The 2018 Corporate Counsel Forum, held over a sunny two days in September, proved interesting and thought provoking. It was also reassuring to learn that what I set out in my first article (pre-2018 Corporate Counsel Forum), was true. Corporate data can be a beast to deal with because of complexities of legacy data systems, the need to stay current with the data privacy agenda, and the slow, difficult nature of inaccessible data when in house legal teams need to respond to regulatory and legal requests. The beast is still very much alive!
So, was corporate data discussed at the conference, and if so, what was addressed?
The conference was chaired by Philip Bramwell, Group General Counsel of BAE Systems, and Sabine Chalmers, Group General Counsel, BT, both of whom kept us amused by their wit and wry sense of humour. At the opening on day one, Philip noted four key words from the conference agenda that shined and on which the conference would focus: Trust, Integrity, Disaster, and Transformation. Since data is fundamental to corporate disaster or transformation, it is not surprising that data was a constant theme woven into pretty much all of the conference sessions.
Echoing Philip’s observations in her opening address, Laura Kuenssberg, Political Editor for the BBC, said that politicians and executive boards needed to ‘get their head out of their pots’ and really listen to their constituents, customers, stakeholders and employees when it comes to actioning a trust-based agenda. This was a great start, and promoted honesty and pragmatism during the panel sessions with audience participation.
During the first session, I was delighted to sit alongside moderator, Bill Deckelman, Executive VP, General Counsel and Company Secretary of DXC Technology; William Malcom, Legal Director of Privacy at Google; and Cameron Craig, Deputy GC Group Head of Data Privacy and Digital for HSBC, where we addressed how to transform the data privacy agenda into a trust-based agenda.
William shared with us the statistics of the vast amount of man hours and work undertaken to make Google’s data privacy agenda firmly one of trust. It was unsurprising, and quite right, that Google had been able to dedicate this level of resource. The big data players, including Google, Microsoft, and Apple, and their treatment of customer data has, in large part, driven recent regulatory change, for example, GDPR. For all of us on the panel, we agreed that it was important to have a holistic approach to account for all stakeholders’ agenda and notion of trust.
As Bill commented, “A primary theme raised by our panel was that, in creating a trust-based agenda for GDPR compliance, it is critical that a company appreciate it has many stakeholders with an interest in data privacy compliance, including the company’s board, its employees, customers, suppliers, and regulators to name a few. These stakeholders all view trust differently and the company must address each of them in a manner that will resonate with the particular stakeholder. Also, we have to accept that it is not possible to bring all stakeholders equally to the same level of trust.”
Key Takeaway: GCs who embrace their legacy data estate and who commit to contributing to the overall trust issue of data privacy/information governance proved that it is possible to win the fight against the enormity (the Beast) of uncontrolled and unmanageable data.
In a session entitled The Crisis Strategy You Need to Adopt, the panellists, all high-profile corporates, took us through a case study. It was widely accepted by the audience that the next major crisis could be around the corner, which if not handled properly, could become a publicly played-out crisis, resulting in heavy damage to the brand and share price. The panel suggested a framework to demonstrate significant value to the board in being able to carefully and calmly navigate challenging waters. Something I am passionate about resounded strongly from this panel discussion, start at the desired outcome and make the framework a tool for proactively managing risk. This includes:
- Data – which is needed to help make informed decisions. It is easier said than done. In a recent survey by the Compliance, Governance, and Oversight Council and the EDRM “75% of respondents fail to keep up with data retention objectives.”
- Stakeholder management – which encompasses the importance of the GC being well networked across the organisation to create alignment with other departments. In the same study, “85% of respondents blame a department other than their own for failing to meet objectives.”
Key Takeaway: Data, often abused (ignored?) by people, can be at the core of a corporate disaster. Having a sound crisis strategy will enable the business to take preventative measures and react more swiftly, and to greater effect when a disaster is imminent.
The fun Legal Operations Surgery Session (GCs dressed as doctors!) opened day two and explored how to create value for the business by looking at the tools and techniques of a legal operations strategy and framework. As a legal operations expert, for me, this was the first major highlight of the conference.
The issues revealed in the survey quoted above are common across the corporate world. This leaves legal and compliance departments uncertain about their readiness to act quickly in the face of disaster, anticipated litigation and regulatory investigations, and with little visibility into cost drivers.
A legal operations team, insourced or outsourced, brings a unique skill set, one typically derived from lawyers and technology experts. This dedicated resource will increase the proficiency and efficiency of the legal/compliance in-house team. This, in turn, helps cement the legal function as a trusted business advisory function and builds on a foundation of the GC/legal value-add to the business.
The beauty of a good legal operations strategy will deliver the following:
- Lower costs by implementing efficient, effective, and repeatable processes.
- An excellent understanding of the current state of an existing data discovery program, no matter how new or sophisticated existing processes may be, and diagnose next steps for improving litigation and investigation readiness and associated budgeting.
- Confidence in knowing that compliance, legal, and technology teams are ready to act swiftly to address compliance and ediscovery by following the operating model playbook.
- Reduced confusion and frustration across internal teams by applying a customised action plan that develops over time within your operating framework.
- Defined and measured metrics to show return on investment as well as manage case and department budgets efficiently.
- The ability to leverage an agile approach to improving an operating model over time at a manageable pace, while constantly showing results and demonstrating alignment with corporate goals.
- Greater control over data and have fewer business interruptions from discovery requests.
Key Takeaway: Data integrity is a golden source of information that serves the business, the staff, and the processes to achieve corporate objectives and drive greater success. Data that is large and complex is hard to deal with and lacks reliability because it cannot be trusted (e.g. GC’s and legal teams are often worried that their IT department has not ‘found it all’ for a legal matter e.g. a SAR. Equally, searches are over-inclusive, resulting in a larger data set and incurring a resource/cost overhead). Data integrity can only be achieved if the data is in a healthy state.
The second highlight for me was a fascinating session on the impact of blockchain and cryptocurrency. Whilst regulators and, increasingly, banks examine how this new technology works, this session underlined the fact that it is here to stay.
Immutable was one word that returned again and again. Blockchain technology can make a business process (e.g. the farming, transporting, delivery right to customer enjoyment of coffee beans) totally secure, removing the opportunity for fraud and other physical or financial losses in the supply chain.
This area is growing at an undefined pace and therefore, although not formally recognised yet within our heavily regulated society, I have no doubt it will be soon. This was evidenced by a VP for Regulatory Affairs within a tier 1 bank, citing that they spent more time in Brussels and with the regulators than they do with their own family!
Key Takeaway: Transformation is all about how successful the end customer experience is, including their data privacy rights. New technology such as Blockchain and collaborative platforms such as Office 365 are enabling businesses to do this now. Corporate data, which I have described here as a beast, is not getting any smaller or simplified. Rather, it is more varied than ever and growing by the second. The ability to leverage new technologies to find that small, succinct piece of information instantly and defensibly is how we are achieving successful transformation.
My parting thought here is that, however fast technology moves, it is data that remains the ‘glue’ between the people and the process. If corporate executives can get their heads ‘out of their pots’ and embrace new strategies, skills and technologies, it is possible to overcome the heavy task of working with complex corporate data and head off would could be a large, beastly disaster. The beauty of corporate data that is controlled and managed correctly is that it underpins trust, integrity, and transformation.
To discuss this topic more or if you have questions, please do not hesitate to reach out to me at LBurton@lighthouseglobal.com.