Across the world privacy legislation is exploding in complexity. The UK has the Data Protection Act, GDPR is the European equivalent and Canada has its Anti-Spam Legislation (CASL). Now the US is following suit and as of July 2022, California, Colorado, Utah, Virginia and Connecticut had already signed state data privacy legislation into law and a further five north eastern states have draft legislation in committee.
What’s more clients are understandably being more and more demanding about how firms manage and retain their data. So, on top of the risk of fines, there is also the risk of losing clients and being sued!
But what does this mean for firms? Well.. large clients are demanding their data be held and disposed in specific ways must be demonstrably adhered to. Likewise, whether there is one office in Colorado or London, or 50 offices spread across the globe, the answer is the same. There needs to be stringent policies and processes in place, or they run the risk of non-compliance and fines – for holding data they shouldn’t, for holding data too long, and for failing to respond quickly enough to data subject access requests.
During this ILTA Masterclass Chris Giles and Kandace Donovan deliberated the growing pressure on firms to manage data retention and disposition efficiently and compliantly. They discussed:
• How in an ever-changing landscape firms can manage (electronic and paper) data consistently when it is held across numerous systems. Of course, the DMS, but also in MS Teams, FileShares for example.
• Once the policy, processes and systems have been agreed they are only going to make a difference if they are followed and used! How do you encourage collaboration and buy in from all within the organization? And how can IG teams get the attention of the firm’s senior attorneys to sign off on destruction authorization, (when it is just one item among the endless list of non-billable tasks they are asked to do!)?