Information Governance: How it Impacts Law Firms Kyle Tidwell Associate Director of Legal Projects, Robert Half Legal 1

© 2015 Robert Half Legal. An Equal Opportunity Employer M/F/Disability/Vet. All rights reserved. This material is the confidential property of Robert Half Legal. Copying or reproducing this material is strictly prohibited. Agenda Introductions Information Governance Overview Importance of IG In Law Firm Settings Law Firm Data Breaches What They are Looking For Ways to Help Prevent Breaches 2

© 2015 Robert Half Legal. An Equal Opportunity Employer M/F/Disability/Vet. All rights reserved. This material is the confidential property of Robert Half Legal. Copying or reproducing this material is strictly prohibited. Robert Half Consulting Solutions Internal Audit and Financial Controls Litigation, Investigations, and Information Governance Risk and Compliance Full Outsourcing Co-Sourcing & Special Projects IT Internal Audit Quality Assurance Reviews Internal Audit Transformation Audit Committee/CAE Advisory GRC Organization Design & Implementation Financial & Operational Controls Improvement Sarbanes-Oxley & Financial Reporting Controls Compliance Litigation Consulting Managed Document Review & Staffing Discovery Risk Management Computer Forensics eDiscovery & Records Management Processing & Hosting eDiscovery Audits & Litigation Readiness Capability Maturity Model Assessments Enterprise Risk Management Market & Commodity Risk, Credit Risk, Operational Risk Capital Management and Fair Lending Lender and Acquisition Due Diligence Divestiture & Integration Assistance Risk Management and Compliance Process Regulatory Compliance / AML Monitoring Loan Modification, Loss Mitigation and Servicing Predictive Modeling and Advanced Analytics Finance and Accounting ExcellenceCost and Working Capital Optimization Information Technology Effectiveness and Control Finance Remediation & Reporting Compliance Finance Process Optimization & Integration Enterprise Performance Management Business Intelligence Data Mining & Analytics Public Company Readiness Revenue Risk Supply Chain Capital Projects & Construction Global Sourcing Loss Prevention Policy & Strategy Communications IT Governance & Risk Management Security Strategy and Program Management Identity and Access Management Application Controls Effectiveness Software Governance and Risk Management End-User Applications Services

© 2015 Robert Half Legal. An Equal Opportunity Employer M/F/Disability/Vet. All rights reserved. This material is the confidential property of Robert Half Legal. Copying or reproducing this material is strictly prohibited. Information Governance Defined Information Governance (IG) is the set of multi- disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organization's immediate and future regulatory, legal, risk, environmental and operational requirements. It determines the balance point between two potentially divergent organizational goals: Extracting value from information Reducing the potential risk of information 4

© 2015 Robert Half Legal. An Equal Opportunity Employer M/F/Disability/Vet. All rights reserved. This material is the confidential property of Robert Half Legal. Copying or reproducing this material is strictly prohibited. A Brief History of IG In 2003, England’s Department of Health decided that the current data explosion merited a more comprehensive platform of healthcare records management that addressed all phases of the lifecycle consistently and effectively. In 2008, ARMA International introduced the Generally Accepted Recordkeeping Principles®, or "The Principles" and the Information Governance Maturity Model. In 2011, ARMA International collaborated with the EDRM on a white paper that illustrated the importance of connecting The Principles with the Information Governance Reference Model (IGRM.) In May 2014, the EDRM updates their discovery diagram to include Information Governance. Previous versions referenced Records Management or Information Management. 5

© 2015 Robert Half Legal. An Equal Opportunity Employer M/F/Disability/Vet. All rights reserved. This material is the confidential property of Robert Half Legal. Copying or reproducing this material is strictly prohibited. 6

What Are We Creating and What Are We Doing With It 7

© 2015 Robert Half Legal. An Equal Opportunity Employer M/F/Disability/Vet. All rights reserved. This material is the confidential property of Robert Half Legal. Copying or reproducing this material is strictly prohibited. Enhance Defensibility: Demonstrate reasonable and good faith efforts as part of routine operations in responding to investigations, litigations and regulatory actions. Chain of custody document is oftentimes critical in legal matters. Realize Cost Savings: Identify practical solutions that result in 40% to 70%+ cost reduction in storage and retrieval. Improve Compliance: Ensure compliance with internal policies and applicable legal and regulatory requirements. Drive Sustainability: Minimize disruptions to business units and drive effectiveness and efficiency in the proper creation and receipt, distribution, use, maintenance, and disposition of records. Manage Risks vs. Opportunities: With the explosion of existing data, along with new data sources in recent years, businesses are tasked with balancing the opportunities that big data provides, with the inherent legal, privacy, and data security risks. Critical Components of Information Governance

© 2015 Robert Half Legal. An Equal Opportunity Employer M/F/Disability/Vet. All rights reserved. This material is the confidential property of Robert Half Legal. Copying or reproducing this material is strictly prohibited. Same Amount of Data just Different Storage 9

© 2015 Robert Half Legal. An Equal Opportunity Employer M/F/Disability/Vet. All rights reserved. This material is the confidential property of Robert Half Legal. Copying or reproducing this material is strictly prohibited. Increasing Impact of IG in Legal Matters 10

© 2015 Robert Half Legal. An Equal Opportunity Employer M/F/Disability/Vet. All rights reserved. This material is the confidential property of Robert Half Legal. Copying or reproducing this material is strictly prohibited. Importance of IG to Lawyers ESI is critical to the outcome of litigation, necessary as part of an acquisition, and is growing at rates unimaginable several years ago. Manual vs. Automated Processes Policies & Procedures compared to actual implementation The Number of “smart devices”, mobile, social media, Cloud, and the Internet of Things provide profound business opportunities and risks Costs of retention (or not retaining), archival, destruction, eDiscovery and legal hold enforcement 11

© 2015 Robert Half Legal. An Equal Opportunity Employer M/F/Disability/Vet. All rights reserved. This material is the confidential property of Robert Half Legal. Copying or reproducing this material is strictly prohibited. A Lawyer’s IG Nightmares  Is having records retention policies that go unenforced worse than having no policy at all?  Legal Hold Notices and Upkeep  Data Breach (Internal and External)  Deleted Data/Spoliation  What is Deemed Readily Accessible Data –What’s available? –What’s the size? –What are the categories? 12

© 2015 Robert Half Legal. An Equal Opportunity Employer M/F/Disability/Vet. All rights reserved. This material is the confidential property of Robert Half Legal. Copying or reproducing this material is strictly prohibited. Hackers Breach Law Firms, Including Cravath and Weil Gotshal The firms include Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP, which represent Wall Street banks and Fortune 500 companies in everything from lawsuits to multibillion-dollar merger negotiations. It isn’t clear what information the hackers stole, if any, but the focus of the investigation is on whether confidential data were taken for the purpose of insider trading, according to a person familiar with the matter. The attacks on law firms appear to show thieves scouring the digital landscape for more sophisticated types of information. Law firms are attractive targets because they hold trade secrets and other sensitive information about corporate clients, including details about undisclosed mergers and acquisitions that could be stolen for insider trading. »The Wall Street Journal March 29,

© 2015 Robert Half Legal. An Equal Opportunity Employer M/F/Disability/Vet. All rights reserved. This material is the confidential property of Robert Half Legal. Copying or reproducing this material is strictly prohibited. Jacksonville law firm hacked, has to pay $2,500 in bitcoin to get files back 14 A local law firm says it was hacked and had to pay thousands of dollars in ransom to get its files back. The Brown Firm, located in the San Jose area, said it happened in December when it suddenly couldn't access its case files. It received a ransom note, saying it had to pay $2,500 in bitcoin in order to unlock the information. The same thing happened to a hospital in Los Angeles, causing delays in the emergency room. The ransom there was set at more than $3 million. In both cases, they've been told people's data wasn't compromised. “Everything that comes into this office was on the computer,” said legal assistant Patty Pearson. “We're a small 3 person firm never thought something like this would happen to us.” The local law firm said it paid the ransom and got control of its files back after ten days. It says more secure policies are now in place to protect its files. © 2016 Cox Media Group.

© 2015 Robert Half Legal. An Equal Opportunity Employer M/F/Disability/Vet. All rights reserved. This material is the confidential property of Robert Half Legal. Copying or reproducing this material is strictly prohibited. What all attorneys should consider in an ever-changing world 15 Although you may believe your firm is unlikely to be the target of a hack, such thinking may be a recipe for disaster. Cyber criminals are constantly adapting, looking for easy targets and sources of potentially valuable data. What makes this data valuable? If the data can be successfully used to steal identities, then criminals will use it to commit fraud for days, weeks or months before the identity theft is detected. Additionally, the stolen data may be sold to other would-be criminals all over the world. As certain businesses make it harder for criminals to penetrate their respective computer systems and networks, the next line of potential targets are those businesses that keep lots of data containing personally identifiable information (PII), but that lack adequate protective security. Steve Couch is president and CEO of the Ohio Bar Liability Insurance Company.

© 2015 Robert Half Legal. An Equal Opportunity Employer M/F/Disability/Vet. All rights reserved. This material is the confidential property of Robert Half Legal. Copying or reproducing this material is strictly prohibited. Recognizing the Risk 16

© 2015 Robert Half Legal. An Equal Opportunity Employer M/F/Disability/Vet. All rights reserved. This material is the confidential property of Robert Half Legal. Copying or reproducing this material is strictly prohibited. American Bar Association’s 2015 Legal Technology Survey 17

© 2015 Robert Half Legal. An Equal Opportunity Employer M/F/Disability/Vet. All rights reserved. This material is the confidential property of Robert Half Legal. Copying or reproducing this material is strictly prohibited. Some examples of personally identifiable information, as defined by RC , are:  Names;  Social Security numbers;  Resumes;  Correspondence;  Addresses;  Phone numbers;  Driver’s license numbers;  State identification numbers;  Professional license numbers;  Financial account information; 18  Medical and health information;  Physical characteristics and other biometric information;  Tax information;  Education information;  Individuals’ job classifications and salary information;  Performance evaluations;  Employment applications; and  Timesheets.

© 2015 Robert Half Legal. An Equal Opportunity Employer M/F/Disability/Vet. All rights reserved. This material is the confidential property of Robert Half Legal. Copying or reproducing this material is strictly prohibited. Opportunities to Advance Law Firm Security 1. Encrypt, encrypt, encrypt 2. Use Caution in the Cloud 3. Beware of BYOD 4. Vet Your Vendors 5. Staff Training is Key 6. Be Wireless Savvy 7. Have a Password Policy 8. If All Else Fails, Be Prepared 9. Consider Cyber Liability Insurance Coverage 10. Use of Cybersecurity Frameworks and Standards »CNA: Safe and Secure:Cyber Security Practices for Law Firms 19

© 2015 Robert Half Legal. An Equal Opportunity Employer M/F/Disability/Vet. All rights reserved. This material is the confidential property of Robert Half Legal. Copying or reproducing this material is strictly prohibited. Panama Papers Experts worldwide are calling the data breach surrounding the so-called Panama Papers—more than 11.5 million documents detailing how hundreds of wealthy people hid money in offshore banks and investments to avoid paying taxes—the biggest data breach in history. Panamanian law firm Mossack Fonseca suffered a data breach of astronomical proportions when a hacker broke into the firm’s servers, stole millions of s and PDFs, and then sent them to the press, the law firm has announced. The papers reveal how tens of thousands of people, including high-ranking politicians, their families, celebrities and wealthy citizens of more than 40 countries, hid trillions of dollars in order to avoid paying taxes. 20

© 2015 Robert Half Legal. An Equal Opportunity Employer M/F/Disability/Vet. All rights reserved. This material is the confidential property of Robert Half Legal. Copying or reproducing this material is strictly prohibited. Panama Papers HR and IT professionals who work at law firms must be especially cautious about protecting client data. Last year, the American Bar Association reported in its Legal Technology Survey that 1 in 4 firms with at least 100 attorneys have experienced a data breach. The breaches were blamed on hackers, website attacks, or stolen or lost smartphones or computers. Last week, cyberthieves broke into two New York law firms that represent Fortune 500 companies and banks on Wall Street. U.S. federal investigators are examining the data breaches at Weil Gotshal & Manges LLP and Cravath Swaine & Moore LLP and-what-the-data-breach-means-for-law-firms.aspx#sthash.CfIfDqb9.dpuf 21

© 2015 Robert Half Legal. An Equal Opportunity Employer M/F/Disability/Vet. All rights reserved. This material is the confidential property of Robert Half Legal. Copying or reproducing this material is strictly prohibited. Questions & Commentary Kyle Tidwell, Assoc. Director of Legal Projects Robert Half Legal 22