In case the complexities of corporate data weren’t creating enough turbulence to keep corporate and legal teams up at night, along comes a prolonged pandemic to really shake things up. Because now, a complex data landscape has also become a complex employee landscape.
What has been dubbed the “great resignation” (approximately 38 million workers voluntarily quit their jobs in 2021) has left many companies shaken as they struggle to adapt their organizations to a reconfigured and remote workforce. With little time to plan for the risks and contingencies such a seismic shift would normally entail, companies are now playing catch-up, seeking ways to ensure proper data management, better responses to fast-moving litigation and internal investigations, and enhanced security as they grapple with offsite employees, transformative applications, and the impact of an exodus that may have caused company data to escape its bounds.
These unique circumstances present a number of challenges for companies and their legal teams alike. In a webinar with Today’s General Counsel, I was pleased to join Scott McVeigh, industry principal from Onna, to discuss the ways in which many companies have been affected. We looked at the recent workplace disruption and considered the impact: What data risks have emerged or intensified? What efficiencies or advantages? What areas of the company data environment deserve renewed focus? What steps can internal teams take to help ensure that data concerns are addressed and legal imperatives met?
A Shift to Remote Work Accelerates Transition to the Cloud
Prior to the pandemic, an estimated 20% of the U.S workforce was working remotely. By December, 2020, that number had increased to 71%. Even with offices now deemed safer as the pandemic wanes, it is anticipated that more than 51% of the U.S. workforce will continue to be remote or hybrid.
The impact of this shift has already been profound, reshaping the use, format, and storage of data. As many as 81% of organizations say the pandemic accelerated their cloud timelines as they raced to engage with new tools and applications that flooded the market to accommodate the remote workforce. Online collaboration has now become the new normal, with document sharing apps, chat functionalities, and web conferencing becoming the dominant forces that underpin daily work.
Enhanced Collaboration — A Mixed Blessing
While this shift may have resulted in some efficiencies as more informal practices took hold, the explosion of collaborative data technologies has also created significant challenges, especially for data and records management, security, and legal teams. As a result, some important enterprise areas are ripe for renewed attention and innovation:
- Information governance models: The disrupted workforce has made information governance efforts more complicated—and more necessary. Remote collaboration and sharing applications mean more data in more places, making it harder for internal teams to create and maintain a cohesive vision of the data landscape to contain and control growing data volumes.
Rapid data growth from both authorized and unauthorized tools and new forms of communication (think gifs, memes, and emojis) makes it easier for data to proliferate, morph, even disappear, which may call for modified or additional policies and procedures. From a data security standpoint, privacy breaches coupled with other security stressors are magnified as siloed data, a perennial problem, pressure-tests existing processes and policies.
- eDiscovery and preservation imperatives: In the implementation of cloud applications, preserving and collecting data in a defensible manner has not been a top priority. More tools enabling informal, dispersed, and fluid content challenge the paradigm of traditional collection and review. Where is a particular kind of data living and who controls it? Who is the custodian or author of content in shared collaborative spaces? With so many new data types, what is now the definition of a “document” or a conversation?
- Employee transitioning: As employees moved offsite or departed during the pandemic, company data may have gone with them — if not through malicious exfiltration, then just because HR and IT, with reduced teams as well, could not keep up with the onboarding and offboarding process. One top concern for organizations is that the lost data or IP could have gone to a competitor.
- Training requirements: With workers at a distance, training on company privacy, security, and preservation policies — which should be intensifying — may be taking a back seat to other business priorities impacted by the pandemic. Too, cultivating a data-sensitive culture is now more difficult with employees often untethered from the norms of company data access and storage and little to no face-to-face interaction with other employees and their own managers.
Law Firms and Legal Departments Not Exempt from Disruption
To complicate matters, as companies were transformed by the pandemic, so too were the law firms and legal departments that support them. Already in a state of flux, the legal market was highly impacted by both employee departures and the migration to remote work, relatively foreign to an entrenched in-office culture. Lack of attention to document management, often a law firm weakness, has just added fuel to the fire.
The resignation-induced talent drain has likely affected workflows, adding to inefficiencies and duplicative work as corporate and legal knowledge, both in-house and outside, dissipated with the overall disruption of formerly routine processes and responsibilities. It has certainly impacted eDiscovery processes; legal professionals are still working to master the art of conducting discovery remotely from cloud-based data sources.
Bucking the Trends: Take These Steps to Reduce Risk
The disrupted workplace calls for renewed diligence, nimbleness, and a certain amount of creativity on the part of internal teams responsible for data and its management. Most of all, it requires rigorous attention to potential risks exacerbated by a still-evolving landscape.
Here are some important steps companies can take to reduce risk:
- Scrutinize what may now be a very different data landscape. As in pre-pandemic times, knowing where data resides and in what format is a big part of the battle. With new tools and cloud storage locations making everything even more complex, thinking through applications and the data they generate before they roll out can save time, effort, and grief down the line. Analyze: Who uses what applications? Where does the data go and how is it stored? Who has control over it? From an eDiscovery standpoint, with so much data in play, it pays to scale efforts to potential returns; focusing on the most-used data sources is more fruitful than “boiling the ocean.”
- Cultivate stakeholder partnerships. As the workforce transforms, partnerships among internal stakeholders, especially IT, compliance, data privacy, records management, and information security teams — in close coordination with business units — are more important than ever in controlling how and by whom data is created and used. Corporate silos only enhance risk, especially when workers are remote and unsanctioned applications may be proliferating. Remember, though, that data initiatives are most effective when they come from the top, especially if funding is required. Engage the C-suite as much as possible.
- Improve information governance capabilities. As data pools from multiple collaborative sources and cloud applications proliferate, making prior linear processes cumbersome and expensive, a shift in focus to the left side of the Electronic Discovery Reference Model (EDRM) makes even more sense now. With the right cloud-based tools and services, as well as good information governance models, teams can perform better upstream and reduce downstream costs.
- Foster a culture of data awareness and protection. Training, training, training — for both current and incoming employees — is critical. Sound policies mean nothing if employees are unaware of or don’t abide by them or don’t understand the nature of the risk they are meant to address. Educate employees on data “ownership” best practices. Encourage sound data hygiene and enhance onboarding and offboarding procedures to take data risks into account, especially those related to preservation imperatives. Remember that inbound data from new employees that works its way into the company can be just as problematic as data exfiltration.
- Review and, if necessary, update records management policies. Records management policies should be considered programmatically to align with the nature of the business. Reducing company exposure by updating policy gaps that may be caused by evolving privacy regulations (e.g., GDPR, CCPA/CPRA, etc.) should be a top priority for any company’s records and data management teams. Remember that training goes hand in hand with any policy changes.
- Engage experts where you need them. Data complexities of today, especially related to privacy and security, may require the expertise beyond that routinely found in-house. Be sure to work with providers and experts well-versed in today’s challenges.
- Leverage technology where possible, with expertise in mind. Various data automation tools can provide the power to import, manage, and modify records in ways never before possible. AI and categorization tools can be used to assess data in place, potentially mitigating the need for linear collection, processing, and review of data in discovery. Automated tools can enable a more managed examination of departing employee data. But technology not carefully deployed or without the right experts behind the scenes can diminish the potential benefits. Know what questions to ask. Be an informed and thoughtful user: implement wisely.
If you are interested in this topic, feel free to reach out to me at firstname.lastname@example.org.