Records management policy should encompass all aspects of information management from creation through access to retention/destruction; and all formats in which that information is contained.
There are many risks associated with the information managed by a law firm. Alongside legal privilege and confidentiality, much personal information is held. Names, addresses, contact information, even bank details are held across many systems and in a variety of formats.
Legislation such as the various Data Protection Acts makes it essential that this information is managed properly, and disposed of properly once it is beyond its useful life.
The ability to conform to this legislation has a number of prerequisites, all of which fall under the general heading of records and information management policy.
To comply, a firm must be aware of what information it holds. This requires a standard for the creation of information. Where, why, who and in what format are all questions which need to be addressed before a record of any sort is created. These questions provide a framework ensuring that any record created has a purpose, is not duplicated and may be found and accessed if required. Management can only be imposed if the creation of information and records is properly controlled.
This avoids, for example, a situation where information important for a conflict of interest check is not available to those performing the checks, or where personal information is frequently duplicated making the end of life destruction patchy and indefinite. Similarly, records must be created for a purpose, and if a particular record or piece of information cannot be located or accessed when required, then its purpose is lost. If a firm has no knowledge of the records it is holding, then there is no point in holding those records.