“Centralized administration of confidentiality is doomed to failure.” Public default security is tantamount to “letting the fox mind the chicken coop.” These are the dramatic teaser quotes from a 2011 blog at prosperoware.com .
The article puts forward Prosperoware’s Matter Hub as a way to enable decentralized administration of matter security. On each matter the lead attorney can enforce the security throughout the folder structure. This eliminates both conflict committee and IT as a bottlenecks. However, even a fine product like Matter Hub is not a panacea to ‘set and forget’.
Don’t misunderstand me – if there are any conflicts in the firm, I think it’s vital to have automatic security enforcement such as offered by the Matter Hub. Just don’t think that software can address one hundred percent of the puzzle.
Don’t get hooked by a quick-fix
One needs to consider and address the problems introduced by transfer of decison-making from “the 30,000 foot level” down to the isolated trenches of individual matter management. The central approach, such as a Risk Management team, offers advantages that “every” matter-responsible-partner may lack.
Automation needs to retain the strengths of the centralized conflict checking process
Duty to review matters for conflicts
- Central team should have a clear and limited mandate to review new matters on a regular basis.
- Per-matter responsibility – assigning this duty within the matter team demotes it to one task among many.
Impact of timing at matter opening
- Central team – in theory they have sufficient time allocated to review all incoming work for conflicts. In reality this review can delay the official opening of a matter file.
- Per-matter responsibility – sometimes matter-opening is a very hectic time. Possibly someone within the matter team may skip the conflict check because ‘matter work’ is more pressing.
Impact of new conflicts on existing matters
- Central team – should be reviewed on a regular basis. Because it’s a ‘special purpose’ group, there should be (might be) efficient processes in place to track relationships of interest.
- Per-matter responsibility – a new conflict might occur at a very critical time for a given matter, and it might be difficult or impossible to get the team’s attention to consider the conflict.
Adequate knowledge about 30,000-foot level activities for possible conflicts
- Central team – knowing about all the potential conflicts would seem to be the responsibility of the central team.
- Per-matter responsibility – It’s true that the matter team will be familiar with the details of their own matter, and so could be able to catch conflicts that a 30,000-foot-view would overlook. But, knowing where all potential conflicts might lie – that’s possibly a wider view than many lawyers have.
Read the original article:
In most law firms today, it’s the risk management team or general counsel who decides what level of confidentiality is called for on a particular matter. That’s simply the wrong way to go about it because they are looking at a matter from the 30,000-foot level. Centralized administration of confidentially is doomed to failure in the era of the electronic file, and the failure can be costly.
How law firms administer confidentiality will have to change, too. Can you imagine how large a risk team you’d have to have to manage just 500 confidential matters not to mention 5,000 matters?
Is your firm still in the security Stone Age with every typist applying security by hand? Are you happy with your firm’s answers to the business process questions raised here? Contact me for a complimentary security health check from Cersys.