Computing power, capacity and efficiency have been growing exponentially, with each category doubling every one to two years since the 1970s. Billions of people own smartphones and by 2025, an estimated 80 billion devices will be connected to the internet. The artificial intelligence market is forecasted to break $500 billion in the next two years.
Our society is living proof that the velocity of advancement is on a constantly accelerating trajectory. And while it’s true that the possibilities are endless, it’s also true that rapid technology innovation will inevitably be accompanied by a rapidly growing assortment of unexpected and unknown risks.
Take for example the explosive growth in emerging data sources— collaboration applications, chat tools, cloud-based file shares and dynamic productivity suites—and their impact on investigations, regulatory enforcement, e-discovery, data privacy and other areas of legal and compliance risk.
The rapid and accelerating adoption and evolution of these new platforms have caused a flashpoint at which legal, compliance, IT and security teams need to reorient to an entirely new and constantly changing data landscape. This includes taking inventory of what needs to be accomplished, assessing how data is reviewed and analyzed, creating new workflows and implementing new tools and technologies that can accommodate data in this new paradigm.
Even if emerging data sources were changing at a slower pace, they would still present significant challenges. But the sheer velocity at which new applications emerge, existing applications are updated and the ways they are used change, makes it virtually impossible for most organizations and their legal departments to manage the risks. These risks are most acute in the following areas:
Disputes and Investigations:
Compliance and e-discovery controls, workflows and tools have not yet been developed for many of the emerging data sources that are now coming into scope as sources of electronic evidence in disputes and investigations.
Identifying, collecting, processing, reviewing and producing data from chat threads, video conferencing platforms and dynamic, cloud-based productivity suites like Microsoft 365 and Google Workspace typically require tailored approaches that stretch the bounds of the Electronic Discovery Reference Model framework. Technical expertise and a deep understanding of the nuances of each platform in scope is critical to creating workflows that are effective, accurate and defensible.
Another issue in disputes and investigations is the general uncertainty among attorneys, courts and regulators of what data can and cannot be retrieved from emerging data sources. A key foundation of e-discovery is planning and information sharing among relevant parties, but emerging data sources are making it increasingly difficult to align expectations and scoping across parties and with regulators.
Data breach notification:
In addition to disputes and investigations, emerging data sources are now presenting issues in data breach response. Data breaches are continually on the rise and organizations are facing subsequent ramping pressure to comply with data breach notification and response obligations.
In most situations, organizations have mere days to determine the extent of the breach and begin notifying authorities and/or individuals. In parallel, emerging data sources are becoming more common as repositories of sensitive information that may be implicated in a breach. This creates more locations organizations must investigate and search for sensitive or personal information when responding to a breach, as well as a greater volume of information that must be analyzed to determine what was breached and who was affected.
In a large organization, or one that has a highly distributed IT architecture (which is common within businesses that conduct a significant amount of M&A), the issue can quickly spiral. In one recent data breach response matter our team supported for a publicly traded company in Europe, we encountered more than 80 data sources that were potentially in scope for investigation. There was no single solution or tool that had the capabilities to comb through the data sources and analyze the many data formats within them for instances of sensitive information that may have been breached. Doing so under a tight deadline required significant technical problem-solving and custom solution development.
Another common issue with emerging data sources is that production specifications from regulatory authorities have not yet shifted to align with the nuances or structure of data within modern productivity suites. It’s becoming increasingly common for legal teams to experience significant disparities between regulatory requirements to produce entire folders or vast populations of files and the reality of back-end platform structure and organization.
Our teams have worked on matters in which regulators have requested production of every version of certain documents residing in a cloud-based file share—however, due to the complex way these platforms save and share dynamic documents, it’s often impossible or disproportionately difficult to fulfill such a request. Moreover, responding to a regulatory request for information is very different than responding to an e-discovery order in the courts.
Rules around proportionality do not apply and regulators are typically far less flexible in negotiating parameters than a judge or opposing counsel would be. This issue is likely to continue perpetuating given how quickly the landscape is changing. Just as soon as regulators catch up to one aspect of the new world order of data, five more new complexities will have emerged.
Changes in the technology environment—and by extension, the corporate data landscape— are happening all the time. Thus, what worked yesterday does not work today. With that, new risks and challenges will continue to arise at a dizzying pace. Keeping up will require constant vigilance over the changes taking place within the data landscape and an eye on the future challenges on the horizon.
To prepare, organizations can work with experts who conduct continual testing of methodologies and technologies that can enrich and make sense of vast volumes of data. With agile, cutting-edge approaches, organizations can reduce their data risks and enable faster insight to critical information in disputes, investigations, data breach responses, compliance monitoring and more.
Tim Anderson is a Senior Managing Director within FTI Consulting’s Technology segment. He has more than 20 years of experience in legal technology and specializes in developing strategies for the preservation, collection, analysis, review and production of information stored in emerging enterprise data sources such as Microsoft 365, Google Workspace, Slack, Box, Salesforce, Confluence, Workplace from Facebook and many other cloud-based systems.
The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.