Information Governance Resources
TMT Boards Threaten 2020 Growth if they Ignore Data Privacy Today 5/31/2019
This year will see real progress in 5G network implementation, an expansion of the connected device marketplace, further adoption of applied AI and the advancement of ad-tech capabilities. These constituent parts will more noticeably converge and begin to firm up the long-term vision of global commerce, in which online platforms will have greater reach into the real world and the consumer’s data will fuel unprecedented insights and outcomes. In parallel with this push into the future, global Technology, Media and Telecom (TMT) corporations will continue to struggle with data privacy regulatory risk.
As the trend continues, Texas has joined other states in the data privacy ring by introducing two privacy and data protection bills. Both bills are aimed at protecting personal information and holding companies accountable for data security.
Spear Phishing: Carefully Targeted, Extremely Damaging and Fast Increasing 3/27/2019
As spear phishing becomes sophisticated and widespread it’s essential that organisations take a multi-layered approach to protecting themselves. This means buying in expertise in staff training, cyber security and monitoring from an external source that specialises in this growing risk.
Integrating Data Privacy Into Your Organization’s Business Strategy 3/20/2019
With the advent of regulations like GDPR and the California Consumer Privacy Act of 2018, corporate leaders are beginning to recognize that poor data privacy risk management can harm competitive advantage, weigh down return on investment and have long term erosive effects on shareholder value. But how involved should executives be in privacy risk management decision making? And how can the corporate boards, the C-suite and legal and compliance stakeholders align business goals with privacy risk management?
23 NYCRR 500 Assessment Readiness and Compliance for Financial Services Firms 12/14/2018
In 2017, the New York State Department of Financial Services implemented 23 NYCRR 500, commonly known as New York’s Cybersecurity Regulation. Although these requirements align with many information governance and cybersecurity best practices, they are extensive in scope.
Five Lessons Learned from Early GDPR Fines 12/4/2018
Earlier this month, data protection authorities in Portugal doled out a €400,000 fine to a hospital for failure to apply appropriate access controls over digital patient data. This is one of the first penalties we’ve seen issued under GDPR since its enactment earlier this year. There are several interesting elements of this particular case, one of which is the fact that fines were imposed even though no data breach event occurred.
Data Management – From the Basements to the Boardroom 11/30/2018
Data is a strategic asset and GDPR has raised the profile of data management from the basements to the boardroom and assigned a strategic value to understanding our data, how we use it, where we store it, how it flows between systems and processes and ultimately how long it should be retained and protected. In this short video, information governance expert Nina Bryant talks about how GDPR has been driver for organisations to assess both the risk and the value of the data they hold.
GDPR Compliance - The Unintended Consequences for Organisations 11/29/2018
GDPR has made data protection a reality not only for heavily regulated industries but for all organisations. Once seen purely as a legislative burden, GDPR compliance is now providing organisations with a range of benefits.
Paris Calls for Cybersecurity Peace 11/14/2018
This week, the President of France issued the Paris Call for Trust and Security in Cyberspace. The document is a cybersecurity pact seeking consortium of technology companies, governments and NGOs to improve the stability and safety of the internet. With its unveiling, the declaration touted support from some of the tech industry’s largest players and a handful of countries in Europe.
Are Data Subject Access Requests a Trick or a Treat? 10/31/2018
It’s that time of year… no, not when bands of trick-or-treaters are traipsing up your walk, but when the ghoulish specters called data subject access requests (DSARs) are going to start flooding in.
Recommended Reading: $17 Million Settlement in US Privacy Suit 10/24/2018
A California-based consumer electronics company has agreed to a $17 million settlement in a lawsuit that claimed the company installed data-tracking software on its internet-connected smart TVs without notifying customers, and then profited from the sale of the personally identifiable information to advertisers.
Recommended Reading: Examining Safeguards for Consumer Data Privacy 10/5/2018
For those interested in the growing momentum around broader US data privacy protections, I wanted to flag a recent Senate hearing on “Examining Safeguards for Consumer Data Privacy.” On Wednesday, September 26, 2018 the Senate Committee on Commerce, Science, and Transportation met to examine consumer protection and privacy policies of top technology and communications firms.
Recommended Reading: Data Breach and Potential Class Action in UK 9/14/2018
After a recent data breach, a law firm is threatening the company with a potential class action lawsuit, citing Article 82 of the U.K. Data Protection Act. Specifically, the law firm is citing the "right to compensation and liability" — which states, "Any person who has suffered material or non-material damage as a result of an infringement of this regulation shall have the right to receive compensation from the controller or processor for the damage suffered."
GDPR Breach Crisis: Are You Prepared? 9/5/2018
The GDPR compliance deadline might have passed but over two-thirds of UK firms acknowledge they are at risk of a GDPR breach crisis. While data mapping and updating privacy policies are an important aspect of GDPR preparedness, many companies will struggle to respond to GDPR breaches and incidents.
Combining Contract Intelligence with Information Governance to Find Value in Your Data 9/2/2018
How can you use Data Governance to add value to the organization? Information Governance and Contract Intelligence offer multiple ways to not only reduce risk, but gain efficiencies. IG programs have largely gone from catch-all, ‘boil the ocean’ pursuits to a series of concrete, practical actions an organization can take to reduce data volumes, become more efficient and protect data ‘crown jewels’. Contracts, when organized and mined effectively, can reduce risk and actually create value for the organization. Attend this session to learn how to apply IG techniques and utilize your contract universe to gain efficiencies and reduce risk.
Advice from Counsel: State of the Union on Data Privacy & Security 2/15/2018
The 12th Advice from Counsel study explores how issues of data security and privacy impact in-house legal teams at Fortune 1000 corporations and reveals the top concerns and emerging best practices across three key and intersecting topics: the General Data Protection Regulation (“GDPR”), IG and data security and remediation.
Regulatory Compliance as a Competitive Advantage 12/14/2017
Next year, firms around the globe will be impacted by some of the world’s toughest new regulations and privacy requirements. Adapting to this new landscape was a key topic at The Lawyer's Managing Risk and Litigation conference.
Five Steps to Prepare for GDPR 12/6/2017
When the European General Data Protection Regulation (GDPR) enforcement kicks in this May, responding to data subject rights will be a challenge for many large organizations. The GDPR enables EU individuals to request corporations to inquire about what personal data they have on them or even delete their personal data. Requests must be responded to promptly, within one month, leaving companies very little time to perform a task that they may not be equipped to handle. No barrier exists for citizens to enact these rights, and some countries are planning campaigns to educate the public on them in the coming year.
Building an Intelligence-Led Cyber Program 12/1/2017
With reports of major breaches surfacing with alarming frequency, Boards and C-Level management are increasingly looking to Legal to implement programs that help the corporation prepare for, and reduce fallout from, inevitable cyber incidents. How can in-house counsel implement the right measures to minimize damage to the corporate reputation, loss of key data and legal and regulatory penalties? And how can you make sure your team is not already behind the ball at the time of incident detection?
Reducing Cost and Risk with Information Governance 10/9/2017
Exploding growth of corporate data, whether stored on servers, in the cloud or on employee devices, presents new challenges and opportunities for all organisations. Information Governance enables companies to get control over their information and allows them to make better business decisions.
Equifax Breach a Category 4 or 5 Attack, but By No Means Unique 9/11/2017
Late last week, we learned that Equifax was breached via a simple web application weakness, and over 143 million consumers’ records were compromised. The bad (worse) news is that this story is not unique, and this is by no means the final chapter.
Using Information Governance Tactics to Prepare for the GDPR 8/18/2017
Much like Information Governance, preparation for the General Data Protection Regulation is a cross-departmental concern that requires input from many different groups within an organization, including privacy, compliance, legal, line of business, IT and information security.
Advice From Counsel Featured in Security Technology Executive Magazine 8/18/2017
With organizations increasingly challenged to support the modern workplace environment – mobile phones, remote employees, cloud collaboration sites, social media, IM platforms and chatrooms – while keeping this data secure and easily retrievable for legal or regulatory needs, we at FTI conducted the latest iteration of AFC to uncover how legal teams are handling the challenges.
How Counsel Can Leverage the Power of IG 8/7/2017
While information governance is often thought about in the context of data security and IT efficiency, there is an equally important factor that deeply resonates with a corporation’s board and C-suite: reputational risk.
The Lawyer - Global Litigation 50 Report, 2017 7/25/2017
Technology is revolutionising the way lawyers practice their trade. To deliver the greatest value to their clients, legal professionals must know about the latest technological solutions.
Privacy by Deletion: 5 Steps to Reducing Data Risk 7/21/2017
Organizational data is dramatically increasing in size – by some estimates as much as 40-60% growth per year – at the same time that data breaches grow in number. How can IT and legal teams work together to better protect sensitive corporate data and stave off data breaches?
92 Reasons to Delete Data 6/13/2017
Data storage has never been cheaper. But the downstream costs – data discovery, legal review and data breaches, to name just a few – have never been higher. If you don’t yet have a data remediation policy, this collection of stats, facts and references provides 92 reasons to start planning for one.
GDPR: A Challenge and an Opportunity 6/12/2017
In the first of our series of short videos on GDPR, Sonia Cheng, FTI Consulting’s European Information Governance Leader, talks about what GDPR is, the key steps to compliance, and what to do if you have limited time and budget.
We Now Have an Instruction Manual for Data Security Programs 5/30/2017
Target’s multistate settlement ($18.5MM) for their 2013 data breach is the strongest evidence yet that Data Governance and Security is impacting organizations in every vertical and geography.
FTI Discusses Information Governance Enforcement in InformationWeek 4/3/2017
Sean Kelly highlights steps IG teams can take to build enforcement into their policies from the outset.
A Lawyer’s Role in Office 365 Migration 3/18/2017
O365 migration should be viewed as a critical business initiative that requires the involvement of the legal department as one of the primary decision makers every step of the way during a migration.
Microsoft Office 365: Maximizing the Opportunity for Legal & Regulatory Compliance 3/6/2017
Microsoft Office 365 represents a transformational change for how organizations create, share and manage enterprise data. The migration to Office 365 also offers legal teams a once-in-a-decade opportunity to develop and implement industry best practices for e-discovery and information governance. Utilizing Office 365 demos and migration case study examples, this interactive webcast will address the legal and regulatory impacts of Office 365.
IG Engagement, Enablement and Change to Ensure Policies Aren’t Collecting Dust 3/6/2017
Policy enforcement is a challenging task for most organizations – more so for those in regulated industries that have a highly complex legal and compliance profile.
Transforming Risk: Shifting from Reactive to Proactive 1/18/2017
With many organisations struggling to deal with the rapid explosion of data, coupled with increasingly aggressive regulatory enforcement, how should they drive change in information governance?
Microsoft Office 365 Migration Considerations Discussed in Computer Business Review 1/15/2017
With increasing adoption of Microsoft Office 365 (O365), analysts have indicated the migration process has arisen as an acute pain point from an information governance and e-discovery perspective.
The Importance of Information Governance 12/12/2016
Transforming Risk with Better Information Governance 11/30/2016
As regulated companies are required to manage ever growing amounts of data, and regulators are imposing increasingly severe fines, how can firms ensure they comply with this greater scrutiny?
Quick Wins in Information Governance 11/22/2016
From protecting sensitive customer data from cyber threats to complying with data protection laws, corporate information governance efforts are quickly becoming “must do” projects. In this paper, Sonia Cheng gives her top 5 pragmatic and proactive tips to help in-house legal teams achieve quick wins for information governance projects.
Legal Holds in the Age of the Cloud and Information Governance 11/22/2016
Legal holds are a critical part of the e-discovery process, yet so many companies struggle to develop a formal system or keep their legal hold processes and technology up-to-date. This is about to change. Two major trends are pushing legal teams to address the current gaps in their legal hold process.
FTI Shares Information Governance Philosophy in Cybersecurity Law & Strategy 10/24/2016
One of the most meaningful elements of information governance is how it can drive the differentiation of data types and enable stronger security protocols around a corporation’s most sensitive data.
Defensible Remediation of “Dark Data” 6/24/2016
Many companies are wasting money on storage or exposing themselves to data breaches by supporting massive amounts of "dark data." Learn how you can get your dark data under control with this FTI Technology case study of our information governance services.
Defensible Remediation of “Dark Data” 6/24/2016
Many companies are wasting money on storage or exposing themselves to data breaches by supporting massive amounts of "dark data." Learn how you can get your dark data under control with this FTI Technology case study of our information governance services.
Multi-National E-Discovery During Privacy Shield Limbo 3/31/2016
In October, the High Court of the European Union made a ruling that nullified the existing Data Safe Harbor agreement between the EU and the U.S., which since 2000, outlined rules allowing the transfer of protected data from Europe across our borders. The safe harbor agreement provided a way for U.S. companies to migrate personal data originating in the EU, to the U.S. for e-discovery and regulatory purposes, in a way that was consistent with the EU Data Protection Directive.
The State of Information Governance in Corporations 3/31/2016
For this Advice from Counsel study, we interviewed in-house counsel to better understand the health and success of information governance programs within corporations. The results clearly show that with a few exceptions, most organizations are in the early stages of information governance adoption. Yet these executives have strong advice on how best to begin and implement an IG initiative. From these results, organizations can better under¬stand how their peers are successfully keeping an eye on the big picture while executing quick wins that help build momentum for broader IG initiatives.
Advice from Counsel: The State of Information Governance in Corporations 11/30/2015
From well-publicized data breaches to skyrocketing data growth (and costs), information governance challenges are all around us. How are corporations responding? What are the teams and roles driving information governance policy development? How are these policies communicated and enforced, not just internally but with external partners and stakeholders? Which IG strategies are producing tangible results, and which programs are coming up short?
FTI Technology Crafts Solution to Remedy Health Care System’s Data Ills 11/23/2015
Understand corporate data residing on various networks and Sharepoint sites to proactively reduce data footprint and reduce future risk and exposure.
Identifying & Protecting the Corporate Crown Jewels 10/26/2015
Every organization has a set of crown jewels—information that is critical, unique or irreplaceable. From the CEO’s emails to the board, to sensitive IP, organizations need to properly identify, categorize and secure these crown jewels. This paper is designed to provide a practical overview of how to secure your company’s crown jewels, from stakeholder involvement to developing repeatable processes and technical considerations.
Why Data Deletion Makes Sense (and Dollars) 7/23/2015
Conventional wisdom says the cost of storing data is declining. That’s true. But the total cost to businesses to store data is rising unsustainably because they are collecting — and retaining — more data than ever before. The key to controlling costs and freeing up operating capital is deleting data you don’t need to store. How do you know what you don’t need? Two words: information governance.
Advice from Counsel | Part 3: The Emerging E-Discovery Playbook 8/19/2014
The first two posts in this series highlighted some fascinating findings from our annual Advice from Counsel study, providing recommendations for the top corporate e-discovery ‘plays’ according to legal departments at Fortune 1000 corporations. Some of the top practices touched on included preservation and collection, when to utilize service providers, tackling the uncertain waters of predictive coding and leveraging data re-use. In addition to the five overarching ‘plays’, the survey respondents also weighed in on other pressing matters that are impacting e-discovery today, and will continue to do so in the near future.
Advice from Counsel: The Emerging E-Discovery Playbook 2/23/2014
Fortune 1000 corporate counsel share advice about how corporations manage their e-discovery programs in this annual survey.
Can Predictive Coding Provide Greater Information Governance? – ARMA 2013 11/1/2013
These two terms – “predictive coding” and “information governance” – generate a lot of industry buzz but our most recent Advice from Counsel survey results indicate adoption is lagging. So this ARMA 2013 conference session was designed to provide ARMA attendees with practical knowledge of predictive coding and examples of how leading-edge companies are using it for more than just e-discovery.