Enterprise data risk management is a fundamental component of good corporate and information governance, and a key focus of regulators. Improving enterprise data risk management across a business can reduce its long-term operational costs, privacy and cyber security risks, data footprint, and litigation risks. At Reed Smith, our cross-disciplinary team can help you better understand the risks associated with your data and develop strategies and internal controls to improve data governance. Clients benefit from our practical and action-oriented advice, geared towards identifying and managing data assets, modernizing IT systems and establishing policies that protect your organization and its data.
Our lawyers collaborate with your team to evaluate industry-specific issues impacting your organization. We advise clients on all aspects of technology and data risk, including defensible disposal, legal/regulatory record retention and recordkeeping, data integrity, eDiscovery, privacy and cyber security, and data integration and separation related to acquisitions and divestitures.
We have the experience to implement the innovative solutions your business needs to address gaps, improve internal controls and manage data risk, including advising you on:
- Developing data remediation and defensible strategies for deleting data no longer needed for business, legal or regulatory reasons, including coordinating communications with regulators and opposing counsel.
- Advising on data migrations and the legal and regulatory requirements of implementing new enterprise systems, including utilizing cloud computing from third-party vendors (For example, Microsoft 365, messaging archives, and legal hold tools).
- Developing and updating policies and schedules related to records retention, legal holds, information risk management, departing employees, electronic communications, acceptable use, BYOD, social media, collaborative sites, back-up and disaster recovery, and identity management.
- Developing strategies and approaches when applying records retention and legal hold to digital information.
- Investigating critical corporate data assets to determine where those assets reside and how they are protected and used.
- Conducting gap analyses to identify legal and regulatory risks associated with current management of critical data sources, and providing recommendations to address gaps, improve internal controls and manage data risk.
- Distilling the many legal and contractual obligations affecting data assets, and formulating clear guidance for the retention, disposal or transfer of data throughout the lifecycle of mergers, acquisitions, divestitures, and other corporate transactions.