Please enjoy this co-authored blog from Joshua Johns, Manager of Information Governance, Faegre Drinker Biddle & Reath LLPand Tamara Tureson, Compliance, Conflicts and Records Manager, Faegre Drinker Biddle & Reath LLP.
If asked, our children would share any electronic file with anyone instantly! So why is it SOO hard for me to send something to Bob down the street?” Unlike our children, we are bound by a whole string of “doing business” process, protocols and legalities that are in place to protect us, the company and our clients. I suspect that given where you are reading this, you are well aware of said “legalities” and I don’t have to go into details at this time…although if you do need more info… <insert shameless plug for ILTA boards here…>. In the legal industry, there are two sides that always seem to lock horns on this subject…So let’s discuss how to make it work for the two sides that often don’t seem to see eye to eye, the business and the IT group (Dun…dun….dun!!!!).
In the usual scenario, the business wants to do their day to day work unhindered and IT wants to make sure that no one harms the business or its clients. Sometimes this means IT may implement what are seen as overly restrictive rules or policies. This in turn, can cause the business to be less efficient, and is a hindrance to their ability to provide service. The happy medium is getting both sides to understand wants, needs and where both sides can agree.
Let’s use encrypted media as an example. If IT has restricted use of USB drives, the business will almost certainly push back, because it’s so much easier for them to have unfettered access to any thumb drive they can find. And, it’s much cheaper. The point that IT needs to drive home is that while it may be more convenient and cheaper to use any drive, the cost and the risk is not worth it. A data breach will cost far more and will damage a firm’s reputation.
First, Find a champion who will empower you to say no, but at the same time offer alternative solutions. One solution…Have an unbiased professional(s) who understands both sides of the coin and can translate for Business and IT folks (For us it’s our Compliance, IG and security group). Discuss both sides’ requirements at the outset of any new project and have a third party who can play devil’s advocate. IT loves to put tools out there to make things easier for them to manage and maintain the systems; Business wants the latest and greatest solution, gadget or application to make them more efficient money makers. Both may be blinded by the novelty of of the product and the problem it appears to solve. A neutral third party may be able to point out some of the issues with the product and help resolve those issues.
Sometimes the answer is as simple as yes, the $100 drive maybe expensive but it is still less expensive than a repercussion of a data breach. Education and great communication are the key.