Does our law firm have all the data roles we need?

This is an interesting and challenging question which frequently comes up in conversations with senior law firm stakeholders. The reason for the question is sound. These stakeholders have become aware that data (whatever that means to them) isn’t working for the Firm (i.e. isn’t meeting Partner or operational expectations). Law firms are essentially people businesses, so the natural question is, does our firm have all the data roles we need?

This is both an easy and a difficult question to answer. There are some roles, of course, which are exclusively related to data, as an accountability or a responsibility. But some activities are just part of business-as-usual roles and can’t be carved out into separate ‘data’ jobs. Where the boundaries lie between data as a single role and data as part of a role will differ from firm to firm, so when Iron Carrot does the role analysis, we use a framework of activities to focus the discussion on finding the person (or role) who is accountable or responsible for each.

What kinds of activities are there?

The kinds of data roles we are talking about here range include the types of things that broadly fall into the bucket of data management as a holistic, firm-wide concept. Naturally, different Business Services Functions, Teams, and Individuals will be included in the matrix of people involved in data management activities.

When Iron Carrot looks at data activities within a law firm, we use three categories within that wider data management bucket.

  • Regulatory or Governance related roles
  • Firmwide best practice-related roles
  • Operational or Technical roles

Of course, there are many roles within these categories, but generally speaking, the minimum required in a law firm is set out below. It should be noted that the accountability portion of many of these roles is a single person or a small group of senior people. It tends to be the responsibilities which are more widely distributed.

Regulatory or Governance roles

Data Governance

Data is neither owned by a single function nor an individual system owner but is an asset the firm holds. But to govern and manage data appropriately, the firm needs to identify and assign specific roles and responsibilities. A data governance lead is one of those roles.  The key is to remember that they provide oversight and support for all data governance to ensure awareness and participation across the firm. They also drive decisions on data standards, definitions, and best practices.  


The UK GDPR introduces a duty for you to appoint a data protection officer (DPO) if you are a public authority or body or carry out certain processing activities.

DPOs assist you in monitoring internal compliance, inform and advise on your data protection obligations, provide advice regarding Data Protection Impact Assessments (DPIAs) and act as a contact point for data subjects and regulatory bodies like the UK’s Information Commissioner’s Office (ICO).

The DPO must be independent, an expert in data protection, adequately resourced, and report to the highest management level. A DPO can be an existing employee or externally appointed.

Information Security

There are many different types of Information Security that a firm needs to have in place.  It is usual for a Senior InfoSec person to be accountable, and for a team to have individual responsibilities aligned to their technical specialisms. This includes Application Security, Cloud Security, Cryptography, Infrastructure Security, Incident Response, and Vulnerability Management.

Risk Management and Data related Policies

In larger firms, the accountability for this sits within the General Counsel’s Office, and responsibilities are distributed to appropriate teams. While all firms are required to appoint a compliance officer for legal practice (COLP) responsible for the firm’s risk systems and controls, there is no formal requirement for law firms to appoint general counsel.

In some firms, the general counsel might only have responsibility for legal risk, with a separate head of risk and compliance taking responsibility for operational risk and regulatory matters. In other firms, the head of risk and compliance may perform the same role as a general counsel in another firm.

Most firms will, however, have a few staff covering elements of the general counsel’s role.

Document & Content Management

Document management is the mechanism for capturing, storing, and analysing paper and electronic documents. Digital document management systems (like iManage or Netdocs) are commonly used in larger law firms.

Content management is about creating and managing digital content – it is not unusual for digital asset management and document management to be integrated. In most firms, these activities fall under the remit of a Records Management or Knowledge Management team.

Firmwide roles

Data Strategy

The data strategy sets out what the firm wants to do with data to help it achieve its overall business strategy, It is a secondary and supporting piece which gives context to all of the firm’s data activities.

The right person to be a data sponsor must be credible to fulfil the role and have enough gravitas to influence the most senior stakeholders. The accountable person is likely to be a Partner and the responsible person in Data Governance or Information Governance.

Ownership & Stewardship

Data Owners and Data Stewards are two of the essential ‘people roles’ for you to define and implement since they will be involved in most of the data governance framework conversations.

The role terms ‘Data Owner’ and ‘Data Stewards’ are just standard data governance labels for these concepts; you can and should call them whatever works for your firm.

A data owner is a person who makes decisions about the data. These decisions include requests to change data usage, make data quality improvements, and who is involved in managing that data.

They also make decisions about solving issues that require resources (money, time, people).  These are all accountabilities, and their decisions are tactical.

A data steward knows what their data is supposed to represent, what it means, and what business rules are associated with it. They are usually the first to hear about issues with their data and make recommendations to the data owner after investigating the problem and identifying a solution. These are all responsibilities, and their decisions are operational.

Data Architecture

Data architecture consists of models, policies, rules, and standards that govern which data is collected and how it is stored, arranged, integrated, and used in the firm’s systems processes. Data is usually one of several architecture domains that form the pillars of an enterprise architecture team.

Data Integration & Warehousing

Data integration is the process of combining data from different sources into a single, unified view. It includes steps like ingestions, cleansing, ETL mapping, and transformation. In most firms, this also includes data warehousing and Big Data activities. Roles like this are usually found in IT departments.

Business Intelligence

Business intelligence (BI) refers to the procedural and technical infrastructure that collects, stores, and analyses the data produced by a company’s activities. BI is a broad term that encompasses data mining, process analysis, performance benchmarking, and descriptive analytics.

It’s a little bit more than just functional reporting from a single system. In most firms, it is a separate capability but in others it might be part of the Finance team. This is often where the ‘cool’ stuff like data science sits.

BI aims to produce reports, dashboards, and other information that analyses internal data to help leaders and managers make better decisions.

Operational roles

There are a few other data activities that can sometimes be carved out into separate roles or teams.

Metadata Management

This is the process for managing the data that describes data. If it is not a separate role, it can usually be found in Data Governance or Data Architecture.

Data Quality Management

This is the process for ensuring that the data fulfils the requirements of the purposes for which it is captured. It is usual to find this in the day job or one or more of the data stewards.

Reference Data Management

This is the process of managing classifications and hierarchies across systems and business lines. It is also referred to as taxonomy or semantic layer management and is often a responsibility, as well as an accountability, of the data governance or knowledge management team.

Master Data Management

This is the creation of a golden source, or single source, of truth for each critical data element. Data governance is accountable for making sure that there is a master data source for the CDAs. The accountability and responsibility for the day-to-day management of each data element lies with the appropriate data owner and data steward.

So how do you tell whether a firm has all the data roles they need?

If you can find someone (or a team) who is accountable and someone (or a team) who is responsible for each of the roles set out above, then the Firm has all the data roles it needs.

If ‘data’ isn’t working but all the roles are in place, then something else must be explored.

Would you like some help with data governance at your organisation?

We have developed a unique data governance road-mapping solution to help business leaders launch the proper foundation for data governance through our extensive data governance and information management background.

Our five-step road mapping process quickly helps law firms create a complete framework and plan for assuring the governance and quality of its data to realise the strategic goals.

Book a call with us to find out more.