Every day there are more than 300 billion e-mails sent across the globe—with 90 percent of the world’s data created in the last two years alone. According to IDC, the total global volume of data was 59 zettabytes (who knew there was a zettabyte?) in 2020.
Knowing the sheer volume of data that’s being created, most organizations in the United States, according to the Association of Corporate Counsel, say they are in the early or intermediate stages of establishing a true information governance program.
In a world in which there are more than 300 million users of Microsoft 365, more than 145 million daily active users of Microsoft Teams, 38 billion minutes of Microsoft 365 collaboration happening on a daily basis, and five billion documents classified by Microsoft Compliance every month, it’s unfortunate to read that 88 percent of organizations no longer have confidence in their ability to detect and prevent loss of sensitive data—and nearly 80 percent of corporate data is not classified, protected, or governed.
Big Data Means Big Expenses for Modern Corporations
If these numbers are not compelling enough to inspire you to make a change, then let’s put dollars and cents around these stats. If the average case contains 10-15 custodians and 130 gigabytes of data (which is approximately 6.5 million pieces of printed paper) and it costs between $1 to $10,000 per gigabyte of data—equivalent to 100 truckloads of documents—then we start to really appreciate the dollars and cents that could be squandered by not having a better information governance program.
By understanding the lifecycle of data—what data is created and retained, how, and by whom and where it’s stored—organizations can more appropriately manage how it should be governed and, therefore, when it should be destroyed to save expenses and minimize risk exposure.
Additionally, under proper data governance practices, when an organization knows (or should know) that litigation may ensue, finding the right data and the right custodians becomes much easier—which means it’s equally more cost effective. With the right data retention and destruction policy in place—and, of course, the necessary compliance around it—organizations can collect less data and preserve less data, which in turn decreases the cost per custodian in the event of litigation.
Why Data Management is the Legal Team’s Problem
Data retention, destruction policies, and data mapping exercises are not created only for the use and benefit of IT and information security departments. Rather, they offer benefits for your entire organization and should be relied upon by your legal department. Investigations, compliance matters, litigation, data governance, and data protection all circle right back to legal in mitigating risk in accordance with the law.
However, as Alan Promer, partner and chair of the Technology Committee at law firm Hangley Aronchick Segal Pudlin & Schiller, noted: “a smart lawyer is only going to engage in the things they’re knowledgeable about. … I don’t know many lawyers who speak fluent cybersecurity.”
Engaging only in what you’re knowledgeable about isn’t just smart—it’s required. In the Model Rules of Professional Responsibility, Rule 1.1 states that a “lawyer shall not handle a legal matter that the lawyer knows or should know he or she is not competent to handle without associating with a lawyer who is competent to handle the matter. Competent representation requires the legal knowledge, skill, thoroughness, and preparation reasonably necessary for the representation.”
Comment 8 of Rule 1.1 continues: “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.”
Furthermore, under Rule 1.6(c), there is an ethical responsibility of law firm lawyers to protect client data and in-house lawyers to protect their company’s data. The Rules require lawyers to make reasonable efforts to prevent the inadvertent or unauthorized disclosure of, or unauthorized access to, information relating to the representation of a client. In other words, if we are going to be competent under 1.1, we must therefore, under this rule, ensure we are not doing certain things that will jeopardize client data and that we are doing the right things to keep the client’s data safe.
Several ABA Ethics Opinions (such as this one and this one) as well as State Ethics Opinions (see here and here) solidify and bolster the Rules’ declaration that attorneys have a mandate to understand what must go correctly and where the pitfalls are.
Where and How to Learn More
Not to be confused, the Rules and Opinions do not require a data science degree—but pursuing education on the latest technology and how it impacts your matters is imperative.
BDO’s Enterprise Managed Services team helps legal professionals thrive every day by empowering them with knowledge. To learn more about this issue, listen to this BDO podcast with David Horrigan, Esq., legal counsel at Relativity; Daniel Gold, Esq., managing director at BDO; and Tessa Cierny, global records manager at WestRock as we discuss “The Data Colossus.”
Following along with publications like Law.com and The Relativity Blog, as well as attending industry events like Legaltech and Relativity Fest are also excellent ways to sharpen your technological understanding and skills.
And, above all, lean into your team. Keeping an open line of communication with the experts you work with on each matter will have a significant impact on your knowledge—and, more importantly, how to apply it to every scenario.
Daniel Gold is the managing director of BDO’s Managed Services practice. He has 18 years of experience in the legal space.