“An October 2018 decision issued by the Maryland State Bar Association’s Committee on Ethics was the first of its kind in the US. While the bar did not seek to opine on the obligations of law firms under the EU General Data Protection Regulation (GDPR), it provided an interesting glimpse into how US-based bar associations, and law firms, will need to be mindful of the regulation.”
“First, and foremost, it’s important to understand whom the GDPR applies to.
“For years, the perception has been that old-school records managers attended the MER Conference. In fact, attendance this year covered the entire spectrum from corporate to legal and government. Yes, there were records folks, but there were also many people from the C-suite, information technology, privacy, and security. Were it my place to do so, I would re-cast the MER Conference as an information governance event.”
“From the moment the conference leaders asked me to speak, I wanted to present a fresh take on managing electronic records and information across the enterprise.”
“And I came away from the MER Conference with the idea that if two records managers walk into a bar, what they ought to notice first is that the register is a computer, the flat screens are digital, IoT devices likely surround them, and most of the people sitting around probably have their faces buried in a smartphone.
“Information governance and the protection of corporate data are top concerns for law firms. To ensure standards are met, some clients are now tying payment to compliance with Outside Counsel Guidelines (OCG). OCG have moved from guidelines to actual contracts that provide for indemnification of the client for cyberbreach and violation of privacy laws, and require firms to explicitly secure the client’s data.