It’s no wonder that data security has been cited as one of the highest priorities for general counsel in an environment where technologies facilitate much of our personal and business lives. As we become more reliant on technology, legal departments face the increasing pressure of managing, securing, and protecting the flow of data between systems and people.
Against that backdrop, Tripp Hemphill, Vice President of Enterprise Markets at DISCO EMEA, hosted a panel discussion with Lara Clark, General Counsel & Chief Regulation Officer, GB Group PLC, and David Morgan, Group Head of Legal - Commercial and Group DPO at OSB Group PLC, at The Lawyer Managing Risk & Litigation conference. They discussed five principles general counsel use to stay on the right side of compliance, empower businesses to appreciate risks, and embrace the right legal technology.
1. Work with other departments and functions to educate and train
Good data hygiene and governance is fundamental to maintain data security, but so too is good employee training and education. The biggest source of data breaches are humans, so as well as knowing your own principles of good hygiene, make sure you are educating the business — reminding them of basic things like checking email attachments before opening, using secured wifi, and not storing customer data in public folders.
2. Set a high bar for compliance
Data does not recognise borders, and privacy laws are different in every country. One organisation could be collecting data from one jurisdiction and processing or using it in another. The only practical way of ensuring your business remains compliant across those borders is to set the bar for compliance at the highest possible level or risk getting lost in a spider’s web of regulations and laws.
3. Understand the key compliance principles and empower your business
Data laws will not always tell you exactly what must be done in any given situation. That can make compliance feel more complex than it might be. Understand the key principles of compliance before you give advice and apply a practical, common-sense approach to their application. Through the lens of common sense, compliance should not feel insurmountable. In the same vein, don’t be afraid to talk to other departments about the benefits of good data hygiene and security, and how data governance at every level helps the business mitigate risk and improve security.
4. Work closely with Information Technology (IT)
There are many well-documented reasons for forging close working relationships with IT in the same way legal departments work closely with legal operations and data governance — they help us become a better, more strategic partner to the business. Working closely with IT can create a useful feedback loop whereby you gain a better working knowledge of data flows and technologies. Thus, you can improve your understanding of the pains and benefits of technology in your organisation. To this end, hiring a technical product manager — someone who can sit between IT and legal — and translate technical risks into tailored, tangible advice — can be an immense asset.
5. Look for scalable technology solutions
Moving away from on-prem tech solutions to cloud-based technologies has seen some UK organisations greatly improve their speed to impact, agility, and scalability in the face. Moreover, cloud-based solutions benefit from those providers' own IT protections whilst allowing organisations to layer their own on top.
Keep the conversation going
Data security will remain a top priority for organisations and their legal departments well into the future. For organisations that want to scale with agility and reap the rewards of an increasingly global market, good data hygiene and governance begins with an understanding of the common sense principles of regulation and governance, a programme of easy-to-understand inter-departmental training, and investment in scalable, cloud-based technologies that come with security as standard.
Spare five minutes to talk to one of DISCO’s experts about how our cloud software is designed to manage, process, and store customer ediscovery data in accordance with relevant data protection regulations as well as security best practices.