Information governance risks with modern legal work

Information governance controls are critical to realizing the benefits — and minimizing the risks — of modern legal work tools such as Microsoft Teams and Copilot.

Microsoft Teams has likely already changed the way your law firm works on matters, with professionals largely shifting away from using Microsoft Outlook as their primary tool for matter collaboration.

The November 1, 2023, release of Microsoft Copilot to enterprise customers promises to further transform the way lawyers work. The AI-powered tool’s potential applications include producing initial drafts of documents and summarizing your inbox.

But using these tools without appropriate information governance controls risks undermining the very efficiency they offer as well as creating ethical and security risks.

Below we look more closely at scenarios in which your firm’s use of these modern tools might cause problems, and how your firm can avoid these risks.

Modern legal work creates the risk of a shadow DMS and version control problems that jeopardize your legal work

Imagine the following scenario: Your law firm has just taken on a case defending a client from a product liability claim. Because your firm routinely handles these matters, it has a best practices document to guide associates through the relevant steps and case law. One of your partners goes into the document management system (DMS) to retrieve this document and shares it with an associate.

The associate then works on the case but overlooks a recent precedent. That precedent was in the best practices document — but not the version of the document your partner gave the associate. The correct, most recent version of the document was in a Microsoft Teams channel, not your DMS, because at some point the best practices document was downloaded from the DMS and uploaded into Microsoft Teams. This document no longer syncs with the source document in the DMS, and no one uploaded the changed version back into the DMS. (Why would they, given that people spend an increasing amount of time working natively within Microsoft applications?)

Although your partner manages to catch the associate’s errors before it’s too late, she now must scramble to fix several documents relating to the case.

Moreover, your firm realizes that it’s not sure where the most current versions of other critical documents reside. Some may be in Microsoft Teams, while others may be in your DMS. Your firm must now go through all teams and identify any documents that should have been moved to your DMS.

In effect, your Microsoft Teams application has become a shadow document management system (DMS) because it doesn’t integrate with your law firm’s DMS. To get documents from Microsoft Teams back into your DMS, your professionals must manually download the file from Microsoft Teams to their computer, and then upload the file to the DMS.

As people’s working practices evolve, and as Microsoft increasingly offers seamless movement across collaboration spaces like Microsoft Teams and Word, more and more content is being created and stored natively in Microsoft. The cumbersome process of getting the current version of a document back into your DMS is rapidly becoming a step too far for busy professionals. Many will simply leave documents in Microsoft Teams instead.

You need technology to support the document storage policies you want to enforce; you cannot rely on human behavior alone. Intapp Workspaces integrates your DMS with Microsoft Teams, meaning that your professionals can check documents into and out of the DMS directly from Microsoft Teams. People no longer have to manually download documents to their computers and then upload them to Microsoft Teams or Microsoft Word to take advantage of co-authoring.

Information governance controls can help avoid an ethical wall breaches.

Intapp tools can also help your firm avoid accidental ethical wall breaches.

For example, say a critical issue arises that requires specialized advice. One of your firm’s partners knows that another partner has expertise in this area, and wants to quickly loop the second partner in. The partner then shares access to the entire matter team to facilitate collaboration with the second partner — not realizing that aspects of the case are behind an ethical wall that has now been breached.

This problem could have been avoided with Intapp Walls, which prevents anyone from being added to a team who has a conflict with that team’s work. Moreover, with the protections Intapp Walls provides, your firm can be more liberal with Microsoft Teams, giving more people the power to create and add to teams.

Intapp Walls can also prevent inadvertently surfacing confidential materials through Microsoft Copilot

If your law firm uses Microsoft SharePoint (or Microsoft 365) in any way, your early adopters are probably excited about the recent addition of Microsoft Copilot to the suite of Microsoft tools. Microsoft Copilot can surface information from SharePoint and Microsoft files a user has access to, generating first drafts of documents and presentations.

But this information-retrieval capability — combined with incorrect permissions — could result in the tool surfacing information that’s supposed to be behind an ethical wall. For this reason, having reliable permissions established in your underlying Microsoft programs, particularly Microsoft SharePoint, is critical.

As Microsoft explains, “Microsoft Copilot for Microsoft 365 only surfaces organizational data to which individual users have at least view permissions. It’s important that you’re using the permission models available in Microsoft 365 services, such as SharePoint, to help ensure the right users or groups have the right access to the right content within your organization.”

Are you confident that all your Microsoft 365 and SharePoint permissions are correct and consistent with information access rights and barriers in your other firm systems? As configured at law firms, Microsoft SharePoint often has a complex architecture, with permissions at the site, library, and document levels. Moreover, these permissions can evolve over time, with site owners granting access to new members.

It’s not hard to imagine that one of your professionals could at some point make a mistake in granting a team member permission to a site, library, document, or team that the member shouldn’t have. When that team member makes requests in Microsoft Copilot, its AI will pull from the new data source, potentially surfacing material that should be behind an ethical wall.

Such a breach could disqualify your firm from a significant case. With the Department of Justice in recent years requesting increased scrutiny of law firm ethical walls, it’s possible such a slip-up could be uncovered by a court.

Your firm can avoid this risk with Intapp Walls, which uses a policy engine to configure and continually monitor permissions in Microsoft SharePoint, Teams, and other Microsoft 365 applications. This continual monitoring prevents someone from granting permissions to the wrong individuals. Your firm creates the policy engine rules based on your clients’ guidelines, ethical rules, and other controlling laws or policies.

For Intapp Walls to correctly apply its policies to the right client and matter teams in Microsoft SharePoint and Teams, Intapp Walls needs to know which workspaces apply to which clients and matters. Intapp Workspaces solves this problem by facilitating consistent application of client-matter metadata when provisioning Microsoft SharePoint sites and Teams. For this reason, Intapp Workspaces offers native integration with Intapp Walls to give clients holistic support for responsible use of AI.

Complying with your client retention policies can be challenging without effective information governance controls in place

Say your multi-office law firm is working on a merger or acquisition that requires the involvement of several of your practice groups and offices. You create one overarching team for the matter, as well as several additional teams that are handling different aspects of the due diligence.

However, your firm hasn’t set up naming rules for teams, and different offices call these individual teams by different names.

At the conclusion of the matter, you need to gather all the files and data relating to it. Consistent with rule 1.15 of the Model Rules of Professional Conduct, you’ve established a policy of keeping all client work records for five years after termination of the representation. However, gathering all the files and data will be difficult because of the inconsistent and ambiguous naming of the teams.

One way to avoid this problem is to develop and enforce rules for naming teams that require team names to reference the underlying matter number/code. Alternatively, you can use Intapp Workspaces, which connects to your financial management system or intake system to automatically pull in accurate client-matter codes when you create teams.

These client-matter codes serve as metadata that attach to a team and all the team’s content. Someone gathering matter data for client retention purposes can then simply use the matter code as a way of collecting all the data.

Should your firm ever be sued for malpractice on their work relating to the matter, the client matter code will also make it easier to put a legal hold on all the data relating to the matter.

Intapp Workspaces and Intapp Walls help you avoid potential human errors

All the information governance issues and ethical risks discussed above could be avoided with the right policies in place and adherence to those policies. But the right software can serve as a fail-safe in case any of your professionals forget to follow a policy or make a mistake with permissions.

  • For example:
  • Intapp Workspaces makes it easier for your team members to move documents back into their DMS, helping your firm avoid version control issues that could hurt your legal work product.
  • Intapp Workspaces also helps your firm provision each team within Microsoft Teams and all SharePoint sites with identifying matter codes. These codes help you track and retain all data relating to particular matters.
  • Going forward, these matter code tags will also support current and future uses of Microsoft Copilot and AI tools that depend upon these tools distinguishing between different matters.
  • As a complement to Intapp Workspaces, Intapp Walls helps your firm avoid unintended ethical wall breaches.

The information governance controls that these software tools provide are just a part of their value to your firm. In the case of Intapp Workspaces, its biggest value is in helping your lawyers access all information and tools relating to a matter — including needed documents and Westlaw — via a “single pane of glass.” That way, your professionals don’t waste time and focus switching among different applications all day.

If you’d like to learn more about how Intapp Workspaces and Intapp Walls protect you from information governance and ethical risks, connect with us to schedule a demo of these software tools.

Schedule a demo