Corporate Counsel Are Tackling Their Data Risk All at Once: Can They Do It?

A recent study from consulting group BDO USA of around 100 senior in-house counsel for companies with revenues between $100 million and $5 billion found that these larger organizations are spending increasing amounts of time and resources thinking about how to protect and use their data.

So far, however, the organizations haven't really prioritized much about where exactly those resources should be allocated.

George Socha, managing director in BDO's Forensic Technology Services practice, explained that companies are now thinking broadly about how to manage their data. The explosion of major data breaches has more organizations thinking about their cybersecurity and information governance strategies, while e-discovery continues to be a major concern for organizations. Furthermore, the upcoming General Data Protection Regulation (GDPR) has now forced data privacy into the purview of data privacy conversations.

Indeed, the survey noted that 90% of organizations polled said they have an information governance plan in place (of these, 47% are headed by a chief information officer, while 42% are led by legal departments). Seventy-three percent of survey respondents believe their boards are more involved in cybersecurity than they were last year, and 48 percent are currently looking ahead toward GDPR compliance.

The BDO survey shows that both spending and interest in these areas are either holding steady or growing. As a long-term strategy, however, Socha finds that this kind of full-court press around data security will likely be unsustainable. “That can't work well in the long haul. We're going to have to ask some questions about trade-offs,” he said.

“I suspect most folks aren't confronting that reality yet, and they're going to have to sort out how to sort that out,” Socha added.

Perhaps unsurprisingly at this point, the massive increase in both value and volume of data has made navigating data analysis and cybersecurity a much different ballgame than it has been historically. Forty-seven percent of respondents flagged Big Data as one of the e-discovery issues likely to have the greatest business impact on their organization, way up from 28% who said the same last year.

Large organizations seem to have figured out that technology can serve them well in navigating this data. Nearly half, 48%, of respondents report using computer-assisted review in their e-discovery, while 31% report using business analytics to manage their project review.

Socha cautioned that the increase in data presents difficulties beyond just moving through data. While a great deal of time and investment has gone into developing tools to analyze data quickly and effectively, managing and securing data from the wide set of sources companies now have to account for is still a challenge. “In many ways, we still don't have the tools or the techniques to do that,” he said.

Socha thinks that information governance spending is likely to help organizations get the most out of their data resources. “Companies gave information governance lip service, but not budgets. I think what some organizations are realizing is that money well spent on information governance, and you can waste money on it, but money well spent on information governance can pay significant dividends when you get to those other areas like e-discovery and GDPR,” he said.

“Information governance is about getting your electronic house in order. When your house is in order, you can find stuff better, you don't have stuff hanging around that you don't want or need,” he noted.

*****

Gabrielle Orum Hernández is a reporter with Legaltech News and the Daily Report covering legal technology startups and vendors. She can be reached by email at [email protected], or on Twitter at @GMOrumHernandez.