8 minute read
Increased Business Risk is Changing the Way General Counsel Think— and Their Level of Influence
Increased Business Risk is Changing How General Counsel Think – And Their Level of Influence
MIKE HAMILTON EXTERRO
Advertisement
As business rules and regulations change, obstacles often present themselves. The pandemic has unveiled new business challenges. Only this time, general counsel are feeling a sense of duty not previously felt.
Business challenges, while sometimes predictable, are often random. New laws and regulations are one such example of a fairly predictable business challenge – implementation is often slow, and there’s time to adapt – whereas the COVID-19 pandemic is the epitome of a random business challenge.
Regardless of how these obstacles arise, they have one thing in common: Now, more than ever, general counsel feel compelled to advise on major business decisions rather than those simply tied to legal and regulatory risks.
Aggregate research shows that many heads of legal departments feel that business risks rank as their top priority (63%) over financial (21%) or other legal risks (15%). This follows the concerns found in Exterro’s 2020 In-House Legal Benchmarking Report that business pressures are a greater worry (57%) than the impact of new data privacy laws (27%) or litigation stemming from COVID-19 (7%).
As the priorities of other departments – privacy, compliance, security, and IT – continue to converge with the law department, the influence of the general counsel in quarterbacking these risks is likely to continue to grow.
Major business challenges primarily boil down to how an organization manages its data – which may or may not be under the law department's purview, depending on the company. However, because of the regulatory risks and fines that follow noncompliance, the law department now must have a greater say in how the business handles their data in a way that mitigates their major risks. Therefore, in addition to overseeing the legal operations of the organization, the general counsel or chief legal officer must also play a central role in ensuring the company’s compliance, privacy, and data governance capabilities meet all regulatory obligations.
Below, I’ve outlined in greater detail where the law department must play a central role.
Evolving Regulations Are Creating New Risks
The general counsel must understand enterprise risks facing the company, implement appropriate processes to mitigate risk, and quickly and efficiently address any breakdowns should they occur. For enterprises that do business in California and abroad, the major data-related risks they face largely fall into three major areas:
New data privacy laws that grant consumers new rights over their personal data Data breaches and the resulting fines and reputational risks involved Ensuring preservation of relevant data for criminal or civil litigation
These risks are largely due to the EU’s General Data Protection Regulation (GDPR) and the U.S.’s California Consumer Privacy Act (CCPA) – as well as any number of potential privacy bills that may advance through state legislatures in the future - but preservation of important data to prevent data spoliation sanctions during litigation also require attention.
But because the law department is often not equipped to handle the processes and fulfill all the requirements necessary to fully comply with these laws, a new, unsiloed approach to these business challenges in needed – a Legal Governance, Risk and Compliance (GRC) strategy that unifies the people, processes, and technologies needed to ensure
compliance, reduce risk, and optimize operations to meet the tight timelines required of these regulations. When quarterbacked by the law department, this type of strategy can be critical in ensuring business risks are minimized – but the organization must take its data management processes seriously.
The Key Is Understanding Organizational Data
Because these challenges and risks are all centered around data and how it’s managed, it’s imperative that the law department has a full understanding of the corporate data governance strategy by which all sensitive and other business critical information is (or should be) handled. This means, at a very basic level, being able to find answers to the following five questions – each of which is essential to hygienic information governance and regulatory compliance:
Where does your data live? Who owns it? Which regulations govern it? Which third parties have access to it – and how do they use it? How much data do you really have?
These are the basic, foundational questions that all businesses must know to understand how at risk they are of noncompliance with major rules and regulations. Understanding your data is not a simple process, but it is one of many challenges that unifies legal, privacy, compliance, security, and IT. Without a comprehensive data inventory, it’s difficult to know whether the corporate data governance strategy is operating correctly, or if the organization is equipped to handle the major obstacles presented by privacy laws.
If the data inventory is not up to date, it’s also impossible to know whether an organization can comply with a consumer request for deletion of personal information, for example, or whether stored data has outlived its business use and
65 percent of the world's population will have its personal data covered under modern privacy regulations.
should be deleted because it’s a data breach risk. The data inventory is the library of your enterprise information, and keeping that library in order can only help.
Understanding the regulations that govern that data helps the law department understand how it’s being used – and why it’s being kept in the first place. Details about third parties, and the breach risks they represent, are critical to compliance because third party breaches are relatively common, and according to research are more likely to occur than a direct breach. And knowing how much data is being stored in the organization means Legal is able to understand the gravity of what’s being managed – and hopefully find ways to defensibly delete data through enforcing retention standards.
Most business risks, along with compliance and regulatory issues, likely fall under the legal GRC umbrella. The more interconnected and developed your organization’s risk management becomes, the better suited the general counsel will be to help future-proof the enterprise. developments in e-discovery and privacy. Reach him at
Learn how to manage data more effectively with a
Mike Hamilton is the senior managing director of marketing with Exterro. Hamilton uses his experience in legal to develop surveys, whitepapers, events and other key information to support clients with an interest in Legal GRC strategy.
michael.hamilton@exterro.com.
COMPLEX COMMERCIAL CASES? RAISE THE BAR. NAM welcomes our newest panel members COMPLEX COMMERCIAL CASES? RAISE THE BAR.
NAM welcomes our newest panel members
HON. ROBERT C. BONNER (RET.)
United States District Court Judge, Central District of California
HON. EDWARD N. CAHN (RET.)
Chief United States District Judge, Eastern District of Pennsylvania
HON. ROBERT C. BONNER (RET.)
United States District Court Judge, Central District of California
HON. EDWARD N. CAHN (RET.)
Chief United States District Judge, Eastern District of Pennsylvania
HON. DENNIS M. CAVANAUGH (RET.)
United States District Judge, District Court of New Jersey, Special Discovery Master
HON. DENNIS M. CAVANAUGH (RET.) United States District Judge, District Court of New Jersey, Special Discovery Master
HON. MELANIE L. CYGANOWSKI (RET.) HON. STANWOOD R. DUVAL, JR. (RET.)
United States Bankruptcy Chief Judge, United States District Court Judge, U.S. Bankruptcy Court, Eastern District of Louisiana
Eastern District of New York
HON. MELANIE L. CYGANOWSKI (RET.) HON. STANWOOD R. DUVAL, JR. (RET.)
United States Bankruptcy Chief Judge, United States District Court Judge, U.S. Bankruptcy Court, Eastern District of Louisiana
Eastern District of New York
HON. ARTHUR J. GAJARSA (RET.) HON. STEPHEN G. LARSON (RET.)
United States Circuit Judge, United States District Judge,
U.S. Court of Appeals for theHON. ARTHUR J. GAJARSA (RET.) U.S. District Court, HON. STEPHEN G. LARSON (RET.) Federal Circuit United States Circuit Judge, Central District of CaliforniaUnited States District Judge, U.S. Court of Appeals for the U.S. District Court, Federal Circuit Central District of California
HON. STEPHEN N. LIMBAUGH, SR. (RET.)
United States District Judge,
Eastern and Western Districts of Missouri, HON. STEPHEN N. LIMBAUGH, SR. (RET.)
Federal Judge by designation, Arkansas, United States District Judge,
Illinois, Iowa and Texas Eastern and Western Districts of Missouri, Federal Judge by designation, Arkansas, Illinois, Iowa and Texas
HON. RAYMOND T. LYONS (RET.) HON. RICHARD B. MCQUADE, JR. (RET.)
United States Bankruptcy Judge, United States District Court Judge, District of New Jersey HON. RAYMOND T. LYONS (RET.) Northern District of Ohio HON. RICHARD B. MCQUADE, JR. (RET.)
United States Bankruptcy Judge, United States District Court Judge, District of New Jersey Northern District of Ohio
HON. ROBERT O’CONOR, JR. (RET.)HON. ALAN H. NEVAS (RET.) HON. ROBERT O’CONOR, JR. (RET.)HON. ALAN H. NEVAS (RET.)
Senior United States District Court Judge,Senior United States District Court Judge, United States District Judge, United States District Judge,
U.S. District Court, ConnecticutU.S. District Court, Connecticut Southern District of TexasSouthern District of Texas
HON. ANDREW J. PECK (RET.) HON. ANDREW J. PECK (RET.)
United States Magistrate Judge, United States Magistrate Judge, Southern District of New York, Southern District of New York, Special Discovery Master Special Discovery Master
HON. SHIRA A. SCHEINDLIN (RET.) HON. SHIRA A. SCHEINDLIN (RET.)
United States District Court Judge, United States District Court Judge, Southern District of New York, Southern District of New York, Court Appointed Special Master Court Appointed Special Master
HON. OLIVER W. WANGER (RET.)HON. OLIVER W. WANGER (RET.)
United States District Court Judge, United States District Court Judge, Eastern District of CaliforniaEastern District of California
Backed by one of the nation’s leading providers of alternative dispute resolution, Backed by one of the nation’s leading providers of alternative dispute resolution, NAM’s roster is comprised of top-tier former judges and legal practitioners – all of whom are available to assist in the resolution of your most complex, high-stakes matters. NAM’s roster is comprised of top-tier former judges and legal practitioners – all of whom are available to assist in the resolution of your most complex, high-stakes matters. Visit www.namadr.com Visit www.namadr.com
