publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/503802
ILTA WHITE PAPER: APRIL 2015 WWW.ILTANET.ORG 25 OUTSIDE COUNSEL'S ROLE IN INFORMATION GOVERNANCE As the data problem grows too large to ignore, information governance — the framework for and the practice of proactively managing the valuation, creation, storage, use, archival and deletion of data — is gaining mindshare among stakeholders and executives at corporations. To fully understand the legal implications of information governance (IG) decisions, an in-house lawyer must also be a technologist, litigator, regulatory expert and contract attorney. Outside counsel can add all of this expertise and help benchmark what is standard in the overall legal and regulatory landscape. PROBLEMS GETTING OFF THE GROUND Cybersecurity alone is reason enough to address information governance. Experts confirm that protecting an entire enterprise from hackers is impracticable, so corporations must focus on securing critical data. Doing so requires an understanding of what critical information the corporation is housing (personally identifiable information, credit card data, intellectual property, regulated records, etc.) and where it is within the network. Despite all this, the vast majority of proposed IG programs never get off the ground. Budget allocation, a lack of immediate results, uncertainty about how to measure success, failure to obtain C-level endorsement and insecurity about how and where to start are a handful of reasons IG projects fail to launch, but corporate legal departments (with outside legal expertise) can help overcome these obstacles. LEGAL'S DOMAIN Legal departments are heavily involved in managing legal and regulatory risks. Historically, legal teams have had a more reactive role — IT or another department brought a problem to them after damage was done. As e-discovery has become a standard practice, making legal holds and data privacy issues part of their domain, counsel are becoming more proactive regarding the overall data landscape and decisions made about data risk management, such as security, retention and deletion. Organizations in highly regulated industries feel this pain more acutely and tend to be more sophisticated in addressing IG. Still, data challenges are creating pressure across the board and can no longer be ignored. It is not common for outside counsel to have a seat at the table during IG discussions, though they should. Outside counsel understand downstream risks, expectations from courts and regulators, and best practices. Given the lack of clear responsibility for data risk management in many organizations, outside counsel can help drive a shift toward broader IG involvement and solutions that will significantly improve the company's data landscape. They can also provide insight into lessons learned from the mistakes and successes of other companies, which helps internal stakeholders become comfortable with IG projects and ensure they are within industry standards. Advise clients to make steady progress with attainable results along the way. Completing one project will make all subsequent ones easier, regardless of scale.