Let’s table the technology discussion for just a moment as we have a guest post from Frank Kenney a research director at Gartner. He maintains his own blog at http://blogs.gartner.com/frank_kenney/ and authored this post about one of the most important, yet sometimes neglected relationship between the CIO and Chief Corporate Counsel.
Every CIO must ask Chief Counsel and all of the workers reporting to Legal (including internal and external attorneys, paralegals and administrative executives) how the information that flows in and out their department is governed and controlled. Here is a short survey that CIO should send to their legal department:
- How are you exchanging information (legal or otherwise (remember that e-mails asking about your last vacation counts too)) with internal, corporate and external parties?
- How are you maintaining chain of custody processes and procedures?
- How are you showing compliance to judicial, regional and national, industry and internal regulations around the handling and privacy of corporate information?
- What can you show a judge when asked, “Who has access to information?”
- What are your current FedEx, UPS, DHL and courier/messenger policies around privacy and what are the costs of using such services?
- Are you using e-mail to exchange information and if so what processes are in place for governance?
While these should not be difficult to answer, they can be uncomfortable; especially from the perspective of Chief Counsel.
Managed File Transfer (MFT) technologies, include mechanisms for enabling legal departments to consistently and securely exchange information in a way that is centrally managed, monitored and audited, are available from a myriad of vendors. (Gartner provides an annual magic quadrant for these vendors)
These technologies and services can be deployed in a manner that is transparent to the workers that will use them. For example they can be deployed behind an e-mail server (so workers can simply attach files the way they normally do), deployed as an add-on to existing legal software (so workers can simply press a button to send information) or deployed has a lightweight client on the desktop (so workers can double-click an icon or drag and drop a file.).
Regardless of where and how the technology is deployed, as a traditional packaged application, hardware appliance or cloud service, the technologies can be used by the enterprise to ensure that all regulations and mandates are being met and that proof of compliance can be easily generated.
Let’s face it; companies don’t really want to use existing e-mail systems to enforce policies around the chain of custody. E-mail administrators are burdened enough as it is. IT departments do not want to train workers on the use of FTP servers and the risk analysts and security analysts do not want the legal department leveraging free e-mail and collaboration services. But the reality is today most companies do one if not all of the above.
CIOs and their IT departments MUST supply their legal departments with mechanisms to exchange documents in a well governed way (visible, monitored and controlled), that is and shows compliance with all judicial and corporate regulations and mandates.
Are you ready to have that conversation with your legal team?