Peer to Peer: ILTA's Quarterly Magazine
Issue link: https://epubs.iltanet.org/i/1489228
20 P E E R T O P E E R : I L T A ' S Q U A R T E R L Y M A G A Z I N E | W I N T E R 2 0 2 2 making it increasingly difficult to align expectations and scoping across parties and with regulators. • Data breach notification. In addition to disputes and investigations, emerging data sources are now presenting issues in data breach response. Data breaches are continually on the rise and organizations are facing subsequent ramping pressure to comply with data breach notification and response obligations. In most situations, organizations have mere days to determine the extent of the breach and begin notifying authorities and/ or individuals. In parallel, emerging data sources are becoming more common as repositories of sensitive information that may be implicated in a breach. This creates more locations organizations must investigate and search for sensitive or personal information when responding to a breach, as well as a greater volume of information that must be analyzed to determine what was breached and who was affected. In a large organization, or one that has a highly distributed IT architecture (which is common within businesses that conduct a significant amount of M&A), the issue can quickly spiral. In one recent data breach response matter our team supported for a publicly traded company in Europe, we encountered more than 80 data sources that were potentially in scope for investigation. There was no single solution or tool that had the capabilities to comb through the data sources and analyze the many data formats within them for instances of sensitive information that may have been breached. Doing so under a tight deadline required significant technical problem-solving and custom solution development. • Regulatory response. Another common issue with emerging data sources is that production specifications from regulatory authorities have not yet shifted to align with the nuances or structure of data within modern productivity suites. It's becoming increasingly common for legal teams to experience significant disparities between regulatory requirements to produce entire folders or vast populations of files and the reality of back- end platform structure and organization. Our teams have worked on matters in which regulators have requested production of every version of certain documents residing in a cloud- based file share — however, due to the complex way these platforms save and share dynamic documents, it's often impossible or disproportionately difficult to fulfill such a request. Moreover, responding to a regulatory request for information is very different F E A T U R E S "Emerging data sources are becoming more common as repositories of sensitive information that may be implicated in a breach."