Understanding How Emerging Data Sources Impact Governance, Risk, Compliance and Discovery

While previously most corporate data was stored and/or shared via email, file servers, company-owned devices and external storage, today, the majority of data is in the cloud. Most organisations maintain their IT environments through Microsoft 365, Google Workspace and Amazon Web Services and employees communicate across applications such as Slack, WhatsApp, Teams and numerous others. In India, the government is also encouraging organisations to use digital platforms for communication and transactions, further signalling that the pandemic has permanently changed India’s digital landscape. 

These changes are introducing an array of new legal, compliance, IT infrastructure, storage, records management, data protection and e-discovery challenges. Procedures that were once easy and standardised have been upended. According to the FTI Consulting Resilience Barometer, 90% of organisations in India experienced at least one negative effect stemming from the increased use of collaboration tools and remote environments last year. Nearly two-thirds cited an increase in data privacy breaches and/or violations arising due to unfettered and increasing reliance on emerging data sources.

As organisations look to navigate this new data landscape, they must understand and address the impact of emerging data sources across several key areas. These include:

1. E-Discovery Collection: Emerging data sources are becoming more prominent within the scope of e-discovery in litigation and investigations. They also present technical complexities in the collection phase of e-discovery. Some applications provide APIs to extract data from the source and input it into an e-discovery platform, but because the landscape is evolving so quickly, it can be difficult for legal and e-discovery teams to keep pace with the APIs, methodologies and nuances involved in accessing data and performing certain e-discovery functions with it. Any change in the data source’s APIs will require reflective changes in the e-discovery tools.

   More, even when APIs are available, their technical specifications and limitations are often not well documented, leaving teams facing the need to develop custom solutions and workarounds. In addition to providing a thorough and efficient data collection, custom tooling or APIs used for data collection across emerging data sources must also be transparent and able to stand up to scrutiny in court or in front of a regulatory authority. Without the proper technical expertise and oversight in the development of proprietary tools and the implementation of collection and processing workflows, most legal teams will struggle to efficiently and defensibly identify and document meaningful information within emerging data formats.

2. E-Discovery Review: Given the volume of data created within platforms like Slack, Teams, Google Workspace and Box and the way communications naturally unfold within them, it’s very difficult for legal and investigatory teams to examine individual messages in context. For example, a simple chat message such as, “How are you?” leaves a reviewer without any relevant information. At the same time, individually reviewing tens of thousands of messages in a collaboration channel is a disproportionate use of time, budget and resources. Conversely, if chat messages can be parsed in an intelligent, adaptive manner that focuses on relevant content, reviewers can cut out a great deal of noise and better understand the meaningful portions of a communication thread.

   Ultimately, emerging data sources should not be processed, analysed and reviewed with the same approaches used for traditional sources such as email. Rather, legal teams can apply new methodologies alongside visualisations and other sophisticated analytics to unearth dynamic insights from the data within these platforms.

3. Data Privacy and Compliance: Companies have never faced greater risk with respect to their data than they do today, and inadequate governance can extend to significant legal, regulatory, security and financial exposure. With information flowing freely between hundreds of data sources and disparate employees, it’s increasingly difficult to ensure data privacy, governance and compliance policies are consistently followed. Policy refreshes to account for emerging data sources, data privacy impact assessments on new tools implemented and robust data mapping will help align the growing footprint of emerging data sources with regulatory requirements.
4. Sensitive Information Sharing: Without the proper controls, emerging data sources can also implicate the protection of IP and trade secrets. Organisations should carefully consider preventative and monitoring actions to ensure they maintain control and visibility of critical IP that may be created, stored or shared within emerging data sources.

While this shifting data landscape brings a new set of challenges, it also offers opportunities. When handled with strong governance and dynamic approaches to discovery, emerging data sources can enrich an organisation’s understanding of its information universe. To achieve this, organisations should work with experts who understand how to build processes and workarounds to simultaneously address risks, unlock transparency and implement changes needed in processes across e-discovery, investigations and governance.

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.