X

Thank you for sharing!

Your article was successfully shared with the contacts you provided.

When it comes to data retention practices, most companies are stuck in limbo, balancing competing needs between providing easy access to data for business and regulatory purposes and safeguarding data against leakage and breaches. The landscape 10 to 15 years ago was one of gross over-retention, with many practicing a blanket “save everything” approach. That landscape has begun to shift, as the risks associated with data security and data privacy have become paramount for many companies. While money, resources and technology can be directed to “protecting” confidential information from data breaches and data intrusions, the daunting reality is that if a company is retaining sensitive information, including personal information of employees and customers, the most effective protection is to ensure that such sensitive information is deleted when it no longer needed, or is deleted or removed from areas within the organization that do not have adequate protections in place. In sum, data privacy and data security are just one aspect of an effective information governance program.

Regulators are bolstering their efforts around cybersecurity and data risk management, and many are actively engaged in cybersecurity supervision and enforcement, requiring companies to identify data risk, manage data flows and delete data. Numerous bodies have specific fines they can impose for data mishandling, particularly that which includes sensitive customer information. Regulators are closely examining whether companies that house this type of information are managing it correctly, including implementing security controls, managing where and how it is stored and promptly deleting data once it is no longer needed. The SEC has communicated that the severity of fines for data breaches will be partially based on whether the company was storing customer information that was no longer needed.  One financial institution was fined $900,000 by FINRA for not doing enough to ensure data about customers’ trades were handled properly and for failing to protect customer privacy. The SEC hit another financial institution with a $1M fine for alleged failure to adopt written policies reasonably designed to protect customer data, and allowing an employee to access and transfer data to a personal server, which was hacked by third parties. The FTC, CFPB and state regulators are expected to be increasingly more aggressive in policing companies on managing information.

These factors have become widespread and C-Suite executives, along with the board, have made information governance (often coached as cybersecurity) a priority. Legal, compliance, IT and records teams are recognizing the need for change and starting to ask: How do we address these risks? How do we even begin? How do we get budget and resources to adequately address these issues?

This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.

To view this content, please continue to their sites.

Not a Lexis Advance® Subscriber?
Subscribe Now

Not a Bloomberg Law Subscriber?
Subscribe Now

Why am I seeing this?

LexisNexis® and Bloomberg Law are third party online distributors of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® and Bloomberg Law customers are able to access and use ALM's content, including content from the National Law Journal, The American Lawyer, Legaltech News, The New York Law Journal, and Corporate Counsel, as well as other sources of legal information.

For questions call 1-877-256-2472 or contact us at [email protected]

 
Reprints & Licensing
Mentioned in a Law.com story?

License our industry-leading legal content to extend your thought leadership and build your brand.

Pennsylvania eDiscoveryBook

Designed to help attorneys practicing in PA, NJ and DW keep up with the changing rules and technologies in eDiscovery; special attention given to emerging eDiscovery is...

Get More Information
 

America's Claims Executive Virtual Leadership Forum & Expo 2021Event

ACE Virtual Leadership Forum & Expo is the annual conference for Senior Claims Executives in Insurance organizations.

Get More Information
 

Legalweek Leaders in Tech Awards 2021Event

Recognizing innovation in the legal technology sector for working on precedent-setting, game-changing projects and initiatives.

Get More Information
 

General Counsel Conference Midwest: SuperConference 2021Event

GCC Midwest addresses today's legal issues facing companies by providing general counsel with insight and best practices.

Get More Information
 

General Counsel Conference Midwest: SuperConference 2021Event

GCC Midwest addresses today's legal issues facing companies by providing general counsel with insight and best practices.

Get More Information
 

General Counsel Conference Midwest: SuperConference 2021Event

GCC Midwest addresses today's legal issues facing companies by providing general counsel with insight and best practices.

Get More Information
 

General Counsel Conference Midwest: SuperConference 2021Event

GCC Midwest addresses today's legal issues facing companies by providing general counsel with insight and best practices.

Get More Information
 

General Counsel Summit (GCS) 2021Event

General Counsel Summit is the premier event for in-house counsel, hosting esteemed legal minds from all sectors of the economy.

Get More Information
 

General Counsel Summit (GCS) 2021Event

General Counsel Summit is the premier event for in-house counsel, hosting esteemed legal minds from all sectors of the economy.

Get More Information
 

General Counsel Summit (GCS) 2021Event

General Counsel Summit is the premier event for in-house counsel, hosting esteemed legal minds from all sectors of the economy.

Get More Information
 

General Counsel Summit (GCS) 2021Event

General Counsel Summit is the premier event for in-house counsel, hosting esteemed legal minds from all sectors of the economy.

Get More Information
 

General Counsel Summit (GCS) 2021Event

General Counsel Summit is the premier event for in-house counsel, hosting esteemed legal minds from all sectors of the economy.

Get More Information
 
 

ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2021 ALM Media Properties, LLC. All Rights Reserved.