Privacy & Data Security Law News

INSIGHT: In-House Legal Teams Not Ready for Privacy Regs, Survey Reveals

Jan. 8, 2020, 9:00 AM

In-house legal teams are not prepared for the launch of privacy and cybersecurity regulations.

So says the surprising findings of Exterro’s annual In-House Legal Benchmarking Report, along with a few new and interesting revelations regarding in-house legal teams, their processes, and their outlook on coming privacy regulations.

The report explores how e-discovery team growth has expanded—and continues to expand—across organizational business units, and where teams are focusing their growth and spend efforts.

Traditionally, the survey has taken a purely e-discovery-based focus to its line of questioning, but this year’s version added a few privacy questions.

“One thing that stood out to me is this kind of lopsided outcome in the survey: About 90% of respondents say that reducing costs and ensuring defensibility are their number-one focus, but only about 30% have concerns about privacy,” Michael Quartararo, president of the Association of Certified E-Discovery Specialists, observed about the findings during a recent Exterro webinar discussing the findings.

Chris Colvin, founder of legal networking and educational site In The House, said during the webinar that this gap is due at least in part to the reticence of legal professionals to fully utilize technology.

“My main takeaway is that we still have a very important issue in in-house legal departments with staying current with technology issues,” Colvin said. “I’ve seen this as a recurring theme in this area, in cybersecurity, and in e-discovery. We have a long way to go before we’re really ready for new privacy regulations—and more broadly, cybersecurity issues in general.”

Legal, Regulatory Changes

Many small businesses across the U.S. with a mostly regional impact in their local economies probably won’t notice much changing when the California Consumer Privacy Act (CCPA) launches on Jan. 1, 2020. But most of the mid- to large-size companies that do business in California will be required to follow a number of rules allowing consumers to see what data a company holds on them, request that the information is deleted, and opt out of the sale of their data, if they wish.

Consumer requests referred to as data subject access requests (DSARs) are the heart of the CCPA’s most potentially-damaging requirement.

The CCPA, other new privacy regulations, and DSARs in particular represent an opportunity for in-house teams to develop efficient new processes that lean on technology to do the job, Colvin says.

Along with that, he sees the potential for growing the role of the individual in charge of privacy compliance and legal technology—a “chief technologist,” so to speak—creating a new role in the legal and compliance industry.

More importantly, “privacy” now encompasses more than just the legal and technology departments: Corporate-level strategic issues are at play when considering how an organization is handling important business data, employee data, customer data, and its own trade secrets.

“If you look at data as an extremely valuable asset for companies, it’s important to know how you’re monetizing that data,” Colvin says. “Legal plays a role in that, whether they realize it or not.”

That being said, the In-House Benchmarking Report is a survey of lawyers; helping to manage important business and customer data may not be something that in-house counsel realizes they play a critical role in, and therefore they may feel that the responsibility falls on executive leadership—not them.

Data Management Plays Key Role

Considering how the changing regulatory environment is affecting businesses decisions—and will continue to do so in the near future—corporate counsel must reconsider their role in identifying business risks and cost-effective ways to comply with new regulations.

Data management plays a key role in that—and it may be a member of the corporate legal team who is assigned to help to manage that data. While not all companies keep an up-to-date data map (58%), other results in the report indicate that teams are moving toward better internal data management: most in-house teams (60%) now have dedicated IT services to help support them—up five-fold from 2018’s survey results.

“If you’re going to bring the data in-house, you’ve got to have the people there to manage it,” Quartararo says. “That’s true for any aspect of the e-discovery cycle, and it’s true for privacy as well.”

Over the next year, in-house counsel will learn a lot about their internal teams and organizational processes. And in taking stock of where they stand, it’s important for legal teams to embrace software platforms to help make their lives a little easier and more efficient.

“So much of this is common sense,” Quartararo says. “I think if you’re going to reduce costs and increase efficiency, it’s a no-brainer to embrace technology.”

This column does not necessarily reflect the opinion of The Bureau of National Affairs, Inc. or its owners.

Author Information

Mike Hamilton is the director of e-discovery programs at Exterro and has been involved in e-discovery for over eight years. With a legal and business background, he is experienced and passionate about creating thoughtful, out-of-the-box educational resources that help keep legal teams interested and on top of emerging need to know e-discovery issues.

To read more articles log in. To learn more about a subscription click here.