Gimmal Blog

Read the latest thought leadership and industry news from the experts at Gimmal!

All Posts

How Can Your Legal Department Avoid Compliance Risk?

According to a survey, legal departments are becoming more like business units including hiring operations managers, increasing budgetary control and implementing information governance programs to decrease compliance risk.

The survey produced some interesting results across 120 U.S. companies of varying sizes.

  • Of companies with $10 billion or more in revenue, 89% had a specific legal operations manager, while 50% of those with $2 billion or less have someone dedicated to this role
  • 51% of companies stated that "increasing or changing regulatory requirements" is their top challenge
  • 72% of those surveyed have either already implemented an information governance program or have plans to implement within the next 3 years
  • 55% of organizations are currently using electronic records management
  • 66% have implemented defensible disposition policies and procedures

Brett Baccus, managing director at Consilio (who helped conduct the survey), gave an impactful quote to Corporate Counsel around this change in legal departments.

“It helps ensure the risk is aligned between the law department and the law firm, and that costs are understood, so the right level of resources are brought to the matter.”

From a compliance risk standpoint, as Mr. Baccus points out above, this alignment is critical. We have discussed in the past how the alignment between business units contributes to a successful information governance strategy. Legal departments are increasingly becoming responsible for ensuring that an organization's data is compliant with regulatory and legal rules. Therefore, it makes sense that legal departments are implementing an operations manager that can handle this data from creation to disposition. 

An area of concern around compliance risk that was uncovered in the survey is the management of third-party data. Only 21% of respondents stated they currently have a program in place to assess these risks. Law firms in particular often have a large amount of confidential data related to the organization. As we know, complete information governance must include all sources of data as a corporation can be held liable if there were to be a breach or accidental leak of this sensitive information.

Cybersecurity and data governance is crucial for legal departments of all sizes, especially related to eDiscovery and potential compliance risk. This further integration of an organization's legal department is a step in the right direction to ensure a holistic information governance program.

By Andrew Borgschulte

Related Posts

Why Should Records Management be Important to You

Why should an organization care about records management? When users throughout all departments are creating new records without a thought to how they are cataloged or tagged, the sprawl of records can become a real threat. Unstructured data can lead to compliance issues for highly regulated industries. When proper records management isn’t a top priority, content that should have been disposed of for security purposes is left vulnerable for anyone to find and distribute.  

Creating Compliance in Chaos: A Consultant's Story

Records and Information Management (RIM) is constantly changing and evolving as record managers begin to realize the benefits of automation in their daily operations. In my 6 years of consulting, I have seen everything from heavily manual business processes to automated document management solutions.  Even as time goes by, information professionals continue to face the long-standing hardship of trying to get end users to comply with either internal or external regulations when it comes to records management.  Lately, there has been an apparent shift from rigid business centric solutions to end user centric solutions. 

Gimmal at ARMA International InfoCon 2019

Once a year, members in the records management community come together for ARMA’s annual conference to discuss the latest advancements and best practices for modern information managers.  ARMA, the global authority of information management and governance, hosted this year’s conference, ARMA InfoCon, in Nashville, TN. While attendees were not in the typical “record” industry that Nashville is known for, the location called for a great mix of music and information management knowledge.