Cybersecurity Is Not Just an IT Issue; It’s an IG Issue


Cybersecurity Is Not Just an IT Issue; It’s an IG IssueFor leaders and counsel in many organizations, the word “cybersecurity” typically triggers concerns about the IT department, conjuring images of hackers and requiring unfamiliar terminology such as “firewalls” and “encryption.” However, at its essence, cybersecurity is an information governance issue: it affects an organization’s most valuable assets, including financial data, employee and customer records, and intellectual property.

If the Target data breach was not motivation enough to focus on this issue, organizations should recognize the current administration’s emphasis on cybersecurity, beginning with President Obama’s 2013 Executive Order on Improving Critical Infrastructure Cybersecurity. Since then, a number of government agencies have begun to study cybersecurity more closely. Consider the agencies that have already taken steps in 2014:

The best practices recommended by these agencies include written information security and privacy programs, risk assessment protocols, business continuity plans, disclosure processes, and training procedures. They also recommend regular evaluation of third parties responsible for storing the organization’s data.

Before organizations can comply with these agency recommendations—which are likely to become a measuring stick for compliance in the future—they must inventory their information and determine what types of data they own, where that data resides, and what format it is stored in. But today’s information volumes make reviewing every document, or even spot-checking certain repositories of documents, impractical and ineffective. To simplify this daunting task, organizations should use analytical tools, including technology-assisted review (TAR). For instance, TAR can catalog information and sort it into relevant buckets for storage, facilitating the process of keeping accurate records of data. In addition, TAR can identify legacy data or data that is ripe for deletion under a records retention program, particularly e-mails—and it is much more accurate and consistent than allocating this task to human reviewers, whose subjective review of content may lead to differing retention decisions.

In short, using discovery tools such as TAR for information governance purposes can not only save organizations time in implementing information security protocols, but it can maximize resources by limiting the overpreservation of unnecessary information, and the proactive categorization of information can improve preparation for litigation.

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.

© Conduent | Attorney Advertising

Written by:


Conduent on:

Readers' Choice 2017
Reporters on Deadline

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra:

Sign up to create your digest using LinkedIn*

*By using the service, you signify your acceptance of JD Supra's Privacy Policy.

Already signed up? Log in here

*With LinkedIn, you don't need to create a separate login to manage your free JD Supra account, and we can make suggestions based on your needs and interests. We will not post anything on LinkedIn in your name. Or, sign up using your email address.