Cyber intrusions or hacks are generally seen as the domain of the IT department, however it is critical that the general counsel be involved in the creation and execution of the data governance risk and compliance strategy. In fact in a recent survey of 450 companies, 31% of respondents stated they rely on IT, while 21% said they rely on general counsel to be primarily responsible for compliance after a data breach.
The information above was gleaned from “The Fifth Annual Survey on the Current State of and Trends in Information Security and Cyber Liability Risk Management”. This expansive survey covers a variety of topics of concern for risk managers and general counsel. Some other highlights of import were noted by Peter Vogel on his blog post about the survey:
- Trends and attitudes continue to take shape and marketplace reactions to emerging issues continue to present themselves.
- Increased cyber risk focus from boards and senior executives is translating into strategic cyber prevention and response initiatives in more organizations.
- Exposures such as a data breach of customer records and reputational damage resulting from a data breach are high on the list of concerns.
The general tone from this survey is clear: organizations are rightly concerned about the consequences from a data breach. One area that isn't mentioned explicitly, however, is information governance (#InfoGov). Unfortunately, data breaches can be difficult to predict and often prevent. Having a complete information governance strategy can help to limit any damage from a potential breach by ensuring your records are either disposed of according to their retention schedules or properly archived and more secure than non-sensitive documents.
As we pointed out in a previous post, many organizations believe they have tighter control around their information governance than they actually do. It is imperative that the IT department, general counsel and records manager have detailed strategies laid out that clearly define each teams' responsibilities and where (and to whom) an issue is escalated. This problem can present itself in a very costly manner if your organization is subject to #eDiscovery due to a lawsuit.
Data governance risk and compliance is not a topic that will be going away any time soon. As organizations continue to produce data at exponentially higher rates, those who are reactive and without a forward-thinking strategy will not only open themselves up to risk, but suffer losses in productivity and increases in technology and storage costs.
By Kevin Bley