Drowning in Data
Drowning in Data
If there’s one undisputable fact, it’s that Big Data—the unrelenting increases in the volume, velocity and variety of information—will only keep getting bigger. And while this can certainly be seen as a good thing—data, through the power of analytics, can help legal departments develop winning litigation strategies, mitigate risk, obtain critical insights and more—it can also be a liability.
As data continues to accumulate, keeping it organized and protected through a robust information governance program is imperative. If well-conceived and effectively deployed, information governance can have a positive impact on everything from traditional records management to compliance and risk management, data privacy and cybersecurity, IT governance and overall operational excellence.
But keeping up isn’t easy. The volume of information has exploded in recent years, as have the ways it is created, shared and stored. Today’s communication channels include a wide range of social media platforms, instant messaging apps, texts and more, all of which add complexity and challenges. Bring-your-own-device (BYOD) polices continue to blur the lines between employees’ professional and personal lives and introduce new questions. How should organizations, for example, shape their governance policies and practices to account for work-related text messages their employees may receive on their BYOD—but still personal—phones?
Meanwhile, the increasing, or at least more fluid, pace at which new people and organizations (i.e. clients, vendors, partners, etc.) are onboarded or replaced further accelerates the flow of information in and out, introducing more opportunities for information mismanagement. Growing supply chains characterized by greater interconnectivity—and in some cases, diminished visibility, compound the complexity of information governance. As information becomes boundary-less, the scope of information governance is expanding beyond enterprise walls.
Add to this the nonstop barrage of cyberattacks and regulatory requirements (especially those concerning data privacy), and it’s no wonder legal departments are feeling overwhelmed. Corporate counsel cite data privacy and security (32 percent) and regulatory compliance (26 percent) as their top two information management challenges. The order switches for lower middle market organizations, which rank regulatory compliance (42 percent) significantly higher than data privacy and security (27 percent).
What might account for the differences between middle market companies' information governance challenges and those of their larger counterparts? One factor might be more limited resources, which could restrict middle market organizations’ ability to hire staff or purchase regulatory compliance systems. Other factors could be an overestimation of their own immunity to data breaches and cyberattacks or the belief that cyberattackers only target large enterprises. While such beliefs have their appeal, they have no basis in reality; lower middle market organizations have a wealth of data that is as valuable to—and as sought after by—malicious actors as the data of their larger peers. Some organizations may also be lured in by a false sense of security after moving to, or operating in, the cloud. To the contrary, placing information in the cloud does not automatically make that data more secure. Without thoroughly examining how well-designed and secure their cloud platforms are, as well as the processes, procedures and controls they have in relation to the cloud, organizations risk failing to implement vital cybersecurity programs or procedures that can withstand increasingly sophisticated attacks.
The consequences of poor information governance—ranging from costly legal and compliance repercussions to a broader loss of reputation—are dire enough that general counsel have begun to take action: 59 percent plan to increase their information governance spending this year, up from last year’s 46 percent. Large organizations, especially, are planning hefty investments (78 percent), perhaps due to the greater volume of information they need to contend with.
To better govern their information, many in-house legal teams are focusing on leadership and policy: 59 percent are in the process of developing an internal council or leadership team, and 48 percent are either developing or updating their information governance policies. Forty-six percent are considering adding in-house resources, and 42 percent, new systems and/or tools.
Consulting outside counsel or advisors ranks lowest on the list of actions, with only a third of survey participants currently doing so, and 27 percent with no plans to do so in the near future. Most organizations, it appears, are keen on setting the direction of their information governance themselves with minimal external guidance.
Nevertheless, is this wise? While organizations should proactively focus on developing their own information governance strategy, it is by no means an easy endeavor, nor need it be a solo one. Accountability and discipline are key, and external consultants with digital expertise can provide corporate counsel with an outside-in perspective and help them develop their own critical inside-out viewpoint. A collaborative approach can and should drive company ownership, champions, change agents and shifts in skills and talents.
“Information governance isn’t a one-and-done endeavor. To handle the data deluge, legal departments need to leverage new technologies and update current policies to meet legal and regulatory requirements without being overly restrictive. Once this is in place, they’re able to uncover the real opportunity that good information governance can provide—deriving intelligence from rich data troves to strengthen decision-making and ultimately, drive business.”
Managing Director, BDO Information Management and Litigation Readiness Leader