It has just been reported that neither Hillary Clinton nor Colin Powell used U.S. government email during their respective tenures as U.S. Secretary of State and instead communicated through private email accounts.
It is unclear if either official broke the law or if the private email accounts were adequately secured. Even if this practice was legal and the data safe, it is certainly controversial.
While your business information does not likely consist of state secrets (and you are probably not running for president), the current controversy exemplifies the potential negative consequences of inadequate data governance.
Here are five tips for protecting your business from its own email hullabaloo and avoiding costly e-discovery and data privacy heartburn.
1. Understand your data preservation and privacy obligations. What data are you legally required to save by law or by contract? What data are you legally required to keep private and secure? Use this information to craft the minimum requirements of a data governance policy that will keep you compliant with the law and your contractual obligations.
2. Inventory your data preservation and data security practices, needs, and desires. What data do you want to keep? What data do you want to share or sell with other businesses? What are your current practices? How are your employees navigating the fuzzy lines between personal and private data devices and technologies? Incorporate this information in creating a data governance policy that meets your business needs while helping you achieve your business objectives.
3. Maintain strong data governance. Once you know your legal obligations, your practices and your desires, you should create and implement a comprehensive internal data governance policy. The policy should be fluid, but firm, and reflect your legal requirements, business needs and practical realities. Because it is often impractical to preclude employees from using personal devices for work purposes, you should plan accordingly. As your legal and practical needs change, adjust your policy. Do not look for a one-size-fits-all data management solution -- it does not exist.
5. ENFORCE YOUR POLICIES. Conduct regular data audits to make sure that all of your employees are complying with mandated policies and that your data security measures are effective. Demand honesty and transparency by your employees about their data practices, problems and “work-arounds.” Do not exclude your top executives from your audit – no one should be too important to audit. If your policies are not being followed, modify them until the policy and the practice mirror one another. If your data security policy is ineffective, fix it. The best policies are meaningless if they are not followed.
6. Mandate privacy-by-design and information governance-by-design. When thinking about implementing a new technology or software in your business, consider data creation, preservation, privacy and security. Before a new product launch, determine how your IT staff and employees will continue to follow your policies after implementation of the software. If you do not have a chief information officer, be sure to consult with an IT professional in executive decision-making.
At some point, your business may be involved in contentious litigation, the victim of data theft or the recipient of a subpoena. While the U.S. House of Representatives’ Select Committee on Benghazi is unlikely to come calling, a state or federal government agency may seek information from you. Following these five tips and proactively addressing data governance will help you avoid your own email troubles.
Add a comment
- Commercial Liability
- Business Risk Management
- Business Torts
- Civil Litigation
- Alternative Dispute Resolution (ADR)
- Commercial Real Estate
- Trade Secrets
- Litigation Discovery
- Corporate Formation
- Commercial Leasing
- Real Estate
- Real Estate Mortgages
- Commercial Loans
- Mortgage Foreclosure
- Regulatory Law
- Shareholder Liability
- Risk Management
- Fraud Activity
- Cyber Attack
- Tax Law
- Damages Recovery
- Class Action
- Product Liability
- Biometric Data
- Banking Law
- Statute of Limitations
- Noncompete Agreements
- Internet Law
- Consumer Protection
- Residential Liability
- Zoning and Planning
- Department of Education (DOE)
- Fair Debt Collection Practices Act
- Fair Credit Reporting Act
- Unfair Competition
- Uniform Commercial Code (UCC)
- 10 Things About Trade Secrets you may not but Should Probably Know
- What New Lawyers Bring to the Practice of Law
- What Rights do Limited Liability Company Minority Members Really Have?
- Arbitration or the Courtroom, Who Decides?
- Wait, I Have to Pay my Own Attorney? But I Won the Case?
- Preliminary Injunctions in Michigan, the More They Change the More They Stay the Same
- President Biden Signs Cryptocurrency Executive Order Establishing Whole-of-Government Approach to Regulating Digital Assets Industry
- My 5 Lessons Learned from the COVID-19 Pandemic
- Am I at Fault for Breach of Contract if the Other Party Breached It First?
- Maximizing Damages Recovery in Michigan's District Courts Challenged by Jurisdiction Limits