FTI Consulting’s Advice from Counsel Study Examines Data Privacy and Security
FTI Consulting, Inc. announced findings from its Technology segment’s 12th Advice from Counsel study of e-discovery, information governance (IG), privacy and security trends. The study explores how issues of data security and privacy impact in-house legal teams at Fortune 1000 corporations and reveals the top concerns and emerging best practices across three key and intersecting topics: the General Data Protection Regulation (GDPR), IG and data security and remediation.
“A clear and recurring theme is that in-house legal teams are under greater pressure to meet ever-changing and increasing data-related challenges,” said Chris Zohlen, a managing director in the Technology segment at FTI Consulting and co-author of the study. “This year’s Advice from Counsel study shares their practical advice on a range of topics, from securing executive buy-in to benchmarking against peers or auditing the security practices of service providers.”
Data privacy, security challenges and threats were top priorities for virtually every large organization around the globe. Respondents had dozens of suggestions for proactive ways to address IG and data protection, including addressing the human element and creating a culture of awareness in achieving strong security. While billions of dollars have been spent on technology to strengthen security, several participants said that they do not believe their organizations are safer than they were five years ago, because the human element has not been adequately addressed. Other organizations reported working with outside experts to focus equally on implementing technology solutions and creating a culture of awareness to address continually evolving data privacy and security challenges.
Additional key findings and takeaways in the study include:
• The investment required to ensure GDPR compliance was a top concern among the 80 percent of organizations that confirmed they will be impacted by the regulation. However, they were divided on whether they should wait to see how the regulation will be enforced before acting, vs. working to get ahead of penalties proactively.
• For those evaluating an IG strategy to better protect data, respondents agreed on the importance of seeking outside experts. They repeatedly made clear that data security is an area that is evolving quickly and teams need to work with technical experts to stay apace and handle it effectively.
• The growth of cloud storage and machine learning is making it easier for organizations to identify trends and realize monetary benefits from enterprise data. Finding the right balance between Big Data and over-preserving is a common challenge. Organizations know they are creating and saving too much data, and more than half of respondents reported successfully conducting data remediation projects. Others were hampered by limited resources, lack of engagement from cross-department teams or failure to obtain C-level buy-in to move projects forward.
“In today’s business climate, all organizations are challenged to better protect enterprise data, which is a complicated effort that requires dedicated resources across multiple departments,” said Jake Frazier, Head of the Information Governance, Privacy & Security practice and a senior managing director in the Technology segment at FTI Consulting. “Overcoming the initial barriers of securing buy-in and approval from top company leadership can be overwhelming but will make all the difference in setting projects up for success from the outset. Our clients and the respondents in the Advice from Counsel study have found that working with internal and external partners to conduct data protection assessments, identify priorities and execute a plan custom-built for the company’s risk profile are the most effective steps to address budget issues and the broader landscape of challenges.”
About the study
For the past nine years, FTI Technology has partnered with Ari Kaplan Advisors to publish the annual Advice from Counsel study, a quantitative and qualitative view into e-discovery best practices for corporate counsel. The study was conducted through phone interviews with 30 in-house lawyers at Fortune 1000 corporations with responsibilities that included some aspects of e-discovery and information governance. Of this year’s participants, 79 percent develop and implement e-discovery processes while 89 percent develop and implement information governance processes. Eighty percent of participating organizations had total annual revenues greater than $5 billion and 67 percent had over 10,000 employees. In terms of litigation events over the past 12 months, 33 percent reported managing 100 to 500 litigation events, and 33 percent reported managing more than 500 litigation events.