A recent Advice from Counsel study sponsored by FTI Technology, entitled “The State of Information Governance in Corporations,” found data security to be the top driver for information governance initiatives. The purpose of the study was to better understand the health and success of information governance programs within corporations. The respondents included approximately 25 in-house lawyers who were interviewed from Fortune 1000 corporations and have responsibilities that focus on e-discovery and information governance.
The respondents broke data security down into four key areas:
- Securing sensitive personally identifiable information for clients, patients, and employees. Across all industries, respondents acknowledged a sense of responsibility for protecting the sensitive information of their customers and employees.
- Securing sensitive company intellectual property.
- Creating a tiered security network to protect against data breaches.
- Developing protocols and systems to ensure secure access to the network for partners and other approved third-party providers.
Categorizing data security into these four buckets can help companies prioritize internal projects and continue to make forward progress. The key is to break down large projects into smaller and more manageable ones that are easier to accomplish.
Some projects companies could consider this year include:
- Identifying where sensitive company intellectual property is stored
- Conducting an inventory of data repositories and documenting access permission levels
- Protecting customers’ sensitive data, including credit card information, social security numbers, etc.
- Ensuring third-party providers sign a nondisclosure agreement (NDA) if it’s known they will have access to sensitive company data, in particular customer data
It’s true that some of these projects may require the purchase of new technology, engagement of other counsel, and comprehensive training. However, it’s certainly well worth the effort.