The value of insight is rarely doubted, but when it comes to company data, an enterprise’s knowledge is often ambiguous at best. While many IT departments have attempted to rectify company practices, tech habits that can vary significantly from employee to employee often render organizations vulnerable to security breaches, illegal behavior and compliance violations.
The day two plenary session at Legaltech New York, “Mitigating Risk with Information Governance and Insight,” brought together some of the best legal minds at the intersection of information governance (IG) and law in effort to shed light on how crucial it is for enterprises to develop a greater understanding of the data they possess.
Not all is bleak. According to U.S. Judge Andrew Peck of the Southern District of New York, the good news is that, when it comes to legal challenges, employees are getting better with e-mail correspondence. However, Peck also warned of bad news, noting that today, enterprises need to worry about other facets of e-communications like text messages and the Internet of Things (IoT).
“The technology is certainly outpacing the rules,” Peck explained. With the change in the Federal Rules of Civil Procedure (FRCP) “there is still a great dichotomy between what we can call the ‘legal tech bubble’ … and the rest of the bar.”
A problem, he added, was that now, the world is much more interconnected – more companies are multinational, and thus international notions of privacy with regard to the United States discovery system present an “insuperable problem,” Peck said.
Wayne Matus, managing director and global head of e-discovery at UBS AG, said information governance as a whole hasn’t changed much over the years. “Regrettably, this is an area where technology has had the same level of advances as search and retrieval.”
The panel also discussed confusion over what IG actually is and how the definition often gets intermingled with record management. Nevertheless, greater attention is being paid to IG and the impact it is having on enterprises. Judy Selby, partner and co-leader of the governance team at Baker & Hostetler, said that the driving forces behind this for her work with clients are “astronomical amounts of data,” high profile data breaches and the lawsuits surrounding them, regulations, and that “every company is or already is becoming a digital company.”
“We’ve seen companies get in hot water with regulators and the public,” she said. “They’re not collecting information the way they should. …All these things are forcing companies to take a good hard look. We’ve even seen companies get in trouble for how they dispose of their data.”
In terms of remedies, Selby said, “What we’re seeing now is a lot of companies turning to technology’ to deal with this.” She added, “The more these things can be automated and take the human element out, the better they’ll be.”
“In the last three years, there has emerged an enormously powerful consensus to get your hands on your data,” said Robert Owen, partner at Sutherland Asbill & Brennan, demarcating the moment of emergence at the infamous Sony hack. Prior to this, it was a “how much time do you have to clean out your garage kind of thing when it came to cleaning out information. Now, the consensus is to get rid of information if you don’t need it because you don’t know when you’re going to be hacked, what’s going to be taken.”
For many, IG can be intimidating. To get enterprises more comfortable with tackling the challenge, companies need to quantify their missions and take a look at the return on investment, Matus said.
“These projects are not terribly popular because you don’t convince the accounting department that this is a great investment,” he explained. “You have to figure out what your approach is. What is your most toxic data … and how should I treat that?”
Matus added that the incongruity of the U.S.’ data practices with those of many other developed countries will affect practices as well. “We have a view of data that’s contrary to every other country in the world than ours,” he said. “I think you’re going to see these projects become far more involved with the global need to deal with things.”
Matus also discussed the view that data should be collected rather than destroyed, saying that from a business perspective, “You should want to keep as much information about your customers as possible.”