publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/1108621
I L T A W H I T E P A P E R | L I T I G A T I O N A N D P R A C T I C E S U P P O R T 44 access control lists, points of contact, retention rules), the locations of sensitive content, data lineage, a glossary of policies, and can connect to enterprise risk platforms, now also have Privacy plugins which can track the data subject requests, and data protection impact assessments. The efforts to get these platforms operational requires focused subject matter expertise and collaboration across business lines. Taken as a whole, it is easy to memorialize this set of information governance, ediscovery, security, and privacy responsibilities in a few sentences, but the reality behind operationalizing an information governance program tailored to each business line and sub-department is difficult in light of the necessary buy-in from cross-functional leadership. Business heads must agree to reallocate talent to focus on documenting processes, systems, databases, and storage locations. Integrating new systems that automate retention, auditability, and security controls requires individualized assessments and planning to reduce disruption and facilitate change management as needed. These efforts allow for a transparent view across the most sensitive and confidential information within the organization, reducing the organization's risk and exposure in the face of a breach and adding value far beyond cut-and-dry regulatory compliance. Despite the clear value proposition, these litigation and security risk drivers over the past years did not compel executives to commit substantial resources at developing a comprehensive information governance program. However, repeated breaches inspired governments to take action and force better controls onto companies (e.g., data processors and data controllers) who are responsible for personal data. Current State and Future The current heads of ediscovery and information governance across the largest companies are often the owners of the most advanced legal technolo analytics tools. As such, they have the greatest insight into how critical business systems operate. It makes perfect sense to include the ediscovery and information governance teams as a partner extension of privacy to ensure the organizational knowledge is shared. Additionally, due to the advanced and extensible nature of the ediscovery platforms it's easy to leverage these pre-existing review tools, indexing, and analytics engines for reactive events in the Privacy realm (e.g., DSARs, contract provision assessments). However, herein lies the broader professional identity issue for ediscovery and information governance professionals who have been working on operating programs that are now ostensibly driven by privacy initiatives. Every organization has different approaches to managing privacy, ediscovery, security, and information governance. The next few years will likely see an increase in department realignments designed to clarify swim lanes and ensure effective execution of privacy compliance and information governance directives. Though as a result of possible restructuring, the ediscovery and information governance leaders may find themselves looking to recalibrate to stay on the pulse of strategic decisions pertaining to discoverable data — the original impetus for marrying information governance with ediscovery. Regardless of how departments are sliced based on organizational constructs, the moment significant privacy violations are born, ediscovery will be an organic component of the litigation lifecycle in defense of the company's best interests. ILTA T H E E V O L V I N G I D E N T I T Y O F C O R P O R A T E E D I S C O V E R Y A N D I N F O R M A T I O N G O V E R N A N C E Ben Robbins has worked in various ediscovery, security, and information governance roles for government agencies, law firms, and corporations over the past 15+ years. He specializes in Legal e-discovery program management, forensic investigations, and incident response. As well as Security governance, risk, and compliance (GRC), information security assurance, privacy compliance for GDPR/CCPA, and records and information management. He has integrated and developed proprietary and off-the-shelf investigation tools, a deep knowledge of legal technologies, litigation/investigation support, web development, and content management systems. He currently leads the Ediscovery and Information Governance program for LinkedIn and holds a Masters in Forensic Science from GWU along with several industry certifications. .