Bridging the Gap between Legal and ITReducing risk and increasing efficiency

in the management of corporate information

Speakers: Chris Dale, eDisclosure Information ProjectModerated by Mary Mack, Enterprise Technology Counsel, ZyLAB

Join Today! aceds.org/join

Exclusive News and AnalysisMonthly Members-Only WebcastsNetworking with CEDS, MembersOn-Demand Training

ResourcesJobs Boardbits + bytes NewsletterAffinity Partner Discounts

“ACEDS provides an excellent, much needed forum… to train, network and stay current on critical information.”

Kimarie Stratos, General Counsel, Memorial Health Systems, Ft. Lauderdale

Today’s Speakers

Mary MackEnterprise Technology Counsel, ZyLAB

Chris DaleeDisclosure Information Project

Agenda

• Data conceals risk but also buries value– Risk – regulatory / compliance, security and disclosure– Value – faster, better, more profitable

• The burden, the budget and the benefit of information governance

• The human and technical resources required

• Some case studies

GC ProblemsLawyers on Demand GC Survey March 2015

#1 Pressure to demonstrate value and work more efficiently

#2 No budget for permanent headcount or to outsource to a law firm

#3 Internal demand for faster, better service

#4 Too busy firefighting

#5 Demotivated team drowning in day-to-day contract work

Data RiskLitigation

• Not just duty to disclose under court rules but…• …vital to assess prospects and costs

Regulation• Not just reaction to regulatory requests but…• … checking and enforcing compliance

Investigations• Not just investigation of actual problems but…• … pre-emptive identification of potential problems

Litigation• Early duty to prepare and discuss:

• Scope, method and cost of disclosure• Formal budget• Most proportionate course

• Clients expect this in any jurisdiction

• Expensive if done in a hurry at lawyer rates

• …especially if a recurring obligation

Regulatory Requests• Written request or dawn raid

• Regulator knows something – but what?

• How big is this problem?

• Best to find things before the regulator does

• The bigger the pile the harder and more expensive it is to find anything

Internal Investigations• IP theft, financial wrong-doing, spotting compliance failures, reacting to

whistle-blowers

• Departing staff – customer lists etc.

• Employee conduct:• Conduct in breach of policy and compliance• HR – bullying, harassment etc.

• Statutory Requests• Subject Access Requests, Freedom of Information

• Almost always urgent, regardless of cost

Interested Parties• Who has the problems? Who has the budget?

• Who has the cross-disciplinary skills and authority?

• Combine interests and pool resources

• Disclosure is a problem for Legal…and IT…and Privacy…and….

• Sweeps up Management, Business Development, HR resources

• …and is more than just formal litigation demands

Multiple disciplinesInformation security

Electronic discovery and disclosure

Business management

Legal & compliance

Business intelligence

HR

RIM

Finance

Audit

Privacy

Risk Management

IT and Infrastructure

Problems derived from data • Data and information in more, and more complex, formats and

channels

• Business sensitive information meets mass broadcast capability

• Not all susceptible to IT control – not behind firewall

• Policies to fill the gap

• Crossover between Legal / HR / IT

• Recent example: UK judges caught viewing porn

Whose problem?• IT priority is to keep it, back it up and make it available

• …and to protect it from theft, cyber-threats, accidental deletion

• Legal priority is to find it (quickly) when needed

• Bulk militates against both protection and retrieval

• Keeping it may be unlawful (e.g. for data protection reasons)

Information Governance

‘Information governance is the activities and technologies that organizations employ to maximize the value of their information while minimizing associated risks and costs’

The Information Governance Initiative

How to get support for an IG project?• Data Centre consolidation• Server consolidation• 365 Migration• Retiring existing email archive

…all great projects to start IG……but eDiscovery, regulatory enquiries, subject access requests or internal investigations often are the best guarantees to get an IG project off the ground…

Requirements

• An internal champion• Senior support• Hard-edged corporate benefits:• Risks avoided• Value uncovered

• Return on Investment• Personal benefits for staff• Case studies, both specific and generalised

Programme

• Policies – what is to be achieved and how?• Implementation – which people using what

tools?• Promulgation and training• Remediation (clean up the past)• Continuing improvement – audit and adjust

Deliverables and ROI

• Prioritise problems• What causes most grief and expense?• Where are most obvious savings to be made?• The easy kills – least work for most return?• Where does most risk lie?• What primary (and positive) business

objectives are to be served?

Examples• Lawyers and regulators keep asking urgently for

documents which cost a fortune to find• End-of-life of archive system means everything must

be moved• Can’t comply with our own policies for data

retention / destruction• Staff spending hours looking for stuff• Losing pitches to better-informed rivals• Longer time to deliverables (and therefore payment)

Focus on Specific Benefits

Not: “IG helped us comply with laws and regulations for our information”

But: “IG helped our clinical trials managers reduce errors and produce better data, reducing time to market”

Not: “IG helped our company manage its information better.”

But: “IG helped our project managers to close construction projects faster so completion funds are released 12-18 months earlier.”

Examples from Barclay Blair of the Information Governance Initiative

Information Governance

‘Being proactive requires the same approach, just without the pressure of deadlines’

Questions and thank you