vailability
etention
isposition
A TIP CARD YOU SAY?
![Page 10: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/10.jpg)
10
Principle of Accountability
An organization shall assign a senior executive who will oversee a recordkeeping program and delegate program responsibility to appropriate individuals, adopt policies and procedures to guide personnel, and ensure program auditability.
![Page 11: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/11.jpg)
11
PRINCIPLE OF ACCOUNTABILITY
LEGAL CONSIDERATIONS
Supports ABA Model Rule 5.1
Responsibilities of Partners, Managers & Supervisory Lawyers
Oversight directive is key component of Rule 5.1 compliance
![Page 12: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/12.jpg)
12
Principle of Accountability
FEDERAL SENTENCING GUIDELINES
• Per Section 2E5.3 deals with labor management reporting and ERISA
• Section 2E5.3 focuses on “falsification of documents or records… [and] failure to maintain proper documents”
• Assigned “Accountability” is critical to avoid harsher penalties under Section 2E5.3
![Page 13: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/13.jpg)
13
The Principles
Principle of Transparency
The processes and activities of an organization’s recordkeeping program shall be documented in an understandable manner and be available to all personnel and appropriate interested parties.
![Page 14: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/14.jpg)
14
PRINCIPLE OF TRANSPARENCY
LEGAL CONSIDERATIONS
Supports ABA Model Rule 1.4(a)(4)
Availability of information is key component of Rule 1.4 compliance
A lawyer must "comply with reasonable requests for information."
![Page 15: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/15.jpg)
15
The Principles
Principle of IntegrityA recordkeeping program shall be constructed so the records and information generated or managed by or for the organization have a reasonable and suitable guarantee of authenticity and reliability.
![Page 16: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/16.jpg)
16
PRINCIPLE OF INTEGRITY
LEGAL CONSIDERATIONS
Affects authentication of records in court
Note difference between discovery and admissibility in court
Chain of custody issues
Principle of Availability is critical to discoveryPrinciple of Integrity is critical to admissibility
![Page 17: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/17.jpg)
17
Principle of IntegrityFEDERAL SENTENCING
GUIDELINES• Per Section 2E5.3 deals with labor
management reporting and ERISA• Section 2E5.3 focuses on
“falsification of documents or records… [and] failure to maintain proper documents”
• Integrity is critical to avoid harsher penalties under Section 2E5.3
![Page 18: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/18.jpg)
18
FEDERAL SENTENCING GUIDELINES
Part J addresses recordkeeping considerations:• Does offense involve destruction,
alteration or fabrication?• Does offense involve essential
records?• What was scope, planning or
preparation of the offense?
![Page 19: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/19.jpg)
19
FEDERAL SENTENCING GUIDELINES
Section 2E5.3 covers recordkeeping for:• Benefit Plans covered by ERISA• Documents required by Labor
Management Reporting and Disclosure Act• Provides sentencing guidelines for
falsification of documents or records or for failure to maintain proper documents
![Page 20: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/20.jpg)
20
LEGAL HOLDS COME INTO PLAY
Principle of Integrity includes Legal Holds
Must prevent alteration of records and other ESI that are relevant to pending or anticipated litigation or investigation
Challenge with data maintained in the Cloud
![Page 21: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/21.jpg)
21
The Principles
Principle of ProtectionA recordkeeping program shall be constructed to ensure a reasonable level of protection to records and information that are private, confidential, privileged, secret, or essential to business continuity.
![Page 22: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/22.jpg)
22
PRINCIPLE OF PROTECTION
LEGAL CONSIDERATIONS
ABA Model Rule 1.6
The cornerstone of the attorney-client privilege
Duty to maintain confidentiality of information
Protection is critical to Rule 1.6 compliance
J-M v McDermott, Will & Emery – Duty to Protect Privilege
![Page 23: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/23.jpg)
23
RECENT ABA AMENDMENTS
PHOTO COUTRESY OF ABANOW.ORGCommission on Ethics 20/20 created by then ABA President Carolyn B. Lamm in 2009 “to perform a thorough review of the
ABA Model Rules of Professional Conduct and the U.S. system of lawyer regulation in the context of advances in technology and global legal practice developments”
•Not binding on lawyers unless and until adopted by States but expect high adoption by states.
![Page 24: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/24.jpg)
24
Recent ABA Amendments – Rule 1.6
CONFIDENTIALITY OF INFORMATION
(c) A lawyer shall make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client. [Entirely new sub-section]
![Page 25: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/25.jpg)
26
Recent ABA Amendments – Rule 4.4
RESPECT THE RIGHTS OF THIRD-PARTIES
A lawyer who receives a document or electronically stored information relating to the representation of the lawyer’s client and knows or reasonably should know that the document or electronically stored information was inadvertently sent shall promptly notify the sender.
![Page 26: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/26.jpg)
27
Privacy and Information
SecurityHEALTH INFORMATION
• Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), whose regulations govern privacy and data security issues related to health information (including data maintained by employee health plans);
• Health Information Technology for Economic and Clinical Health Act (the “HITECH Act”), which imposes additional information security obligations on HIPAA covered entities and business associates of covered entities
![Page 27: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/27.jpg)
28
IMPACT OF HIPAA & HITECH ON LAW FIRMS?
• HIPAA applies to law firms that accept affected health care information from their healthcare clients
• HITECH extended regulations to professionals servicing healthcare industry, including lawyers
• Enforcement of penalties will take effect upon release of final set of rules (pending for 2 years)
• After that time, Security and Privacy rule violations could result in fines ranging from $50,000 to $1.5 million for a single violation
![Page 28: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/28.jpg)
29
Privacy and Information
SecuritySTATE LAWS AND INFORMATION
• State laws requiring the provision of privacy notices to individuals, such as the California Online Privacy Protection Act
• State information security breach notification laws, which are in place in over 45 states, Washington, D.C. and Puerto Rico; See, e.g., Cal. Civ. Code §§ 1798.29, 1798.82; N.Y. Gen. Bus. Law § 899-AA.
• State laws imposing minimum information security requirements, such as the Massachusetts Standards for the Protection of Personal Information; See, e.g., 201 Mass. Regs. Code §§ 17.01–17.05.
![Page 29: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/29.jpg)
30
Privacy and Information
SecuritySSN AND PERSONAL INFORMATION
• State laws that regulate the collection, use and other processing of Social Security numbers (“SSNs”)
• State laws requiring the secure disposal of records containing certain personal information, e.g., California, Georgia, Indiana, Montana, New Jersey, New York, North Carolina, Texas, Utah, Vermont, Washington and Wisconsin (some states also regulate disposal of personal info, whether a client or employee)
![Page 30: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/30.jpg)
31
IMPACT ON LAW FIRMS
• Example - Massachusetts Standards for the Protection of Personal Information
• One of the most far-reaching personal information data security regulations in the country
• Imposes obligation on any entity having the described personal information of an individual (SSN, Driver License/State ID, Financial account information)
• Requires documented security program, with administrative, technical and physical safeguards
• Raises the importance of law firms researching all states from which they might have an individual’s personal information and having defined policies and practices in place to ensure compliance
![Page 31: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/31.jpg)
International Considerations
for Protection
32
JAPANAUSTRIA
• E.g., Japan“Shall not provide personal data to a third party without obtaining the prior consent of the person.”See, Act on the Protection of Personal Information Art 23
• E.g., Austria“Authorisation shall be required for data exchange with recipients in third countries with an adequate level of data protection”
![Page 32: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/32.jpg)
33
DATA PRIVACY LAWS - INTERNATIONAL
Data Privacy Laws outside the US
• In the EU, personal information includes business contact information or memberships in trade groups or political organizations.
• EU restrictions on cross-border transfer of personal information may impose on a law firm’s ability to receive in the U.S. documents containing personal information from the EU.
• The issue is exacerbated further by the broad interpretation of the term “personal information” under EU data protection law.
![Page 33: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/33.jpg)
34
PRINCIPLE OF COMPLIANCE
LEGAL CONSIDERATIONS
ABA Model and local bar rules go to compliance
Various bar requirements address retention requirements
ABA Model Rule 1.15ABA Model Rule 1.15
• Safekeeping property requirement: “lawyer shall hold property of clients or third persons… separate from own property”
• Traditionally refers to money, but could “records” be considered “property?”
• Does compliance for a law firm include segregating client records from law firm records?
![Page 34: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/34.jpg)
35
Recent ABA Amendments – Rule 1.1COMPETENCE
To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology, engage in continuing study and education and comply with all continuing legal education requirements to which the lawyer is subject.
![Page 35: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/35.jpg)
36
Recent ABA Amendments – Rule 1.4COMMUNICATION
A lawyer's regular communication with clients will minimize the occasions on which a client will need to request information concerning the representation. A lawyer should promptly respond to or acknowledge client communications
![Page 36: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/36.jpg)
39
WHAT DO THE ABA CHANGES MEAN?
• Although advisory at this point, the Rule changes reflect the ABA acknowledgement that lawyers have emerging obligations in light of new technology
• Electronic Communications and Documents• Cloud• Third-Party Vendors• ESI
• Shows trend to embrace and regulate lawyers’ use of technology with client files. Expect wide state adoption and further modifications of Rules with changing technology
![Page 37: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/37.jpg)
41
The Principles
Principle of AvailabilityAn organization shall maintain records in a manner that ensures timely, efficient, and accurate retrieval of needed information.
![Page 38: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/38.jpg)
43
PRINCIPLE OF AVAILABILITY
LEGAL CONSIDERATIONS
Legal edicts similar to those applied to the principle of transparency
Supports ABA Model Rule 1.4(a)(4)
Availability of information is key component of Rule 1.4 compliance
A lawyer must "comply with reasonable requests for information."
![Page 39: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/39.jpg)
44
Principle of AvailabilityFEDERAL SENTENCING
GUIDELINES
Per Chapter 1, Part A, Subsection 4 “regulatory offenses” are a “major issue”
Criminal violations include “failure to… provide requested information”
Availability of information is key component of the Federal Sentencing Guidelines
![Page 40: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/40.jpg)
45
The Principles
Principle of Retention
An organization shall maintain its records and information for an appropriate time, taking into account legal, regulatory, fiscal, operational, and historical requirements.
![Page 41: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/41.jpg)
46
PRINCIPLE OF RETENTION
LEGAL CONSIDERATIONS
Thousands of regulations across the globe dictate retention requirements
Must consider:• Directly regulating statutes and
regulations• Statutes of limitations• Standards• Professional organization
requirements• Client records
![Page 42: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/42.jpg)
47
Principle of RetentionFEDERAL SENTENCING
GUIDELINES• Per Chapter 1, Part A,
Subsection 4 criminal violations include “failure to keep accurate records…”• Per Part J, Subsection 3: “if the
offense… involved the destruction, alteration, or fabrication of a substantial number of records, documents, or tangible objects” then the sentence should be increased• Retention of information is key
component of the Federal Sentencing Guidelines
![Page 43: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/43.jpg)
48
Records Management Policy
Policy and procedures needed, with RRS
Result in proactive records management
Targeted suspension/restart of records destruction when needed
Ability to retrieve subpoenaed records
Efficient document review & production
Management of documents across cases
![Page 44: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/44.jpg)
49
CRITICAL IMPORT OF LEGAL HOLDS
• Principle of Retention includes Legal Holds irrespective of RRS, duty to retain records and other ESI that are relevant to pending or anticipated litigation or investigation
![Page 45: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/45.jpg)
50
The Principles
Principle of Disposition
An organization shall provide secure and appropriate disposition for records that are no longer required to be maintained by applicable laws and the organization’s policies.
![Page 46: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/46.jpg)
51
INTERNATIONAL CONSIDERATIONS FOR DISPOSITION
BELGIUM AUSTRALIA
• E.g., Australia (Privacy Act 1988 Schd 3, 4.2)“An organization must take reasonable steps to destroy or permanently de-identify personal information if it is no longer needed for any purpose for which the information may be used or disclosed.”
• E.g., Belgium (BLG Dec 92 Prot Art 16.2)“The controller or his representative in Belgium, if any, must: ensure with due care that the data is kept up-to-date, and that incorrect, incomplete and irrelevant data, is rectified or erased.”
![Page 47: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/47.jpg)
52
PRINCIPLE OF DISPOSITION
LEGAL CONSIDERATIONS
Retention regulations also apply here
L.A. County Bar requirement to obtain written instructions from client for criminal recordsQuery New York Bar requirement for "Confidential Material"
• Retain “permanent, including after termination” of relationship
• What is considered confidential material?• The term “material” is broader than
“communication”• How do you determine what to keep
permanently?• What is the effect on emails and other
forms of confidential communications with client?
![Page 48: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/48.jpg)
53
Principle of DispositionFEDERAL SENTENCING
GUIDELINES
Per Part J, Subsection 3: “if the offense… involved the selection of any essential or especially probative record, document or tangible object, to destroy or alter” then the sentence should be increased
Disposition of information is key component of the Federal Sentencing Guidelines
![Page 49: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/49.jpg)
54
LEGAL HOLDS ARE AGAIN CRITICAL
• Principle of Disposition includes Legal Holds
• Must suspend destruction or alteration of records and other ESI that are relevant to pending or anticipated litigation or investigation
![Page 50: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/50.jpg)
56
12
34
5
THE MATURITY MODEL APPLIED TO EACH PRINCIPLE
SUB-STANDARD
RED
IN DEVELOPMENT
ORANGE
ESSENTIAL
AMBER
PROACTIVEBLUE
TRANSFORMATIONALGREEN
A rating of less than 5 may be acceptable because of:
• Organizational risk tolerance• Comparable with industry peers or
competitors
Previous level is not a prerequisite for the next
![Page 51: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/51.jpg)
57
How to Comply?
PART 3
![Page 52: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/52.jpg)
58
Principles as Best Practices
• The Principles as a key foundation of success Tracks legal requirements such as ABA
Model Rules and Sentencing Guidelines Tracks international standards and
requirements• The Principles as a framework; NOT
prescriptive• The Principles are flexible
![Page 53: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/53.jpg)
59
Principles as Best Practices
• The Principles are not right vs. wrong Different approaches to get there Strive for continuous improvement Progress over perfection
• Be sure to have: Governance structures Policies needed Processes defined to support
policies Use of technologies
![Page 54: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/54.jpg)
60
Create a
Roadmap• Research all relevant regulations, laws,
ethics requirements for jurisdictions in which the firm does business or from which the firm receives personal information for clients/employees
• Establish ultimate authority over risk and legal, e.g., General Counsel, Risk Committee, etc.
• Evaluate all policies, systems, and processes for compliance
• Evaluate shared or secondary use of client information – brief banks, expert banks, etc.
• Evaluate third-party vendor contracts and monitor ongoing compliance
• If needed, implement technology, policy/process changes to meet requirements
![Page 55: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/55.jpg)
61
FINAL RECOMMENDATIONS
Bottom line: Possession, custody and
control
Conduct a Principles-
based Assessment
Create a Steering
Committee
First lines of defense
Create and implement a records and information
management (RIM) program
Create and follow a Retention Schedule
Robust Legal Holds
processes
![Page 56: Records and Information Governance: The Legal Landscape](https://reader038.fdocuments.us/reader038/viewer/2022110309/55860636d8b42a81638b48f4/html5/thumbnails/56.jpg)
62
John J. Isaza, Esq., FAIInformation Management Partner, Rimon,
PC
www.RimonLaw.com