Legal operations professionals who follow me know that I’ve spoken and written about information governance before, both here and elsewhere. For me, it always seems to come back to the question of how organizations around the globe are not doing a better job of managing their data, particularly large organizations.
I’m not just referring, as I have in the past, to the idea that once an organization anticipates or receives notice of legal action involving them the responsibility arises to identify and preserve potentially relevant information. That should at this point be a no-brainer. No, I mean in today’s world how is it even possible that a company does not know what information it possesses, the value of that information, and how that information is being accessed and used.
I run a small consulting concern and even I have managed to keep track of my company information. I use various metrics to gain insight into my data footprint and understand what I have created, how it is stored and secured, and how I may need to access and eventually dispose of it. I know what information I’m collecting, and I make use of tools to understand my business information, from relationship management to sales and business intelligence. I updated my privacy policy and created an opt-in feature for subscribers when the deadline for doing so arrived. Granted, all of this is somewhat easy and imminently affordable when you’re a small company. But my point is that if I can do it, any organization can do it. And they should.
While we were all walking the frigid streets of New York at Legalweek last week looking at the latest and greatest legal technology offerings, France was imposing a $57 million dollar fine on Google for violations of the General Data Protection Regulation (GDPR). The GDPR, you may recall, came in like a Nor’easter and blew its way across the world while everyone scurried to figure out how it impacts them. Google, I’m sure, took precautions. But it appears they missed a few data points.
Google, as you know, collects data from us all and then tries to find creative and commercially viable ways to use that information through advertising, targeted ads, and to present us with choices even we have probably not considered. But in their haste, it appears that they failed to properly disclose to users how personal information was being collected and how it is being used. They also did not properly secure users’ consent for showing them targeted ads.
Now this may seem trivial here in the U.S. because most Americans seem to have sacrificed any notion of privacy and data protection in exchange for convenience and popularity on social media. But any company doing any business anywhere is potentially subject to the 4 percent of revenue fines the GDPR prescribes for data privacy and processing violations.
When the GDPR took effect on May 25, 2017, everyone I talked to at the time was wondering whether EU data protection regulators would or could impose the kinds of frightening fines the GDPR had codified. While $57 million is but small dent in Google’s $100 billion in annual revenue, it’s still a large chunk of change. It should be enough to persuade organizations to get their data in order.
If not, consider this: French regulators commenced investigations on Google, Facebook, Instagram, and WhatsApp on the same day the GDPR took effect. Once they are done with these obvious targets, who’s next?
Mike Quartararo is the managing director of eDPM Advisory Services, a consulting firm providing e-discovery, project management and legal technology advisory and training services to the legal industry. He is also the author of the 2016 book Project Management in Electronic Discovery. Mike has many years of experience delivering e-discovery, project management, and legal technology solutions to law firms and Fortune 500 corporations across the globe and is widely considered an expert on project management, e-discovery and legal matter management. You can reach him via email at mquartararo@edpmadvisory.com. Follow him on twitter @edpmadvisory.
57 Million Reasons To Get Your Organization’s Data In Order curated from Above the Law
No comments:
Post a Comment