COVID and Compliance Shape 2021’s Data Workflow and Forensics Trends

In this special guest feature, Bobby Balachandran, CEO, President and Founder of Exterro, discusses how upholding data integrity – the qualities of consistency, accuracy and reliability of digital information – has always been a priority for organizations. After an extensive career building mission-critical applications in the financial services, healthcare and telecommunications sectors, Bobby founded Exterro with the conviction that the legal industry was rife with opportunities for process improvements that could be driven from lessons learned in other industries. Today, Bobby fulfills Exterro’s founding principles by leading the company in building a comprehensive platform for global corporations to mitigate risks, control costs, and have complete end to end visibility into their legal processes. Bobby is based in Portland, OR.

In our data-driven economy, there are few organizations that are not hyper-alert to the critical importance of maintaining data integrity, and perhaps even more so when it comes to ensuring that data is compliant within current regulatory frameworks.

The big data question of 2021 will revolve around the eternal issue of how to properly create, manage and enforce robust information governance programs that also allow  data to perform as a trusted asset rather than a minefield of potential problems. And now, the issue must be viewed in the context of many new privacy and compliance regulations, pandemic-related litigation as well as the sudden scattering of the workforce into home offices have amplified the potential for data governance slip-ups.

This means that in 2021, one of the paramount objectives is that of smoothing and speeding the interactions among legal, general counsel, compliance, IT and security teams working together to manage a larger volume of requests and investigations. This will require more strategic allocation of resources to ensure data management practices are defensible and capable of scaling to match emerging regulatory changes.

Upholding data integrity – the qualities of consistency, accuracy and reliability of digital information – has always been a priority for organizations. It’s not just a job for IT. Maintaining data integrity is an overarching obligation, although each department’s priorities will be nuanced by their specific roles and responsibilities.

The Evolving Role of the General Counsel

A notable trend emerging on the data front is that the General Counsel’s (GC) office is bearing a far greater share of the data integrity burden. The role of the GC (or sometimes called, the Chief Legal Officer) has undergone a metamorphosis in the last decade, bringing a significant chunk of data governance into the everyday practice of law. 

The Association of Corporate Counsel’s 2021 survey of Chief Legal Officers (CLO) shows that an increasing number of organizations now have a compliance, defensibility, and security strategy in place. The larger the company, the more likely it is to implement such a strategy. 58 percent of companies under US $100 million have implemented a data management program, and data privacy and compliance are now among the top three functions reporting to the GC. These results indicate a new way of thinking about both the role of data and the processes involved in responding to requests for data, and are a recognition of the macro forces requiring the convergence of formerly siloed departmental approaches.

Convergence of data governance and legal calls for new strategies: enter Legal GRC

Organizations are now handling exponentially greater volumes of data-related investigations, complaints and discovery requests. This forces legal teams into spending far more time and budget working on finding, collecting, producing and proving the defensibility of that data as they quarterback their legal governance, risk and compliance processes.The orchestrated management of this increasingly burdensome, but critical legal function can be more simply described as Legal GRC.

The process of locating and tagging the appropriate data to meet investigatory requests or criminal litigation, known as data forensics, is also an important piece of the Legal GRC workflow. Forensic investigations may come into play whenever potential crimes or misdemeanors are under investigation: they can range from embezzlement or other white collar crime to internal sexual harassment claims or third party provider contracting issues. Legal needs to be able to process and record investigations as they evolve, which requires the use of platforms that allow them to interact seamlessly with Cybersecurity and IT. When investigating a security incident or breach, forensic capabilities are critical to uncovering the method of access, the damage done, likelihood of ongoing exposure, and ways to avoid future incidents.

Legal GRC activities can span units that report to the GC, such as Privacy, Compliance and Legal Operations, and those that don’t, like Security and IT, but the ultimate responsibility rests with the GC.  As an example, in data collection for e-discovery, legal will direct the specifics of the data investigation, identifying the keywords, search terms, data custodians or individuals to search for, while IT may lead the effort to collect potentially responsive or relevant data. Legal GRC processes such as this are technically rigorous and complex because data doesn’t live in one place, but is layered, transferred or shared during its lifecycle.

The cost and resources needed for such investigations, queries or compliance requests are rising in conjunction with the accelerated rate of new regulations and the use of new enterprise applications to facilitate collaboration with employees forced to work remotely because of the pandemic, making a significant dent in the business’ bottom line. This illuminates a very important question: How do we best handle legal data requests for the future?

Point solutions for compliance, privacy, breach response, e-discovery, ethics and organizational legal operations require manual hand off at each stage of a process. Not only is this expensive and inefficient, but it opens the process to human error. Therefore, centralized and unified platforms, enabling IT and legal to respond to requests from a holistic vantage point, will be critical to getting out of the weeds and into a more strategic view of data governance.

To properly create a data governance program that speaks to every element of the Legal GRC framework, consider a couple of key takeaways:   

  1. Defensibility is critical – Ensuring defensible data at the investigation level is critical.  This can only be achieved by orchestrating a solution that preserves and protects the chain of custody, showing that the data is consistent and defensible, and that nothing was altered in the collection to better respond to and defend actions related to litigation, second requests, FOIA, internal investigations or forensic investigations.
  2. Data respects no boundaries – Data seeps easily from one area to the next so systems that assume that data lives in departmental silos will lose traction against those providing a  holistic, centralized view of all data in an organization.
  3. Converging forces intensify forensics needs – Converging market drivers in DFIR, e-discovery, privacy and information governance give fresh impetus to the search for integrated solutions to ramp up the efficiency of forensic investigation and reporting.

As the role of the GC evolves and data governance becomes more complex, the interaction between legal and IT – and indeed other areas of the organization – has become more closely interlinked. The way forward lies in adopting a holistic, top-down perspective, where data is not perceived as belonging to one department or another, but rather an asset to be governed and leveraged to the benefit of the organization as a whole.

Sign up for the free insideAI News newsletter.

Join us on Twitter: @InsideBigData1 – https://twitter.com/InsideBigData1