It has just been reported that neither Hillary Clinton nor Colin Powell used U.S. government email during their respective tenures as U.S. Secretary of State and instead communicated through private email accounts.
It is unclear if either official broke the law or if the private email accounts were adequately secured. Even if this practice was legal and the data safe, it is certainly controversial.
While your business information does not likely consist of state secrets (and you are probably not running for president), the current controversy exemplifies the potential negative consequences of inadequate data governance.
Here are five tips for protecting your business from its own email hullabaloo and avoiding costly e-discovery and data privacy heartburn.
1. Understand your data preservation and privacy obligations. What data are you legally required to save by law or by contract? What data are you legally required to keep private and secure? Use this information to craft the minimum requirements of a data governance policy that will keep you compliant with the law and your contractual obligations.
2. Inventory your data preservation and data security practices, needs, and desires. What data do you want to keep? What data do you want to share or sell with other businesses? What are your current practices? How are your employees navigating the fuzzy lines between personal and private data devices and technologies? Incorporate this information in creating a data governance policy that meets your business needs while helping you achieve your business objectives.
3. Maintain strong data governance. Once you know your legal obligations, your practices and your desires, you should create and implement a comprehensive internal data governance policy. The policy should be fluid, but firm, and reflect your legal requirements, business needs and practical realities. Because it is often impractical to preclude employees from using personal devices for work purposes, you should plan accordingly. As your legal and practical needs change, adjust your policy. Do not look for a one-size-fits-all data management solution -- it does not exist.
5. ENFORCE YOUR POLICIES. Conduct regular data audits to make sure that all of your employees are complying with mandated policies and that your data security measures are effective. Demand honesty and transparency by your employees about their data practices, problems and “work-arounds.” Do not exclude your top executives from your audit – no one should be too important to audit. If your policies are not being followed, modify them until the policy and the practice mirror one another. If your data security policy is ineffective, fix it. The best policies are meaningless if they are not followed.
6. Mandate privacy-by-design and information governance-by-design. When thinking about implementing a new technology or software in your business, consider data creation, preservation, privacy and security. Before a new product launch, determine how your IT staff and employees will continue to follow your policies after implementation of the software. If you do not have a chief information officer, be sure to consult with an IT professional in executive decision-making.
At some point, your business may be involved in contentious litigation, the victim of data theft or the recipient of a subpoena. While the U.S. House of Representatives’ Select Committee on Benghazi is unlikely to come calling, a state or federal government agency may seek information from you. Following these five tips and proactively addressing data governance will help you avoid your own email troubles.
Comments
Add a comment
Subscribe
RSSTopics
- Tax Law
- Commercial Liability
- Personal Tax Controversy
- Business Tax Controversy
- Business Risk Management
- Contracts
- Business Torts
- Commercial Real Estate
- Commercial Loans
- Civil Litigation
- Commercial Leasing
- COVID-19
- Property tax
- Alternative Dispute Resolution (ADR)
- Bankruptcy
- Banking Law
- Real Estate
- Standing
- Real Estate Mortgages
- Coronavirus
- Lending
- Mortgage Foreclosure
- Facilitation
- Appellate Law
- Risk Management
- Trade Secrets
- Litigation Discovery
- Corporate Formation
- Fraud Activity
- Cyber Attack
- Shareholder Liability
- Insurance
- Cryptocurrency
- Regulatory Law
- Cybersecurity
- Damages Recovery
- privacy
- Statute of Limitations
- Class Action
- Product Liability
- Pensions
- e-Discovery
- Noncompete Agreements
- Biometric Data
- e-Commerce
- Internet Law
- Venue
- Consumer Protection
- Residential Liability
- Zoning and Planning
- Clawback
- Department of Education (DOE)
- Receiverships
- Fair Debt Collection Practices Act
- Fair Credit Reporting Act
- Garnishments
- Unfair Competition
- Uniform Commercial Code (UCC)
Recent Updates
- Why Delinquent Taxpayers Should Circle the IRS Collection Statute Expiration Date on Their Calendars
- How the Reversal of Chevron will Impact the IRS
- IRS Passport Denial and Revocation Program - What you Need to Know and how to Reclaim Your Passport
- Understanding the Federal Taxpayer Advocate Service and Taxpayer Bill of Rights
- Innocent v. Injured Spouse Relief: A Guide for Navigating Complex Tax Issues After Marital Changes
- Understanding Joint Filing and Innocent Spouse Relief - A Guide for Married Taxpayers
- Obtaining Injured Spouse Relief from Federal Income Tax Liability
- What is 'Currently Non-collectible' Status and how do you get it Applied to Your Federal Income Taxes?
- Offer-in-Compromise or Partial Pay Installment Agreement – Which Option is Right For You?
- Offer in Compromise Programs Provide Taxpayers with Options to Settle Federal, State Tax Debt