The way a law firm handles information could represent a ticking time bomb. Every document you file carries legal, financial and practical implications for your business. It is vital to understand these implications, and the actions required to protect the business and its clients.

Processing data and personal records is fundamental to the work of a solicitor. The Data Protection Act 1998 stipulates how such information must be used, kept and destroyed. If you routinely store your paper and digital documents on office premises or keep records beyond the legal requirement, you could be exposing your business to serious legal liability and the consequences it carries with it.

Furthermore, you could be wasting thousands of pounds and hours of time that could be better invested looking after clients. Many firms fail to recognise the full cost of storing paper and digital records in-house, including the loss of valuable office space and the manpower costs of stacking, retrieving and managing the information inventory.

Last but not least, would your business be able to function if information was lost, damaged or destroyed? What would you do if your office was broken into, or damaged by flood or fire? How would your law firm cope if your computer system went down with all your digital case files or emails required for disclosure? How would you collate information to brief counsel or instruct experts? And how would you explain any of this to your clients?

What are the risks?It is impossible to underestimate the importance of information security. With law firms storing a vast amount of sensitive, confidential and complex information, the impact of damage or loss can have far reaching implications for the business – from poorly prepared and handled cases to substantial fines for non-compliance and the loss of client trust.

Anecdotal evidence suggests that legal firms retain a preference for paper documents and have a tendency to store everything forever. A failure to meet the data retention deadline or an inability to securely destroy unwanted documents could expose a law firm to legal action by former clients.

Even if a company abides by the legal 15-year requirement, volumes can soon build up. Paralegal staff can find themselves occupied with filing, searching for and retrieving documents instead of focusing on the law – an inefficient allocation of resources. And, of course, alongside paper documents, legal firms are facing an ever-increasing mountain of electronic – or digital – records.

There is a growing trend among law firms to introduce sophisticated IT systems to scan and store new files electronically as part of a digital document management system. This has clear benefits in terms of increased productivity and efficiency, but, with little guidance available, legal professionals are often left to guess for themselves which files need to be scanned.

In addition, with growing pressure to offer full disclosure on demand, legal firms need to ensure that all electronic records – including emails and social media communications – are backed up and stored securely, preferably offsite.

Taking actionWith information such as case files, research, time and billing reports, litigation support information and correspondence now existing in both physical and digital formats, it is important to clearly define integrated policies and processes. Evidence suggests that many large legal firms are already introducing company-wide processes that are supported by management and training, and often involve outsourcing the day-to-day process of information management to trusted third party suppliers. Some of the most progressive law firms have even been certified for ISO 27001 – a specification for an information security management system – as they increasingly recognise the business and reputational benefits of information security.

The picture for small firms can be very different.

In smaller legal firms, the process of data management can be in the hands of an individual and may depend on a system no one quite understands that was put together years ago by a member of administrative staff. Such businesses can be particularly vulnerable to data loss through human error, and a failure to take action could irrevocably damage the business.

For many law firms, regardless of size, the solution can be to outsource some or all of their information management needs.

The first step in making such a decision is often financial. Assuming your company manages its physical and digital records in-house, it is important to identify how much this is costing the firm in real terms. When you take into account requirements for physical space, the amount of staff time devoted to information storage and management, not to mention the cost of training your staff to handle information appropriately – chances are that the total expenditure is significant. The use of online calculators allows businesses to identify and compare the full cost of storing information onsite with the cost of outsourcing it.

Additional benefits of outsourcing often include full accountability and tracking for all information – so you know where information is at any moment in time, who is using it and what for – as well as secure archiving for all ‘non-active’ documents, extremely rapid search and retrieval options, and secure destruction for documents no longer required. All this can help to relieve your business of unnecessary risks and costs, providing peace of mind and legal compliance that leaves you free to focus your energy on doing what you do best: providing legal support to clients.

Russell Sanderson is commercial director for professional services at Iron Mountain