LFIGS 2.0 (Executive Summary)


As a result of new/expanding data privacy regulations, exponential data growth and disruptive technologies, the Law Firm Information Governance Symposium members created a modernized report on what IG means within the law firm sector. This report is an updated version of the 2012 "A Proposed Law Firm Information Governance Framework."

August 23, 201912 mins
A woman typing on a laptop while a man looks over her shoulder.

In 2012, the newly established Law Firm Information Governance Symposium (“LFIGS” or “the Symposium”) assembled in Chicago with the formidable task of defining what information governance (“IG”) meant within the law firm industry. After two days of collaboration and debate, followed by several weeks of refinement, this group developed and published a set of reports that collectively were presented as “A Proposed Law Firm Information Governance Framework.” The Working Group 1 paper titled “Defining an Information Governance Framework” proposed a definition for law firm IG, the concept of an information governance advisory board, a set of core principles that would inform the IG initiative, and a set of process components that are critical to consider in a comprehensive governance program framework.

At the time, IG was relatively new to law firms (and to the thought leaders at the table.) Its very title - “A Proposed Law Firm Information Governance Framework”- reflected the uncertainty as to whether the body of work would be accepted by the legal industry. Little did they know that in the years following, the work would appear and be referenced in multiple presentations, articles and blogs. It would be used as a means for firms to establish their own IG programs, and to recruit leaders and engage business partners in order to make this proposed vision a reality. Most importantly, it fostered a collaborative environment for emerging IG leaders to discuss trends, identify challenges, and share ideas on how to ensure their own IG programs were not just compliant with policies and regulatory requirements, but also truly optimizing their firm’s capabilities to help make lawyers more efficient and responsive, and clients more satisfied with their level of service. Finally, the group developed additional papers annually, covering a number of relevant topics, all of which contribute to the overall body of knowledge in the law firm IG space.

Eight years later, in the wake of new/expanding requirements such as the General Data Protection Regulation (GDPR) in the EU and US state enacted privacy law, exponential data growth, disruptive technologies and client outside counsel expectations becoming common-place, the Symposium participants decided to revisit the initial Working Group 1 paper, and generate a new report that provides an updated, or “2.0” version, of what IG means within the law firm sector today. Symposium participants convened for two days in June 2019 to evaluate the original report, consider where existing definitions needed revising or replacement, and determine where new processes should be added (as an example “privacy” was not its own process component within the first report, but is included as part of the new report.)

Following are the current draft process components as refined by this year’s Symposium participants:

  • Privacy and Regulatory Compliance: The process of ensuring compliance with all governing rules, laws, regulations and directives. For example, process should comply with regulations concerning the protection of personal and confidential client information.
  • Client Directives/Information Requests: The process of responding efficiently, consistently and appropriately to client directives and information requests regarding IG, including Request for Proposal (RFP) responses, questionnaires, surveys, outside counsel guidelines and audits.
  • Preservation Holds: The process of preserving potentially responsive information, ensuring the suspension of scheduled disposition, and certifying custodial legal hold compliance during the discovery phase of litigation and investigations.
  • Mandated Destruction: The destruction of information as legally mandated or by agreement among parties and certification that the destruction process has been completed.
  • IG Awareness and Education: The process of providing guidance, proactive education and training to all firm personnel.
  • Securing Information: The process of controlling access to physical and electronic information: for example via ethical walls, remote access to information repositories and confidential access controls. Technology & Data Governance: The process of providing guidance on data organization, classification and migration; systems selection, capabilities and implementation; commissioning/decommissioning/ developing systems; and information migration to ensure it is consistent with IG policies.
  • Third-party Engagements: The process of ensuring all third-party engagements are compliant with applicable firm information governance policies.
  • Auditing and Remediation: The process of assessing and auditing key IG processes on a regular basis to ensure that the organization meets the goals of the program. Includes establishing operational metrics and benchmarks which are routinely monitored and analyzed, including any necessary remediation steps, to ensure the overall effectiveness of the program.
  • Matter Lifecycle Management: The process of capturing and maintaining client or matter information that is organized by matter type / area of law / practice area including client engagement documentation, and perpetuating the collection, organization and access of the matter file content throughout the life of the matter. Includes the process of systematically closing matters in firm systems at the conclusion of representation.
  • Matter Mobility: The process of moving matters and their associated information into and out of law firms triggered by lateral moves, client terminations and other events.
  • Retention/Disposition: The process of applying lifecycle management practices to client and firm information, enacting disposition as authorized and applying defensible disposition to legacy information.

The Symposium intends to redesign the original LFIGS processes graphic to ensure it accurately represents how these process components connect with one another and to the broader framework. The Symposium participants also intend to use the new process definitions to create an interactive maturity model, which will allow law firms to assess their own programs, and to receive directional guidance to one or multiple reports within the comprehensive body of LFIGS reports, corresponding to the area(s) in which a firm wants to focus its improvement efforts.

What may be most telling, however, in this 2.0 report is found within the title itself – A Defined Law Firm Information Governance Framework. While the outcome and impact of the first “proposed” report was initially unknown, the subsequent validation of its value to firms confirmed for Symposium participants that its revision – and those who contributed to it – comes from a place of knowledge, practical experience and proven results that are making a tangible difference for law firms in the areas of risk mitigation, cost reduction and improved client service.

The full LFIGS 2.0 report will be published October 2019 and can be accessed on the official Law Firm Information Governance Symposium website, SYMPOSIUM.IRONMOUNTAIN.COM

Iron Mountain established the Law Firm Information Governance Symposium (Symposium) in 2012, as a platform for the legal industry to create an information governance (IG) roadmap unique to law firms. The Symposium meets annually to create reports that offer definitions, processes and best practices for building law firm IG. The reports are authored by law firm leaders and subject matter experts from the service provider community.


Brianne Aul
Senior Manager of Information Governance
Morgan Lewis & Bockius LLP

Leigh Isaacs
Director of Information Governance and
Records Management

Terrence Coan
Managing Director, Advisory
HBR Consulting LLC

Randy Oppenborn

Director, Information Governance
Foley & Lardner LLP