Data Risk Management
Exterro CEO Bobby Balachandran Explains the Challenges CLOs Are Facing
March 25, 2022
Exterro CEO Bobby Balachandran recently talked with M. R. Rangaswami of Sandhill.com, which produces and distributes thought leadership for the SaaS industry, about some of the trends that are driving the emergence of the legal governance, risk, and compliance discipline.
Bobby Balachandran founded Exterro with the conviction that the legal industry was rife with opportunities for process improvements that could be driven from lessons learned in other industries. Today, he fulfills Exterro’s founding principles by leading the company in building a comprehensive platform for global corporations and governmental agencies to mitigate risks, control costs, and have complete end to end visibility into their legal governance, risk and compliance processes.
Read the full article on our News page.
Bobby explains the challenges legal leaders like general counsel and chief legal officers are facing, "The role of the GC or CLO has greatly evolved and expanded over the past 10-15 years due to a number of macro trends. First is the constant introduction of new laws and regulations to which an organization must comply. Significant among these over the past seven to eight years has been related to the increased scrutiny on privacy with laws such as the GDPR in Europe, or the various state laws like the CPRA in California here in the United States. Third is the relentless threat of cyber-attack or breach, and the fourth is the rise of legal operations, due to a sharp focus from the C-Suite on improving the efficiency and productivity of the legal department.
"All of these greater trends have combined to create new business challenges that no longer can be addressed by a single organizational department, like Privacy, Compliance, Legal Operations, Security etc. Let me give you an example:
"Laws like the GDPR or CPRA allow an individual to request to know what data you have stored on them, how you’re using it, how long you plan to store it and even ask that you delete it. If the requester is a current or former employee, not only do you need to ensure you have the workflow to ensure the request is handled by the appropriate group, but the person or group responsible for the data must be able to quickly locate it, collect it, review it, redact any personal information not related to the requestor and then securely deliver this information to the requestor.
"You can see how this request quickly crosses conventional divisions and responsibilities—it’s not just someone in your Privacy department’s responsibility – he or she will need to work with someone with expertise in e-discovery at a minimum. And if that data subject submits a request for data deletion, things get even more complex, because before deleting anything, you must first confirm that the information can legally be deleted. It can’t be subject to retention requirements imposed by regulatory compliance obligations or a legal hold.
"As a result, you have solid or very strongly dotted reporting lines for privacy, compliance, legal operations, litigation support and even incident response into the GC/CLO. And this is forcing a new way to think about both how to organize across these different areas for optimal performance, but also how to apply technology to solve some pretty challenging business processes."
Facing these challenges, CLOs can turn to the insights provided by Exterro's comprehensive Legal GRC platform. The solution starts with data. Bobby continues, "The Exterro platform enables clients to understand what data they have, where it is located, what regulations apply to it, what third parties have access to it, and most importantly, respond quickly to requests for that data. A request could be e-discovery necessary for litigation, collecting evidence for an internal investigation, responding to a data subject access request, or fulfilling reporting obligations to data authorities after an incident or breach is identified, or any number of other business processes that are the responsibility of the legal department."