Survey Shows In-House Teams’ Data Protection Concerns

A recent study of best practices for in-house legal teams examined the latest data privacy and security concerns among counsel at large United States corporations. Thirty practitioners from in-house legal teams shared insights on three critical and intersecting topics: the General Data Protection Regulation (GDPR), information governance (IG), and security and data remediation.

Enforcement for GDPR, Europe’s strict data protection law, went into effect in May. Nevertheless, about half of the organizations in the study were taking a wait-and-see approach to determine how strict the regulators would be. In many cases, the team responsible for preventing data breaches also owns GDPR compliance, forcing it to juggle resources across two projects. Respondents suggested hiring an in-house IG expert and focusing on the “crown jewels” to protect the most sensitive information. Taking control of enterprise information through a data remediation program can reduce risk and costs. More than half of the study respondents had successfully executed such projects. Companies that had not were stuck with limited resources, lack of engagement from IT or failure to obtain C-level buy-in.

Billions have been spent on cybersecurity, privacy programs and IG frameworks, but many in-house teams feel that their organizations are no safer than they were five years ago. Technology can only go so far. Organizations should have executive and board leadership on initiatives that create a culture of awareness and privacy. That ensures the entire organization is working toward the same goals.