newswire_banner

    Risk Survey Finds Compliance is a Key Demand for Legal Tech Providers

    Dec 27, 2016

    As reported on LegalTechNews.com, an AlixPartners survey finds that many U.S. and European organizations are extending their risk management compliance to vendors.

    The survey spoke to 300 corporate counsel and legal and compliance officers across North America and Europe.

    Nearly all respondents (96%) said their use of new technologies to mitigate internal risks stayed the same over the past year; 38% noted an increase in legal department implementation in 2016.

    The survey found that many organizations are holding compliance technology and services to a higher standard, stressing the importance of adhering to data handling and data security compliance regulations, such as the General Data Protection Regulation (GDPR) and Health Insurance Portability and Accountability Act (HIPAA). In fact, roughly one-third of all respondents said they would pay more to store their information at certified data centers. In addition, 40% said they would only work with e-discovery providers who deliver the highest level of compliance.

    Michael Prounis of AlixPartners said the demand for certified e-discovery providers is higher for heavily regulated industries such as finance, but even the less-regulated “are still generally becoming savvier in their vendor selection and vetting activities regarding security and privacy assurances."

    The survey may have exposed a “disconnect” for some between the concept of information governance (IG) and the reality of it. The responses suggest that more organizations see managing risk as a data security function rather than a broader IG implementation. Around 60% of respondents, for example, called data security important for managing risk, while only 46% said the same of IG.

    It is Prounis’ hunch that even though many respondents did not highlight the importance of IG, they may be implementing such processes as part of their data security program.

    “Information governance as a discipline is still quite young and immature so this disconnect is most likely driven by many varied interpretations of the term 'information governance' by the respondents,” he said. “We all know you can't build a robust data security program without some level of information governance. So, we suspect that the other 54 percent are engaging in many information governance activities, such as updating their records retention programs, cleaning up legacy data stores, mapping information flows and inventorying data assets to address internal risks without calling these information governance programs, per se.”

    Source:
    CIO.com


    © 2017, ARMA International