By Timothy J. LaTulippe, MSc. Director Europe at iDS on 7/2/20 1:13 PM

The DNA of a company will ultimately dictate how risk is perceived and addressed.  I have long been a proponent of getting your house in order, while understanding your organisation’s data flows.  Things like strong data maps, disposition schedules and legal hold plans will always put the organization in the best position for the long-term.

If you have been through a similar exercise you will understand that reduced data bloat puts an organization in a better position to respond to regulatory inquiries or other legal proceedings.  During these early and eventually established pandemic months and years ahead, short-term expenditures for many will reduce.  This is not speculation, nor is it entirely shocking, but long-term goals may remain intact for certain businesses. 

It is also becoming apparent that disputes and litigation will rise in the wake of a global shock –2009 through 2012 were dizzying in this regard as many readers will recall.  A few months into a global response to COVID-19 and we are already seeing business interruption focused claims starting to mount.  While they will vary, the types of matters likely to arise in the months and years ahead could be:

1. Breach of contract and lack of payment
2. Shareholder litigation
3. Labor and employment (certainly in America and the U.K.)
4. Insolvency
5. Claims disputes, some mounting as group actions in relation to business interruption (BI)
6. Regulatory inquiries from enforcement authorities across Europe and worldwide as now-relaxed rules are re-evaluated and closely watched.

As always, a tiered and intelligent approach when deciding to move forward will always benefit a company when mitigating future exposure.  If an organization is holding on to unnecessary data for extended periods of time, it can become potentially relevant during any of the matters mentioned.  Consider a very basic, skeletal approach to this chat to experts in data management and litigation technology:

1. Inventory: Inventory the corporate, environmental, and personal data systems that do or might exist. This is a thought exercise (table-top / role playing), possibly combined with a “walk through”.
2. Assessment: Given the inventory, what could be done if you had the data from those systems?
3. Proof of Concept: If, after the inventory and the assessment is completed, it seems that there may be value in some of these data elements, determining what a small sample would look like, or even a mock up, to ensure that there is value and that there is appropriate consideration for the data privacy aspects with a view to jurisdictional requirements.

These initial steps should not be burdensome in time or cost and can illustrate if there is value in going further.  Also consider the expense endured during disclosure exercises in terms of data identification and mapping, as well as the need to collect and process potentially greater amounts of information, as the totality of a company’s data may be considered relevant for interrogation.  If you have suffered the ‘everything is potentially relevant’ side of these disclosure exercises, this will resonate well, albeit with some dissonance in your ear!

At iDS our teams are comprised of veterans in cyber security, information governance, eDiscovery consulting, data forensics and investigations readiness.  We partner with corporations and law firms alike to deliver clever, efficient and economical solutions to big legal challenges. 

Our advice is to reach out to a trusted data advisor and have honest conversations with them about your needs and concerns.  Above all, stay safe.