Information Governance
Blog Post
How Data Protection Has Become a Business-Critical Priority in the Middle East
Organisations that store personal and sensitive data possess millions of data artifacts—each representing unique risk and value—within their enterprise systems. With cybersecurity incidents on the rise, the stakes around data protection have become higher than ever before, yet many organisations still do not realise the extent of disruption that can result when systems are breached.
Video
While data mapping is a critical first step in identifying key areas of risk, the process can be daunting to large organizations. In this webcast we examine ways to overcome data discovery paralysis and maintain ongoing compliance.
Blog Post
EU Whistleblowing Protection Directive Looms as New Compliance Referee
It’s game time for corporate compliance professionals in Europe. In less than three months, the EU Whistleblowing Protection Directive will take effect and add a new set of requirements to the long list of compliance controls businesses in Europe must implement and maintain. With little time left to prepare and establish the frameworks needed to comply with the law, it’s important that businesses gain an understanding of what the directive entails and the new policies and processes that must be put in place before the impending deadline.
Video
Establishing Repeatable and Scalable Privacy Programs
FTI Technology's Information Governance, Privacy & Security experts discuss how to position your programs to stay out in front of state, federal and industry-specific privacy compliance obligations.
Blog Post
Experts from across FTI Consulting are engaged on a massive, ongoing data governance project for a large global telecommunications client. We recently discussed the matter with key members of the team, Jake Frazier, Steve McNew and Adam Ingber, to understand the key challenges of the matter and the primary regulatory issues the client has sought to address through improved governance.
Blog Post
Experts from across FTI Consulting are engaged on a massive, ongoing data governance project for a large global telecommunications client. We recently discussed the matter with key members of the team, Jake Frazier, Steve McNew and Adam Ingber, to understand the key challenges of the matter and the primary regulatory issues the client has sought to address through improved governance.
Case Study
When a global financial technology deployment and management provider sought to migrate its systems to Office 365, its general counsel recognized an opportunity to establish a records retention policy and assess information governance maturity.
Blog Post
How to Hit the Bullseye in Modern Data Governance
Often, the prospect of achieving data governance seems so far off, the challenges so immense, that organizations become stuck in assessments and planning, unable to move a program toward implementation.
Blog Post
Corporate Data Challenges in EMEA in 2021: The Intersection of Data and M&A (Part 2 of 4)
This second post in the series is focused on an area that our team, and my work, is heavily involved in: the data and privacy issues associated with M&A, and the regulatory clearance processes that are increasingly associated with getting the deal through.
White Paper
E-book - Taking Aim at Enterprise Data Governance
Hitting the bullseye in modern data governance starts with a clear view of an organization’s challenges, roles and data objectives in the context of the ever-evolving data landscape. This e-book provides a framework for defining modern data governance, understanding key players and achieving (or refreshing) programs that meets the needs of every stakeholder. It will include FTI Technology’s unique perspective of how combining data governance with broader information governance (IG) and strategic analytics can support robust compliance, data protection, business insights and more.
Case Study
Privacy experts from the Information Governance, Privacy & Security practice within FTI Consulting’s Technology segment were engaged to conduct a biennial privacy and data protection assessment for a large, global technology company.
Video
Sudden Impact: How The Pandemic Changed Antitrust Investigations and Compliance
The pandemic and its ripple effects have impacted us all in many ways, including how we work. Suddenly, millions of workers worldwide made the shift to remote work -- adopting new schedules, communication systems, and business practices. Antitrust practitioners were no different. From North America to South America and Europe, competition authorities updated guidance on pandemic-driven cooperation, transitioned to virtual investigations and temporarily suspended certain merger review and office searches. Acceleration of remote-work-driven cloud communication and the need for remote document collection, only complicated matters further.
Case Study
FTI Consulting Provides GDPR Assessment and Action Plan for Global Energy Company
When Europe’s General Data Protection Regulation (GDPR) was enacted, many U.S. corporations were suddenly facing data protection requirements far more stringent than any preceding privacy rules. This was the case for a Houston-based drilling company, which had a significant international footprint, including in Europe, but limited visibility into how its practices were impacted by the new regulation. With an active GDPR compliance program in development, the company engaged FTI Consulting’s Information Governance, Privacy & Security (IGP&S) practice to conduct a readiness assessment and provide a roadmap of additional steps needed to bring the company into full compliance.
Video
Avoiding Enterprise Data Governance Project Pitfalls
While data governance will look different for every organization, there are a number of challenges that arise in most initiatives. If CDOs and other data governance stakeholders can plan for these and address them at the outset, their projects will have a much greater chance for success. Most projects lag due to resource fatigue, decision overload, assessment dead ends and lack of technical resources. Misalignment of roles and responsibilities is another major project pitfall.
Blog Post
IP in Open Waters Part 2: Bringing Data Back to Safety
In the wake of COVID-19 and the changes it has instigated, you may not be able to bring all your IP back to the safety of the rockpool – but it’s not too late to deploy the life rafts and patrols, and be prepared.
Case Study
The Information Governance, Privacy & Security practice within FTI Consulting’s Technology segment was engaged to design, build, and run a global pharmaceutical and medical device company’s data privacy risk and compliance program.
Blog Post
What Companies Need to Know About the ADGM Data Protection Regulation
In February this year, the Abu Dhabi Global Markets (ADGM) passed the Data Protection Regulation (DPR2021), which bears a striking resemblance to the EU GDPR, and the U.K. GDPR specifically. The former legislation, dating back to 2015, was based on the Organization for Economic Co-Operation and Development (OECD) guidance, which was significantly different from GDPR’s standards. What this means is that for companies operating in the ADGM, major regulatory changes are afoot.
White Paper
Data Security in Texas: The Lone Star in Privacy Compliance?
Are companies in Texas leading the way when it comes to their approach to data security? This new report based on a survey done by ALM Media and FTI Consulting explores the approaches Texas companies employed to challenges faced by virtual workplaces and evolving privacy regulations.
Blog Post
Leading By Example Part 1: Karen Briggs Discusses FTI Consulting’s Presence in EMEA
Shortly after joining FTI Consulting to lead the Forensic & Litigation Consulting segment in EMEA last year, Karen Briggs had her role expanded to oversee the Technology segment in EMEA. In this dual role of heading two of the firm's significant segments in the region, Karen has focused on the synergies between practices to improve client outcomes. During a recent video chat, we asked about her view of the EMEA Technology practice and how she leads her teams through today’s most pressing challenges. This post is part one of a two part series detailing our Q&A.
Blog Post
Q&A: Ben Crew Addresses Growing Demand for Privacy and IG Solutions in Middle East
As Middle Eastern countries ramp up their regulatory oversight and rigor over data protection, companies in the region are seeking guidance on how to evaluate their risk, implement data privacy frameworks and uphold compliance. FTI Consulting is filling this need through the expansion of its IG and data privacy practice in MENA. Senior Director Ben Crew recently joined FTI Consulting to head up the Information Governance, Privacy & Security (IGP&S) practice in the region. We recently chatted with Ben about his new role and the regulatory climate in MENA.
Video
Protecting Data Whilst Remote Working During COVID-19 [FRENCH]
In this interview with in Le Monde Du Droit, FTI Technology's Thomas Sely discusses the protection of companies’ data in a context of remote working and pandemic.
Blog Post
Business Security in Times of Furloughs and Home Working
The effects of COVID-19 have led many companies worldwide to take drastic measures. This includes applications for temporal layoffs or furloughs, with the additional uncertainty of definitive layoffs for vast numbers of employees. In this article, Javier Garcia-Chappell and Grainne Bryan discuss the necessary measures to protect and secure their data, as well as those devices and/or corporate media that may store them.
Case Study
FTI Technology Guides Global Manufacturing Company Through Microsoft 365 Governance and Deployment
A manufacturing company needed to mature its IG posture and data management hygiene. They desired to leverage the cloud and its capabilities to utilize newer applications and available features to increase cross-functional enterprise collaboration. In doing so, they required enhancements to their data governance program and policy adoption of related tools.
Blog Post
E-discovery, data privacy and information governance risks are increasingly intersecting in today’s organizations. In turn, the ways corporations manage their data, approach compliance and react to legal matters must evolve quickly. FTI Technology’s teams are focused on addressing these new challenges and opportunities. The recent addition of Managing Director Brandon Lee to the team is a prime example of FTI’s ability to provide solutions and expertise that bridge the most pressing legal, regulatory and data issues. We recently interviewed Brandon about his new role and his unique strategy for supporting in-house legal teams.
Video
The Use of Technology in Irish Dispute Resolution and Compliance Monitoring
In this interview, Chris Dale of The eDisclosure Information Project spoke with FTI Consulting’s Grainne Bryan about the growing acceptance in Ireland that technology must be used to manage data in dispute resolution and compliance monitoring. Ireland has a strict discovery regime, and until the 2016 discovery judgment in IBRC v Quinn, it had not been considered appropriate to use technology to identify discoverable documents. The Quinn judgment changed that and the use of tools like technology-assisted review is now much more common.
Video
CCPA Training Requirements; Understanding and Operationalizing them for Efficiency and Compliance
Many organizations have prepared for compliance with the CCPA, specifically building out consumer rights management processes and procedures. But there are other requirements that must be met in order to maintain CCPA compliance, like the obligation to train employees who are responsible for handling consumer inquiries about the consumer’s privacy rights, or those within the organization whose roles may impact the processing of California resident personal information, such as marketing or IT. Please join FTI Consulting and OneTrust for a webinar outlining the specific training requirements within the CCPA and to learn about resources that can help your organization more easily meet this requirement.
Video
Privacy by Deletion - 5 Steps to Reducing Data Risk
Organizational data is dramatically increasing in size – by some estimates as much as 40-60% growth per year – at the same time that data breaches grow in number.
Case Study
A large, multinational financial services institution kicked off a global effort to remediate its legacy data environments and enable defensible disposal, an effort driven in part to support compliance with the EU’s General Data Protection Regulation (GDPR). The company’s U.S.-based legal, compliance and e-discovery team engaged FTI Consulting’s Technology segment, looking to the expertise of the segment’s Information Governance, Privacy and Security practice to support the project. FTI was tasked with scoping nearly 800 legal matters for legal hold obligations, establishing new legal hold workflows and supporting review and remediation for the sunsetting of multiple systems and storage vendors.
Video
Protecting Sensitive Data: Remote Employees, Trade Secrets and Data Loss
There is no question that the last few months have disrupted the workplace in profound ways. While the implications and timeline of this disruption are only just beginning to be fully realized, it’s clear that the transition to remote work for the vast majority of corporate employees has made data potentially more vulnerable to compromise, leakage and theft. Additionally, the upheaval of the global economy means that workforce shifts or reductions are likely inevitable. How can a corporation protect sensitive data in these circumstances? How do organizations detect and respond to data leakage and/or theft when it happens? And once data is compromised and litigation started, how do businesses put a value on what was lost?
Blog Post
Streamlining Privacy Compliance Among Global Regulatory Changes
Organisations that operate globally are subject to the ever-changing and continually developing regulatory landscape, which is challenging to comply with without a robust privacy and information governance backbone. In this blog, Ines Rubio, looks at how using aids such as privacy management technology to stay on top of processing activities and legal requirements will facilitate compliance teams’ work and serve as the go-to resource for updates, queries, and research on regulatory changes.
Blog Post
How content is created and shared on digital platforms is coming under increasing scrutiny with Regulators and the public calling for online platforms to take on more responsibility. Regulation has been on the horizon with France coming close to passing law to regulate online hate speech (subsequently struck down in court due to freedom of speech concerns) and the Online Harms Bill was proposed by the UK in 2019.
Blog Post
The ePrivacy regulation has had an uncertain path, and at times it seemed as though there would be no regulation introduced at all. One of the main stumbling blocks is the impact on online behavioural advertising and cookies walls on websites. However, in mid-February, the Council of the European Union’s Presidency announced a breakthrough: member states finally reached an agreement on the draft text. The next stage will be negotiations between the Commission, the Council, and the European Parliament.
Blog Post
Data is easy to forget. Especially with the increase in legacy-to-digital transformation, it’s easy to overlook unused systems or historical backups. All too often, the focus is on transitioning to new, digital technologies without decommissioning the legacy systems they replace.
Blog Post
Privacy Compliance for Small and Mid-Sized Businesses; It’s Not One Size Fits All
Read any survey of the challenges small and mid-sized business leaders face, and you’ll see an array of worries over managing cash, retaining customers, competing and keeping up with technological change. Chances are that regulatory compliance and data privacy aren’t making those lists of issues keeping SMB owners up at night. In fact, the majority of SMBs (80% according to one survey) know very little about whether and how data protection laws affect their business. Nevertheless, many data protection regulations are indiscriminate when it comes to organization size, and with consumers paying increasing attention to data privacy, the issue has become very real in the SMB arena.
Video
The modern workplace is in the midst of a massive transformation. An estimated 44% of employees are currently working from home, and a recent survey reported that employers expect the number of full-time workers who remain at home permanently to triple from pre-pandemic figures. The implications of this shift has and will continue to impact policies and operations across business functions, but particularly the data privacy arena, where corporations must consider how a remote workforce impacts regulatory compliance.
White Paper
Effective Strategies to Manage Global Data Challenges
At the recent PrivSec Global event, Nina Bryant and Kajen Subramoney, Managing Directors within FTI Consulting’s Technology segment in EMEA, participated in a panel with other data privacy experts to discuss the current global landscape of data challenges.
Blog Post
Data Risks and Challenges in M&A Transactions
At the recent PrivSec Global event, Sonia Cheng, Senior Managing Director and EMEA Head of Information Governance & Privacy at FTI Consulting, led a panel with Ahmed Baladi, Privacy & Cybersecurity partner at Gibson, Dunn & Crutcher and Linda NiChualladh, Head of Privacy (Legal) at Citi. The session covered the underlying risks and considerations associated with data in M&A transactions and the skills needed to brave a complex M&A data landscape.
Case Study
For the client, a global telecommunications company, a steady flow of information is critical to serving its customers, from service orders to data needed by technicians in the field. In order for the client to preserve billions of dollars in government contract revenue, the client needs to fulfill the new CMMC requirements by identifying controlled unclassified information (“CUI”) in more than 3,500 applications comprised of approximately 7,000 structured databases and protect the information in methods outlined by the government. The timeline for identification and protection reduced from 18+ months to less than one year and the privacy concerns must be mitigated while not interrupting critical business operations.
Blog Post
Now in its sixth year, the report takes a deep dive into the leadership structures, core functions, staff and budgets, and tasks and priorities of privacy programs around the globe. It provides key metrics on ongoing compliance with core pieces of privacy legislation and the effects of recent legal rulings and guidance from data protection authorities on processing operations.
White Paper
The IAPP-FTI Consulting Annual Privacy Governance Report 2020
The IAPP-FTI Consulting Privacy Governance Report is the primary annual study benchmarking the privacy profession. Now in its sixth year, the report takes a deep dive into the leadership structures, core functions, staff and budgets, and tasks and priorities of privacy programs around the globe. It provides key metrics on ongoing compliance with core pieces of privacy legislation and the effects of recent legal rulings and guidance from data protection authorities on processing operations.
Blog Post
The Intersection of Privacy and IT: Key Questions Answered
Today, some degree of data privacy and data protection obligations —regulatory, security standards, consumer trust issues, etc.—touch nearly every organization around the globe. Fulfilling those obligations while maintaining operational resilience and productivity generally requires the involvement of multiple stakeholders as well as a broad range of company leaders. While typically led by an organizations legal and compliance department, operationalizing data privacy technology, implementing the required safeguards and governance workflows requires both the support and leadership of IT.
Blog Post
Third-Party Risk Spreads Like a Virus Among Work From Home Employees
Even sophisticated companies that dedicate ample resources to information governance often end up with gaps when it comes to third-party risk management. Now, as employees and third parties adopt new, unvetted applications to do their jobs from home, these gaps have become even greater. Organizations are under tremendous pressure right now—but making time to holistically assess and manage third parties will pay long-term dividends in reducing risk, while employees work remotely, and when they eventually return to the workplace.
Video
Data Retention & Minimisation - Lessons Learned in 2020
Data retention and minimisation played a key role in numerous cases and enforcement actions throughout 2020. Worryingly, the range of infractions varied widely, teaching us that it is certainly an area that is very challenging for organisations to address.
White Paper
IT’s Role in Supporting Global Privacy Compliance
While privacy programs are typically driven by stakeholders in legal and compliance, the requirements, resources, policies, processes and technologies involved with data privacy compliance often cross over with Information Technology (IT). Existing and emerging data privacy and data protection regulations also introduce a new set of considerations for IT teams to address when sourcing, deploying, managing or sunsetting systems and working with third-party providers.
Blog Post
It’s Official. The California Privacy Rights Act of 2020 is Coming.
Along with countless significant decisions, November 3 brought the passage of a long-awaited update to California data privacy law. This week, the California Privacy Rights Act of 2020 (CPRA) passed with a majority vote as expected, adding to and modifying the requirements and enforcement of the California Consumer Privacy Act (CCPA).
Blog Post
A Peek Behind the Curtain of Information Governance Practices Across Startups and the Fortune 500
Information governance (IG) is becoming more difficult. Data volumes are exploding, regulations are emerging and changing and large workforces are widely dispersed across at-home offices. Just as an organization gets a handle on the data from one new system, five more are onboarded. For many legal, compliance and privacy professionals, IG progress may feel like two steps forward, one step back.
Blog Post
How Life Sciences Organizations are Re-Examining their Compliance Operations and Technology
FTI Technology Senior Managing Director Rena Verma recently attended the 17th annual Pharmaceutical Compliance Congress. We asked Rena to share the insights she gathered from fellow risk and compliance experts, and her observations on the key issues facing the pharmaceutical industry.
Case Study
At a global financial services institution, lack of governance around legal holds and email archives was creating unnecessary risk and data storage costs. When a new member of the in-house legal team joined the organization, eager to refresh the legal hold process and implement a defensible disposal program, she teamed up with the head of litigation and compliance to establish a firm-wide information risk management program.
Case Study
Building upon its ongoing partnership with FTI’s experts, the client engaged the team to refresh its legal hold process and serve as its e-discovery operations team. With 80 multinational open matters spanning litigation, compliance cases, data subject access requests (DSARs) under the General Data Protection Regulation (GDPR) and regulatory audits in EMEA and APAC, the client faces a range of complex, high-stakes e-discovery challenges.
Case Study
Given the client’s lack of a dedicated information governance program and decades of operating without a distinct and enforced email policies, a myriad of obstacles stood in the way of establishing a new approach. FTI would first needed to understand the client’s email and file share universe, and identify any information within those systems that was subject to existing legal hold obligations. With that a baseline, the team could begin disposing of unnecessary data and prepare the archive for a new retention policy.
Case Study
As a continuation of its information risk management initiative, and to prevent future legal expenses relating to tape restoration, the client sought to remediate more than 50,000 backup tapes. With FTI’s guidance, the organization planned to destroy any tapes that contained legacy data no longer relevant to present legal hold or records retention obligations. Because the previous remediation and retention effort had solidified the email archive as the “golden source” for email data, any tapes containing email were also considered redundant and in need of disposal.
Blog Post
SEC Cyber Report Focuses on Information Governance Best Practices
In January, the Securities and Exchange Commission (SEC) released its most substantial cybersecurity guidance to date. The report, “Cybersecurity and Resiliency Observations,” was the result of examination findings and research from the last five years, much of which was led by the commission’s Office of Compliance Inspections and Examinations (OCIE). This is the first comprehensive guidance we’ve seen from the SEC’s cyber unit since it was established several years ago. In many ways, it reads as an examination pamphlet—outlining the essential information security practices and programs a financial services institution will need to have in place to stand up against a government raid, inquiry or investigation.
Video
Data Mapping for Privacy Obligations and Beyond – How to Reduce Risk and Increase Value
Emerging regulations like CCPA and GDPR have prepared us for compliance readiness – but not without challenges. The anticipated volume of Data Subject Access Requests (DSAR) coupled with vast amounts of personal data collected and stored, will make responding to regulatory deadlines far from easy. Especially knowing where all the data resides, how the data is being used and its contractual, legal and regulatory obligations. The answer is “Data Mapping” – a crucial backbone for compliance and overall health of an organization.
Video
Hear from Tom Jackson and a panel of experts discuss the impact the global Covid19 pandemic is having on the e-discovery industry, how e-discovery professionals have adapted so far, and what changes could be likely post-coronavirus.
Blog Post
When Employees Work from Home, Compliance Culture Requires Extra Care
The last two months have given businesses many new issues to consider and practices to re-examine. Alongside introducing unexpected risks, the sudden shift to working from home has disrupted corporate culture, and more specifically, culture as it relates to compliance and privacy practices.
Webcast
Protecting Sensitive Data: Remote Employees, Trade Secrets and Data Loss
There is no question that the last few months have disrupted the workplace in profound ways. While the implications and timeline of this disruption are only just beginning to be fully realized, it’s clear that the transition to remote work for the vast majority of corporate employees has made data potentially more vulnerable to compromise, leakage and theft. Additionally, the upheaval of the global economy means that workforce shifts or reductions are likely inevitable. How can a corporation protect sensitive data in these circumstances? How do organizations detect and respond to data leakage and/or theft when it happens? And once data is compromised and litigation started, how do businesses put a value on what was lost?
Video
In the current climate of uncertainty, business resiliency is top of mind for many organizations, but many are struggling to articulate what that might look like and how to achieve it. Moreover, data privacy and security concerns continue as regulators expect and enforce compliance. Fortunately, there are steps organizations can take right now to strengthen business resiliency. These strategies not only help with regulatory compliance, but also serve as a meaningful business integrity component that can help steady the rudder in tumultuous times.
White Paper
FTI Consulting surveyed over 500 corporate data privacy leaders to understand the solutions, strategies and budgets companies have planned to address data privacy challenges in the coming year. This survey report illustrates how organizations are balancing the costs and risks of managing data in an ever-changing data privacy landscape; the importance of implementing a strategic combination of people, process and technology to mitigate data privacy risk; and the status of future plans in light of today’s uncertainties.
Webcast
Data Mapping for Privacy Obligations and Beyond – How to Reduce Risk and Increase Value
Emerging regulations like CCPA and GDPR have prepared us for compliance readiness – but not without challenges. The anticipated volume of Data Subject Access Requests (DSAR) coupled with vast amounts of personal data collected and stored, will make responding to regulatory deadlines far from easy. Especially knowing where all the data resides, how the data is being used and its contractual, legal and regulatory obligations. The answer is “Data Mapping” – a crucial backbone for compliance and overall health of an organization.
Blog Post
Q&A: Renato Fazzone Discusses Expanding Footprint and Client Service in Germany
The recent appointment of Renato Fazzone as Senior Managing Director and Germany Head of Technology established our permanent presence in the German market for our Technology practice. Backed by more than 15 years working in e-discovery and litigation support, as well as advising clients on corporate fraud and antitrust matters, Renato is eager to expand our offerings and expertise to clients in the region. We recently sat down with him to discuss his vision, the top issues impacting German corporations today, and how the COVID-19 pandemic is impacting FTI’s offerings.
Webcast
In the current state of uncertainty, business resiliency is top of mind for many organizations; however, many are struggling to articulate what that might look like and what can be done in the near term to achieve it. Moreover, data privacy and security concerns continue to reside at the center of that process, with regulators continuing to expect – and enforce – compliance. Fortunately, there are steps organizations can take right now to strengthen business resiliency. These strategies not only help with regulatory compliance, but also serve as a meaningful business integrity component that can help steady the rudder in tumultuous times. Join this webcast to hear experts discuss these strategies and practical steps for implementing them.
White Paper
Limping to the GDPR Finish Line - Why Many Companies Still Aren’t Fully Compliant
To date, GDPR compliance at most organizations has been approached from the top down. Policies and procedures are essential. However, now that most organizations have those in place, it is time to begin revisiting GDPR programs from the bottom up — starting with the systems where data lives, to ensure cohesive alignment between the existing privacy policies, business requirements, and the IT systems and infrastructure.
Blog Post
COVID-19: The Call for Personal Data Hygiene
Coronavirus is everywhere, figuratively and literally. It has overtaken our news, social feeds, and nearly every message and exchange. We’re getting a glaring reminder of the importance of strong personal hygiene (wash your hands!). But what about information hygiene? Beyond the devastating impacts on health infrastructure, human life and the economy, this crisis is also exposing new risks to personal data.
Video
Data Privacy Implications of Cloud-Based Social Collaboration Apps
An array of cloud-based workplace collaboration tools and messaging applications have become standard inside organizations around the globe. Yet many companies are unable to control the growth, management and discovery of the data within these applications. Oftentimes third parties host the data,but lack standard export workflows or preservation policies and process, making it difficult to obtain, quantify or assess. And, perhaps most importantly for those concerned with privacy, these applications are often engineered to prioritize individual user privacy, at the risk of enabling any sort of organized governance.
Case Study
More than 1.5 billion emails. Terabytes of data scattered among dozens of disparate vendors and outside providers. Thousands of custodians on legal hold. Numerous major legal matters at any given time and millions of dollars in annual e-discovery costs. After decades of an unsustainable but pervasive “save everything” data retention model, a large global healthcare corporation recognized the increasing risk and excessive costs of its existing approach.
White Paper
Corporate Data Privacy Today; A Look at the Current State of Readiness, Perception and Compliance
FTI Consulting recently conducted a survey of more than 500 data privacy leaders of large, U.S.-based companies. The results illustrate the state of data privacy in today’s corporations, giving insight into the programs, perceptions and strategies at play.
Video
Five Strategic and Practical Information Governance Considerations During a Merger or Divestment
M&A activity stayed strong in 2019 from large acquisitions and strategic divestitures to smaller bolt-on acquisitions. M&A activity in the large pharmaceuticals, aviation and media industries, all highly litigious sectors from an information governance perspective, dominated the news cycle most recently. During this webcast, our experts outline an M&A playbook on data privacy, contract intelligence, legal holds and data preservation, intellectual property (IP) information and resources to support the various information governance initiatives during a merger or divestment.
Blog Post
2020 + CCPA = $55 Billion Spend for Businesses
The California Consumer Privacy Act (CCPA) has arrived, and businesses are bracing for the financial impacts. Every company’s risk and compliance posture is different, and each company’s data footprint is unique, so the cost of compliance will range from company to company. Generally, estimates from the California Department of Justice project that compliance will cost up to $50,000 for small businesses and $2 million for companies with more than 500 employees. This totals a forecasted $55 billion in initial expenses to operationalize the new requirements.
Video
Friend, Foe or Frenemy: Understanding the Risk of Too Much Data
FTI Consulting’s European Information Governance Leader Sonia Cheng looks towards 2020 and talks about some key issues and topics in information governance and data privacy. These include the core ingredients to make an information governance programme successful, the emerging risk areas information governance that corporations are facing and how technology can help modernise data compliance initiatives.
Blog Post
2020 Forecast: Expect Landmark Changes in E-Discovery, Data Privacy and Investigations
Across our practice areas, we asked our experts to share their predictions for what will shape legal, compliance and information governance in the coming year. Below is a roundup—across new laws, emerging technology and key industries—of what they expect will make the biggest impact to businesses worldwide.
Video
Managing Global Data Subject Rights
GDPR. LGDP. CCPA...In this sea of uncertainty, how do you keep your privacy programme afloat?
White Paper
Committing To Data Privacy Compliance: The California Consumer Privacy Act And Steps To Prepare
California’s new data privacy law, The California Consumer Privacy Act of 2018 (CCPA), is ushering in a new era of consumer privacy protections in the U.S. The law takes effect January 1, 2020, and will provide broad privacy protections for California residents. To ensure regulatory readiness, organizations must prepare for the impact the law will bring to their business, understand obligations and take steps to modify processes accordingly
Webcast
US-UK-EU Cross-Border Data Transfers After Brexit
Date:
Wednesday, November 6, 2019
Time:
1:00 p.m. EST
More Information:
Webcast
The Business of Law 2020: The FTI-Relativity General Counsel Survey
What does the future hold for law and business in 2020 and beyond? Chief legal officers provide a unique perspective, and to analyze that perspective, Relativity and the FTI Technology business unit of FTI Consulting commissioned a study by Ari Kaplan Advisors, surveying general counsel on a wide variety of legal issues affecting business and the legal profession. Limiting the study to chief legal officers, the survey covered topics ranging from the technical competence of legal teams to preparedness for cyberattacks. Attend this webcast to understand what these results imply about the future of the legal industry.
White Paper
The General Counsel Report: Corporate Legal Departments in 2020
FTI Technology and Relativity partnered with Ari Kaplan Advisors to survey chief legal officers about the future of the legal industry and the skills and expertise needed for the next generation of lawyers. The results of these interviews clearly indicate an industry in transition across four key areas: the evolving role of in-house counsel, risk factors and how the modern legal department is addressing them, technology and innovation in law, and advice that general counsel have for their law firms and for future lawyers.
Blog Post
Europe’s highest court, The European Court of Justice ("ECJ") in Luxembourg, ruled on two cases last week involving GDPR’s right to be forgotten as it applies to information available on the internet. In the first ruling, the court held that the privacy rule cannot be applied outside the European Union. In the second, the court said the right to freedom of information must be balanced against the right to privacy and specifically the right to have links related to certain categories of personal data automatically deleted.
Webcast
Data Privacy Implications of Cloud-Based Social Collaboration Apps
An array of cloud-based workplace collaboration tools and messaging applications have become standard inside organizations around the globe. Yet many companies are unable to control the growth, management and discovery of the data within these applications. Oftentimes third parties host the data, but lack standard export workflows or preservation policies and process, making it difficult to obtain, quantify or assess. And, perhaps most importantly for those concerned with privacy, these applications are often engineered to prioritize individual user privacy, at the risk of enabling any sort of organized governance.
Blog Post
TMT Boards Threaten 2020 Growth if they Ignore Data Privacy Today
This year will see real progress in 5G network implementation, an expansion of the connected device marketplace, further adoption of applied AI and the advancement of ad-tech capabilities. These constituent parts will more noticeably converge and begin to firm up the long-term vision of global commerce, in which online platforms will have greater reach into the real world and the consumer’s data will fuel unprecedented insights and outcomes. In parallel with this push into the future, global Technology, Media and Telecom (TMT) corporations will continue to struggle with data privacy regulatory risk.
Blog Post
As the trend continues, Texas has joined other states in the data privacy ring by introducing two privacy and data protection bills. Both bills are aimed at protecting personal information and holding companies accountable for data security.
White Paper
Spear Phishing: Carefully Targeted, Extremely Damaging and Fast Increasing
As spear phishing becomes sophisticated and widespread it’s essential that organisations take a multi-layered approach to protecting themselves. This means buying in expertise in staff training, cyber security and monitoring from an external source that specialises in this growing risk.
Video
Integrating Data Privacy Into Your Organization’s Business Strategy
With the advent of regulations like GDPR and the California Consumer Privacy Act of 2018, corporate leaders are beginning to recognize that poor data privacy risk management can harm competitive advantage, weigh down return on investment and have long term erosive effects on shareholder value. But how involved should executives be in privacy risk management decision making? And how can the corporate boards, the C-suite and legal and compliance stakeholders align business goals with privacy risk management?
23 NYCRR 500 Assessment Readiness and Compliance for Financial Services Firms
In 2017, the New York State Department of Financial Services implemented 23 NYCRR 500, commonly known as New York’s Cybersecurity Regulation. Although these requirements align with many information governance and cybersecurity best practices, they are extensive in scope.
Blog Post
Five Lessons Learned from Early GDPR Fines
Earlier this month, data protection authorities in Portugal doled out a €400,000 fine to a hospital for failure to apply appropriate access controls over digital patient data. This is one of the first penalties we’ve seen issued under GDPR since its enactment earlier this year. There are several interesting elements of this particular case, one of which is the fact that fines were imposed even though no data breach event occurred.
Blog Post
GDPR Compliance - The Unintended Consequences for Organisations
GDPR has made data protection a reality not only for heavily regulated industries but for all organisations. Once seen purely as a legislative burden, GDPR compliance is now providing organisations with a range of benefits.
Video
Data Management – From the Basements to the Boardroom
Data is a strategic asset and GDPR has raised the profile of data management from the basements to the boardroom and assigned a strategic value to understanding our data, how we use it, where we store it, how it flows between systems and processes and ultimately how long it should be retained and protected. In this short video, information governance expert Nina Bryant talks about how GDPR has been driver for organisations to assess both the risk and the value of the data they hold.
Blog Post
Paris Calls for Cybersecurity Peace
This week, the President of France issued the Paris Call for Trust and Security in Cyberspace. The document is a cybersecurity pact seeking consortium of technology companies, governments and NGOs to improve the stability and safety of the internet. With its unveiling, the declaration touted support from some of the tech industry’s largest players and a handful of countries in Europe.
Blog Post
Are Data Subject Access Requests a Trick or a Treat?
It’s that time of year… no, not when bands of trick-or-treaters are traipsing up your walk, but when the ghoulish specters called data subject access requests (DSARs) are going to start flooding in.
Blog Post
Recommended Reading: $17 Million Settlement in US Privacy Suit
A California-based consumer electronics company has agreed to a $17 million settlement in a lawsuit that claimed the company installed data-tracking software on its internet-connected smart TVs without notifying customers, and then profited from the sale of the personally identifiable information to advertisers.
Blog Post
Recommended Reading: Examining Safeguards for Consumer Data Privacy
For those interested in the growing momentum around broader US data privacy protections, I wanted to flag a recent Senate hearing on “Examining Safeguards for Consumer Data Privacy.” On Wednesday, September 26, 2018 the Senate Committee on Commerce, Science, and Transportation met to examine consumer protection and privacy policies of top technology and communications firms.
Blog Post
Recommended Reading: Data Breach and Potential Class Action in UK
After a recent data breach, a law firm is threatening the company with a potential class action lawsuit, citing Article 82 of the U.K. Data Protection Act. Specifically, the law firm is citing the "right to compensation and liability" — which states, "Any person who has suffered material or non-material damage as a result of an infringement of this regulation shall have the right to receive compensation from the controller or processor for the damage suffered."
White Paper
GDPR Breach Crisis: Are You Prepared?
The GDPR compliance deadline might have passed but over two-thirds of UK firms acknowledge they are at risk of a GDPR breach crisis. While data mapping and updating privacy policies are an important aspect of GDPR preparedness, many companies will struggle to respond to GDPR breaches and incidents.
Video
Combining Contract Intelligence with Information Governance to Find Value in Your Data
How can you use Data Governance to add value to the organization? Information Governance and Contract Intelligence offer multiple ways to not only reduce risk, but gain efficiencies. IG programs have largely gone from catch-all, ‘boil the ocean’ pursuits to a series of concrete, practical actions an organization can take to reduce data volumes, become more efficient and protect data ‘crown jewels’. Contracts, when organized and mined effectively, can reduce risk and actually create value for the organization. Attend this session to learn how to apply IG techniques and utilize your contract universe to gain efficiencies and reduce risk.
Webcast
From Security to Savings: Benchmarking Your InfoGov Program Against Peers
Attend this webcast to learn the specifics – budgets, priorities, quantifiable results – of how corporations are building and managing information governance programs. This webcast will feature survey results from a recent Bloomberg study benchmarking information governance programs across a number of key vertical industries.
White Paper
Advice from Counsel: State of the Union on Data Privacy & Security
The 12th Advice from Counsel study explores how issues of data security and privacy impact in-house legal teams at Fortune 1000 corporations and reveals the top concerns and emerging best practices across three key and intersecting topics: the General Data Protection Regulation (“GDPR”), IG and data security and remediation.
Video
Leading the Way with Information Governance
By the end of May 2018, the landscape of how organisations manage information about clients will be completely transformed by some of the world’s toughest new legislation.
Video
Building an Intelligence-Led Cyber Program
With reports of major breaches surfacing with alarming frequency, Boards and C-Level management are increasingly looking to Legal to implement programs that help the corporation prepare for, and reduce fallout from, inevitable cyber incidents. How can in-house counsel implement the right measures to minimize damage to the corporate reputation, loss of key data and legal and regulatory penalties? And how can you make sure your team is not already behind the ball at the time of incident detection?
Video
Five Steps to Prepare for GDPR
When the European General Data Protection Regulation (GDPR) enforcement kicks in this May, responding to data subject rights will be a challenge for many large organizations. The GDPR enables EU individuals to request corporations to inquire about what personal data they have on them or even delete their personal data. Requests must be responded to promptly, within one month, leaving companies very little time to perform a task that they may not be equipped to handle. No barrier exists for citizens to enact these rights, and some countries are planning campaigns to educate the public on them in the coming year.
Blog Post
Regulatory Compliance as a Competitive Advantage
Next year, firms around the globe will be impacted by some of the world’s toughest new regulations and privacy requirements. Adapting to this new landscape was a key topic at The Lawyer's Managing Risk and Litigation conference.
Video
Reducing Cost and Risk with Information Governance
Exploding growth of corporate data, whether stored on servers, in the cloud or on employee devices, presents new challenges and opportunities for all organisations. Information Governance enables companies to get control over their information and allows them to make better business decisions.
Blog Post
Equifax Breach a Category 4 or 5 Attack, but By No Means Unique
Late last week, we learned that Equifax was breached via a simple web application weakness, and over 143 million consumers’ records were compromised. The bad (worse) news is that this story is not unique, and this is by no means the final chapter.
Blog Post
Advice From Counsel Featured in Security Technology Executive Magazine
With organizations increasingly challenged to support the modern workplace environment – mobile phones, remote employees, cloud collaboration sites, social media, IM platforms and chatrooms – while keeping this data secure and easily retrievable for legal or regulatory needs, we at FTI conducted the latest iteration of AFC to uncover how legal teams are handling the challenges.
White Paper
Using Information Governance Tactics to Prepare for the GDPR
Much like Information Governance, preparation for the General Data Protection Regulation is a cross-departmental concern that requires input from many different groups within an organization, including privacy, compliance, legal, line of business, IT and information security.
Blog Post
How Counsel Can Leverage the Power of IG
While information governance is often thought about in the context of data security and IT efficiency, there is an equally important factor that deeply resonates with a corporation’s board and C-suite: reputational risk.
White Paper
The Lawyer - Global Litigation 50 Report, 2017
Technology is revolutionising the way lawyers practice their trade. To deliver the greatest value to their clients, legal professionals must know about the latest technological solutions.
Video
Privacy by Deletion: 5 Steps to Reducing Data Risk
Organizational data is dramatically increasing in size – by some estimates as much as 40-60% growth per year – at the same time that data breaches grow in number. How can IT and legal teams work together to better protect sensitive corporate data and stave off data breaches?
Blog Post
FTI Discusses Information Governance Enforcement in InformationWeek
Sean Kelly highlights steps IG teams can take to build enforcement into their policies from the outset.
White Paper
Data storage has never been cheaper. But the downstream costs – data discovery, legal review and data breaches, to name just a few – have never been higher. If you don’t yet have a data remediation policy, this collection of stats, facts and references provides 92 reasons to start planning for one.
Video
GDPR: A Challenge and an Opportunity
In the first of our series of short videos on GDPR, Sonia Cheng, FTI Consulting’s European Information Governance Leader, talks about what GDPR is, the key steps to compliance, and what to do if you have limited time and budget.
Video
Policies & Procedures for Keeping Employee Data Inside the Organization, Not Out
In the first of a two-part webcast series, "Don't Let Sensitive Data Walk Out Your Front Door," learn what standards leading organizations are taking to keep sensitive data required for litigation and compliance safe and secure.
Blog Post
We Now Have an Instruction Manual for Data Security Programs
Target’s multistate settlement ($18.5MM) for their 2013 data breach is the strongest evidence yet that Data Governance and Security is impacting organizations in every vertical and geography.
Video
Using Information Governance Strategies to Prepare for the GDPR
The General Data Protection Regulation (“GDPR”) goes into effect in roughly one year and yet many companies are still behind in preparing for compliance. This webcast will help you understand the top priorities and challenges with meeting GDPR requirements, how to assess your organization’s exposure, how to prioritize actions and how to take the first steps toward compliance.
Blog Post
IG Engagement, Enablement and Change to Ensure Policies Aren’t Collecting Dust
Policy enforcement is a challenging task for most organizations – more so for those in regulated industries that have a highly complex legal and compliance profile.
Blog Post
A Lawyer’s Role in Microsoft 365 Migration
O365 migration should be viewed as a critical business initiative that requires the involvement of the legal department as one of the primary decision makers every step of the way during a migration.
Blog Post
Microsoft 365 Migration Considerations Discussed in Computer Business Review
With increasing adoption of Microsoft 365 (O365), analysts have indicated the migration process has arisen as an acute pain point from an information governance and e-discovery perspective.
Video
Microsoft 365: Maximizing the Opportunity for Legal & Regulatory Compliance
Microsoft 365 represents a transformational change for how organizations create, share and manage enterprise data. The migration to Microsoft 365 also offers legal teams a once-in-a-decade opportunity to develop and implement industry best practices for e-discovery and information governance. Utilizing Microsoft 365 demos and migration case study examples, this interactive webcast will address the legal and regulatory impacts of Microsoft 365.
Video
The Importance of Information Governance
Jake Frazier, FTI Consulting’s Global Information Governance Leader, gives his thoughts on why it’s essential for organisations to have a robust information governance programme in place and one that involves various stakeholders around the business involved, including legal. With the growing amounts and types of data how can companies get the right balance between the cost of keeping their data and ensuring its security?
White Paper
Transforming Risk: Shifting from Reactive to Proactive
With many organisations struggling to deal with the rapid explosion of data, coupled with increasingly aggressive regulatory enforcement, how should they drive change in information governance?
White Paper
Transforming Risk with Better Information Governance
As regulated companies are required to manage ever growing amounts of data, and regulators are imposing increasingly severe fines, how can firms ensure they comply with this greater scrutiny?
Video
Legal Holds in the Age of the Cloud and Information Governance
Legal holds are a critical part of the e-discovery process, yet so many companies struggle to develop a formal system or keep their legal hold processes and technology up-to-date. This is about to change. Two major trends are pushing legal teams to address the current gaps in their legal hold process.
White Paper
Quick Wins in Information Governance
From protecting sensitive customer data from cyber threats to complying with data protection laws, corporate information governance efforts are quickly becoming “must do” projects. In this paper, Sonia Cheng gives her top 5 pragmatic and proactive tips to help in-house legal teams achieve quick wins for information governance projects.
Blog Post
FTI Shares Information Governance Philosophy in Cybersecurity Law & Strategy
One of the most meaningful elements of information governance is how it can drive the differentiation of data types and enable stronger security protocols around a corporation’s most sensitive data.
Video
Defensible Remediation of “Dark Data”
Many companies are wasting money on storage or exposing themselves to data breaches by supporting massive amounts of "dark data." Learn how you can get your dark data under control with this FTI Technology case study of our information governance services.
Case Study
Defensible Remediation of “Dark Data”
Many companies are wasting money on storage or exposing themselves to data breaches by supporting massive amounts of "dark data." Learn how you can get your dark data under control with this FTI Technology case study of our information governance services.
Video
Advice from Counsel: Finding “Quick Wins” in Information Governance
In the latest Advice from Counsel report, we asked a wide range of questions to better understand how corporations are approaching information governance.This includes their key challenges, areas of success, and some of the basic mechanics they have adopted to develop and implement these programs. The results clearly show that with a few exceptions, most organizations are in the early stages of information governance adoption. Yes these executives have strong advice on how best to begin and implement an information governance initiative.
White Paper
The State of Information Governance in Corporations
For this Advice from Counsel study, we interviewed in-house counsel to better understand the health and success of information governance programs within corporations. The results clearly show that with a few exceptions, most organizations are in the early stages of information governance adoption. Yet these executives have strong advice on how best to begin and implement an IG initiative. From these results, organizations can better under¬stand how their peers are successfully keeping an eye on the big picture while executing quick wins that help build momentum for broader IG initiatives.
Blog Post
Multi-National E-discovery During Privacy Shield Limbo
In October, the High Court of the European Union made a ruling that nullified the existing Data Safe Harbor agreement between the EU and the U.S., which since 2000, outlined rules allowing the transfer of protected data from Europe across our borders. The safe harbor agreement provided a way for U.S. companies to migrate personal data originating in the EU, to the U.S. for e-discovery and regulatory purposes, in a way that was consistent with the EU Data Protection Directive.
Video
Advice from Counsel: The State of Information Governance in Corporations
From well-publicized data breaches to skyrocketing data growth (and costs), information governance challenges are all around us. How are corporations responding? What are the teams and roles driving information governance policy development? How are these policies communicated and enforced, not just internally but with external partners and stakeholders? Which IG strategies are producing tangible results, and which programs are coming up short?
Case Study
FTI Technology Crafts Solution to Remedy Health Care System’s Data Ills
Understand corporate data residing on various networks and Sharepoint sites to proactively reduce data footprint and reduce future risk and exposure.
White Paper
Identifying & Protecting the Corporate Crown Jewels
Every organization has a set of crown jewels—information that is critical, unique or irreplaceable. From the CEO’s emails to the board, to sensitive IP, organizations need to properly identify, categorize and secure these crown jewels. This paper is designed to provide a practical overview of how to secure your company’s crown jewels, from stakeholder involvement to developing repeatable processes and technical considerations.
White Paper
Why Data Deletion Makes Sense (and Dollars)
Conventional wisdom says the cost of storing data is declining. That’s true. But the total cost to businesses to store data is rising unsustainably because they are collecting — and retaining — more data than ever before. The key to controlling costs and freeing up operating capital is deleting data you don’t need to store. How do you know what you don’t need? Two words: information governance.
White Paper
Advice from Counsel: The Emerging E-discovery Playbook
Fortune 1000 corporate counsel share advice about how corporations manage their e-discovery programs in this annual survey.
Blog Post
Advice from Counsel | Part 3: The Emerging E-discovery Playbook
The first two posts in this series highlighted some fascinating findings from our annual Advice from Counsel study, providing recommendations for the top corporate e-discovery ‘plays’ according to legal departments at Fortune 1000 corporations. Some of the top practices touched on included preservation and collection, when to utilize service providers, tackling the uncertain waters of predictive coding and leveraging data re-use. In addition to the five overarching ‘plays’, the survey respondents also weighed in on other pressing matters that are impacting e-discovery today, and will continue to do so in the near future.