2019 Benchmarking Report Review: Legal Teams Aren’t Prepared for Privacy & Cybersecurity Regulations
Exterro released our annual In-House Benchmarking Report today: A survey report with nearly 200 respondents that offers readers a glimpse behind the curtain of other corporate (and small firm) e-discovery and data governance operations. The report explores how e-discovery team growth has expanded—and continues to expand—across organizational business units, and where teams are focusing their growth and spend efforts.
Traditionally, the survey has taken a purely e-discovery-based focus to its line of questioning, but we expanded this year to add a few questions regarding data privacy. The results were so surprising that there’s no other way to slice it: Legal teams are not prepared for the launch of privacy and cybersecurity regulations.
A Rough January Ahead?
It’s been more than a year since former California Gov. Jerry Brown signed into law the California Consumer Privacy Act (CCPA), but organizations have been slow to prepare for compliance with the bill. The law doesn’t just affect businesses in California, but rather any company that does business in California—which is to say, many or most U.S. businesses (and others worldwide) will be affected by the launch of the CCPA.
This has done little to worry our survey’s respondents: 68% are either not concerned or only somewhat concerned about new bills (which are being considered by at least 25 state congresses) like the CCPA and the lesser-known Nevada privacy law, which went into effect on October 1. And the low level of concern for these new privacy regulations is just one piece of the pie, as only 15% of organizations have defined processes prepared to help them take on the coming regulatory onslaught.
“As a community, we urgently need to transform awareness into concern and concern into action,” says Chris Colvin, founder and CEO of legal education and networking site In The House. “Anyone who reads the news today knows that we are in the midst of a cultural shift around how society views personal data and how it is (and should be) leveraged by corporations.”
No Roadmap for Data Inventory
Perhaps just as troubling for teams that are behind in their preparation for the CCPA is the fact that a majority don’t have a data map or inventory for tracking personal data. Despite that legal teams with e-discovery software may have a usable tool in-house for data management, 72% of respondents say they don’t use privacy software to help manage their data inventory. More than half of the legal professionals we surveyed don’t have data mapping software, and don’t know how the organization’s data map is managed.
Unfortunately, this means that excel is the primary tool used by organizations to manage their data inventory (a majority of respondents don’t actually know how their data is managed; spreadsheets are used more often than any other tool). Spreadsheet usage means the potential for human error increases—errors that could prove costly due to fines associated with privacy regulations.
So What’s Next?
Because privacy regulations are only going to become more and more prevalent, it’s important for organizations to get their data houses in order. In fact, organizations that are prepared for these changes have built-in competitive advantages via both cost savings and cost avoidance—and those that already have an e-discovery platform in-house may find that it’s an effective tool for managing their data, as well as data subject access requests (DSARs) allowed under some privacy regulations.
For more great information and insights, please download our free 2019 In-House Benchmarking Report!