Log In

New Data: Employee Data Habits May Increase Corporate Legal Risk

By David Horrigan

This article originally appeared on Law360.

In our daily work lives, we see a fair amount of anecdotal evidence indicating many of us engage in workplace behaviors that put our personal privacy and company data at risk.

But, how serious is the problem?

To find out, kCura recently commissioned a Harris Poll survey conducted between December 28, 2016, and January 18, 2017, included 1,013 U.S. adults age 18 and over who were employed full-time or part-time, working in a traditional office setting for at least 50 percent of the time (referred to as “employees” throughout) to get a better idea of just what employee behaviors may be putting corporate enterprises—and themselves—at risk.

To those of us who work in e-discovery law, the results probably come as little surprise. The news for the corporate enterprise is somewhat ominous: the era of big data for employees could lead to big risk for employers.

In this article, David Horrigan digs deep into the Harris Poll results, addressing aspects such as:

Phantom Policies and Procedures
Employee-grown Data
Personal Privacy and Legal Liability
Why the Survey Conducted by Harris Poll Matters

 

To read the article in full, click here to head over to the Relativity Blog.

 

Method statement: This survey was conducted online in the U.S. by Harris Poll on behalf of kCura, makers of Relativity, between December 28, 2016 and January 18, 2017. The research was conducted among 1,013 adults age 18+ who are employed full-time or part-time, not a freelancer, and works in a traditional office setting for at least 50% of the time. Figures for age, gender, race/ethnicity, education, region, and household income were weighted where necessary to bring them into line with their actual proportions in the population. Propensity score weighting was also used to adjust for respondents’ propensity to be online.

David Horrigan is the e-discovery counsel and legal content director at Relativity. An attorney, law school guest lecturer, e-discovery industry analyst, and award-winning journalist, David has served as counsel at the Entertainment Software Association, reporter and assistant editor at The National Law Journal, and analyst and counsel at 451 Research.

 

Survey Says: Analytics Making In-house a Home

by Dean Gonsowski

In January, members of the World Economic Forum met at their annual Davos summit to discuss analytics, automation, and artificial intelligence (AI), topics with enough potential to have global business leaders expressing both optimism and fear:

"It's not like we actually have economic growth today. So we actually need technological breakthrough, we need AI ... Our responsibility is to have the AI augment the human ingenuity and augment the human opportunity." Satya Nadella, Microsoft CEO

“I think now about how artificial intelligence will create digital refugees and how people will be displaced from jobs, tens of millions of people across the planet, because technology is moving forward so rapidly ... So companies, individuals have to decide: are we going to be committed to improving the state of the world? We’re at a crucial point right now.” - Marc Benioff, Salesforce CEO

These technologies are shaping our world quicker than experts expected, but the critical question remains: Will this trend significantly reshape the legal profession?

The short answer—as we’ve highlighted before—is yes.

For the second year in a row, the Coalition of Technology Resources for Lawyers (CTRL) and the Information Governance Initiative(IGI) teamed up to survey internal legal departments about their current and anticipated adoption of advanced analytics.

The findings? In line with last year’s study, and perhaps not surprisingly, analytics adoption is accelerating and practitioners are more bullish than ever.

To read the rest of the 'Survey Says: Analytics Making In-house a Home' article on Relativity's blog, click here.

 

 

Information Security & Information Governance – how they work together

By Richard Kilpatrick - Information Technology & Services

Richard Kilpatrick is a highly experienced consultant in information technology, focusing on realistic data governance, security and privacy.  Richard has led programs of work to discover and classify data across multiple business units, within banks, telcos, health and media. In this Information Governance ANZ article, he outlines the difference between Information Security and Information Governance, explaining why IG frameworks are essential for the successful orchestration of specialized security systems.

Information (data) security, cybersecurity and IT security all usually refer to the protection of computer systems and information assets by suitable controls, such as policies, processes, procedures, organizational structures and software and hardware functions. The type and extent of controls depends on the scope and maturity of the business function (usually the Security Department) applying the controls, or, depends on the specialization/focus of the team, such as Perimeter/Firewall or Identity Management. Each function tends to have a different perspective of information security, compared to other functions, due to their focused specialization.

A close parallel is the health profession. You see a GP doctor when unwell, and are referred to a specialist who knows much more than your GP about a particular field of expertise. I know that my GP would not want to perform open heart surgery at all. And equally, a heart specialist would not have up-to-date and practical knowledge of all areas of the body. Tinea treatment? – see somebody else please.

In other words, people specialize in a particular aspect of their work. You can’t be an expert in everything. People prioritize – for example, in busy times, a SysOp will not be as vigilant with security when their primary role is to keep the sales /finance system up and running for all users. This is exactly how Information Security Systems operate.

To read the rest of 'Information Security & Information Governance – how they work together' head over to the original article on Information Governance ANZ.

 

Download Our Newest Deep Dive Case Study on Pandora Media

How Pandora Tuned In to Information Governance
To Take Control of Its Most Sensitive and Valuable Information Assets

An IGI Case Study

Usually when we think "Information Governance," we think traditional, large, litigated and regulated organizations. But as more and more organizations come to understand the value of IG, this image is rapidly changing. Recently, Pandora Media — a juggernaut in the streaming music business — partnered with IGI Supporter Active Navigation and its experts in governance and file analysis on a major IG project. We were fortunate enough to be able to do a deep dive on this project and bring the details to you.

Download the latest entry in our IG At Work series to learn:

  • How Pandora got rid of 60 percent of its unstructured data.
  • What it took for the company to identify and protect its most valuable and sensitive data. 
  • How Pandora developed policies for governing unstructured information.
  • How Pandora built executive support for IG. 
  • How Pandora used file analysis software to reach its IG goals.
  • How Pandora was able to sell the merits of IG to its employees.

The company that emerged on the other side of this critical IG project was more efficient, more versatile and more competitive. And their IG program only continues to grow in its sophistication and impact.

Click here to access the case study in the IGI Community.

 

Presidential Tweets and Self-Destructing Messages Under the Records Laws: The New Normal

Washington, D.C. of counsel Jason R. Baron published an article in Bloomberg Law titled “Presidential Tweets and Self-Destructing Messages Under the Records Laws: The New Normal.”

Jason discusses the recordkeeping challenges and legal developments that result from presidential tweets and other forms of communications used by White House personnel in the Trump administration.

Jason also notes that these legal developments raise a number of information governance issues that have direct applicability to private sector institutes.

Read "Presidential Tweets and Self-Destructing Messages Under the Records Laws: The New Normal."

 

How the General Counsel Can Shape Information Governance

Jake Frazier – Senior Managing Director, FTI Consulting & Sonia Cheng – Senior Director, FTI Consulting
As seen on ethicalboardroom.com

 

Information governance is often thought about in the context of IT efficiency, data security and regulatory compliance. While it is true that these are the most critical drivers for executing data governance programmes, there is an equally important factor that deeply resonates with a corporation’s board and C-suite: reputational risk.

Just as trust is a key and fragile pillar for relationships in our personal lives, it is essential – among shareholders, clients, customers and employees – for a business to thrive. Ultimately, top company leadership is responsible for managing reputational risk and ensuring that the overall direction of the company will uphold trust in the brand.

As we’ve seen countless times, failure to handle data properly often results in damaging data breaches, which beyond legal and compliance violations, break trust and allow doubt to become part of a company’s image. Thus, it is critical that the board views information governance (IG) as being about compliance and legal risk, as it must be, but also as an effort to instil a high standard for ethics and privacy into the company’s culture. By embracing this mindset, a corporation’s leadership can set the correct tone from the top down, building advocacy for actionable programmes that ensure safe and responsible handling of sensitive data, as well as strong compliance and efficiency.

“BECAUSE THE GENERAL COUNSEL HAS HISTORICALLY BEEN THE GO-TO STAKEHOLDER FOR DEALING WITH HIGHLY SENSITIVE ISSUES… THE CORPORATE LEGAL TEAM IS UNIQUELY POSITIONED TO LEAD THE CHARGE TOWARDS PROACTIVE DATA GOVERNANCE”

Because the general counsel (GC) has historically been the go-to stakeholder for dealing with highly sensitive issues – primarily for litigation and investigations – the corporate legal team is uniquely positioned to lead the charge towards proactive data governance. Given this fact, the issue of ethical obligation comes into play. In the US, federal and state laws require companies to implement reasonable security protections to safeguard personal data. There is a wide range of similar requirements around the world.

Beyond the duty to disclose, legal teams also have an ethical obligation to maintain a level of technical knowledge. In Day v. LSI Corp., in-house counsel was sanctioned for failing to document and supervise the discovery collection process and for allowing the company’s document retention policy to be ignored. In the context of IG, this is important, as legal teams must have a clear understanding about data sources and retention practices, the impact of how they choose to handle electronically stored information, and accuracy of how facts are represented to regulators, opposing parties and the courts. Ultimately, these points illustrate the fact that ethical obligations cannot be overlooked when considering the GC’s role in IG efforts.

Click here to continue reading about the top issues for 2017...