publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/1242249
I L T A W H I T E P A P E R | T E C H S O L U T I O N S 32 Second, the way data is collected is key. Without the involvement of a skilled third-party at this stage, who understands the myriad types and versions of communications, there's massive potential for error. The workflow has to be designed to mitigate those risks at every step as well as providing personal data protection. The technolo that's used must be sensitive to context, and never assume that one technolo can collect all data correctly. There are now more stringent standards for defensibility, and new layers of compliance mean that your technolo choices will need buy- in from general counsel. A service provider with legal, technolo and data expertise will be able to bring these threads together to the satisfaction of the general counsel. In every organization, data custodians are sitting on information that you'd never expect to find in their domain. They may not have a total picture of how the data is being used or are relying on what their practitioner has told them. But there are different considerations for data depending on whether it will be used externally or if it's not intended to leave your domain. A service provider needs to demonstrate an understanding of how to protect this accidental data crossover. Some business consultants have considerable data expertise, but their primary expertise is not understanding data in legal terms, which is an area of potential exposure. Most people think of privacy by design as an approach to designing a product, but a strong strate also uses this approach to design processes that build in privacy protections across multiple departments, serving multiple purposes. This requires a holistic approach to information governance as well as clear and insightful questioning. For example, lawyers use data to make a production, but don't necessarily think through the consequences of the exposure of this data outside their own domain. These privacy goals have to be a huge piece of the workflow to prevent litigators from producing data that should be protected. This is a common risk: at one end of the hall you might have a privacy office spending major dollars to protect their clients' "In every organization, data custodians are sitting on information that you'd never expect to find in their domain."