Why the Legal Dept. Should Be Best Friends With the IT Dept.

By Mark Wilson, Esq. on March 04, 2015 | Last updated on March 21, 2019

If there's one department that's the thorn in the side of company employees, it's the IT department. Their answer is always "no" and they make you wait on requests for a long time.

Of course, that's equally true of the legal department, too. With Sarbanes-Oxley being what it is, coupled with the dystopian e-discovery future in which we live, the IT department and the legal department should be best buddies. Whose photo do you have in your heart-shaped locket?

Natural Allies

Along with the finance department, IT and legal are sort of the outsiders on the playground. They don't really have anything to do with the actual business of a company, other than making sure whatever that business is, it gets done quickly, cheaply, and legally.

They all also have confidentiality requirements associated with them. IT employees are regularly subjected to confidential information that people in the substantive part of the corporation aren't privy to, like emails between executives and passwords on passwords on passwords. Lawyers eat, sleep, and breathe confidentiality, so they're used to looking quickly away when they see someone in the hall who they know is getting fired that afternoon. That means that, in the office, all you have is each other.

Regulatory Buddies

Sarbanes-Oxley requirements involve all three legs of the business services stool. The finance department has to make sure the books aren't cooked, the IT department has to make sure records are being retained and access to them is limited, and the legal department has to oversee all that and certify that the company is in compliance.

IT and legal also need to be joined at the hip when it comes to litigation. If we've said it before, we've said it a thousand times: Lawyers need to understand legal technology. Part of this includes an ethical duty to understand how the company retains its information and whether that retention policy complies with the law. When there's current or pending litigation, the legal department has to be on the horn with IT to make sure data are being saved; the penalties for "oops, I didn't think this email was important" could be significant, including drawing an adverse inference from the missing messages.

So rather than lurk in your Lerkim, have regular meetings with the CIO to make sure the IT department is doing all it can to ensure the business is in regulatory compliance and that all those backups really are backing up what they're supposed to.

Related Resources:

Copied to clipboard