Corporate Data. Effective Data Management in an International World

Transcription

1 Corporate Data Effective Data Management in an International World May 7, 2014

2 Matthew Levy Vice President, Legal & Compliance HP Autonomy Jennifer K. Mailander Associate General Counsel, Director Compliance & Litigation Markets Corporation Service Company

3 Overview What is Data? Data Management Models Law Lags Technological Advances Ethical Duties Cyber Security and Data Practical Considerations What will be discussed during this panel?

4 What is data? World content is increasingly findable+shared+tagged Up 9X in five years

5 Data Management Models Hosted Pros: Shared risk Outside domain expertise Cons: Trade some control for simplicity Solution may not be complete Self Service Cloud Pros: Do-it-yourself for control and savings Infrastructure/security outsourced Lower risk and cost Access without becoming an IT shop Pay for what you need, and no more On Premise Pros: More full-featured Greater control of process & data Cons: Heavy investment 3d party support still needed

6 Confluence Devices Connectivity Big Data Cloud Social

7 Lots of interesting data - often locked away in siloes Inhibits ability for organizations to understand what is happening and why on a timely basis Archive Legal Documents Social Media Cloud Texts Mobile Phone Cloud Video Data Center Images Remote Office Audio Call center Laptop Word, Excel Financials Data Center

8 Law Lags Technological Advances Privacy laws didn t contemplate today s technology Social media didn t exist when Congress enacted ECPA in 1986 Challenge for courts Supreme Court Chief Justice John Roberts said the Court s real challenge for the next 50 years will be identifying the fundamental principle underlying constitutional protection and applying it to new issues and new technology SCOTUS mired in 19th century communication modes Justice Elena Kagan: "Court hasn't really 'gotten to' "

9 Ethical Duties ABA Model Rules 1.1 A lawyer shall provide competent representation to a client. Competent representation requires the legal knowledge, skill, thoroughness and preparation reasonably necessary for the representation. Comment 8 A lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology. 5.3(d) A lawyer having direct supervisory authority over the non-lawyer shall make reasonable efforts to ensure that the person's conduct is compatible with the professional obligations of the lawyer.

10 Cyber Security and Data According to the FBI, law firms and law departments are among the most vulnerable targets for cyberattacks Lawyers are reported to... Have limited resources to dedicate to computer security Lack a sophisticated appreciation of technology risks Lack an instinct for cyber security The ABA Cyber Security Handbook

11 Why Lawyers are Attractive Targets A staggering variety of confidential data Privileged client communications Material non-public information (e.g., M&A) Confidential strategic business information Trade secrets Intellectual property HIPAA & Gramm-Leach-Bliley records Confidential information produced by litigation opponents Confidential information produced pursuant to NDAs

12 Data Security Concerns

13 Affirmative Obligations to Protect Data

14 Privacy & Security Risk Reduction Model

15 Data Security and Vendor Selection Vendor-selection considerations Controls and experience level Audit procedures, e.g., SOC2 Disaster recovery Insurance and indemnity Documentation, e.g., SLAs and system uptime Data ownership Data access Privacy requirements & regulatory frameworks Business disruptions & viability Evolving technology

16 Pricing Seat licenses v. flat fee Hidden costs Integration Data storage Practical Considerations Data, documents from existing systems Who owns data Customer support Training Reporting

17 Questions? Matthew Levy Vice President, Legal & Compliance HP Autonomy Jennifer K. Mailander Associate General Counsel, Director Compliance & Litigation Markets Corporation Service Company