Information Governance

Overview

As the volume of information grows exponentially year-on-year, and the manner and availability of the information morphs on a near-monthly basis, the risks associated with substandard or nonexistent strategic Information Governance—the coordinated management of the information lifecycle within and without the client firewall—grow as well.

Mature concerns associated with data security, Personally Identifiable Information (PII), Protected Health Information (PHI), Intellectual Property, and E-Discovery obligations have now joined forces with the risks associated with, among others, cloud storage, social media sharing, the viral adoption of “Shadow” IT by client officers and employees, and legacy stockpiles of information with unknown provenance. The repercussions have magnified as well, with recordkeeping compliance penalties, E-Discovery sanctions, and costs associated with data privacy and security breaches sounding more frequently. Client representatives tasked with compliance duties in the Information Governance space, as well as with strategic planning related to IT asset implementation and future information, need expert advice based on industry benchmarking but tailored to specific client needs and direction. BakerHostetler is here to help.

Information and its use is the ultimate mixed blessing for client organizations. Future success depends on intelligent use of information, but the governance of that information is undergoing a dramatic and unprecedented change. BakerHostetler’s experienced Information Governance professionals work carefully to understand clients’ Information Governance profiles, and tailor solutions specific to clients’ specific needs, risk tolerances, and regulatory and industry footing. The core of the practice focuses on assisting clients in navigating changing Information Governance paradigms, reducing risk and cost, and positioning clients for future success.

Strategic Advice

BakerHostetler provides clients with organizational-level advice, providing enterprise-wide consistency, compliance with regulatory and legal requirements, and prospective guidance that evergreens for year-on-year success even with often drastic technological and client compositional change. Advice must begin with understanding, and BakerHostetler’s combined interview and investigative approach first shows clients where they stand on Day One before providing strategic alternatives to address current and future risks and concerns.

More »
Information Management—Technology & Solutions

BakerHostetler professionals assist clients with the selection and retention of technologies and services that fit client needs and risk tolerances. Information Governance professionals work hand-in-hand with clients and BakerHostetler’s Information Technology and Transactions team to develop requests for proposals (RFPs); select appropriate vendors and technological solutions; and execute appropriate contractual and procedural safeguards for the use of those solutions.

Information Use—Policies and Schedules

BakerHostetler advises clients on enterprise-wide Information Governance Policies and Schedules, and assist with the creation and modification of those Policies as well as the maintenance and overhauling of related Schedules. Proper policies and schedules provide client officers and employees with appropriate instructions for handling personal and client information, a standard to measure against audit and improvement initiatives, and a foundation upon which a client can add new internal technologies and processes.

Prospective Corporate Activity

BakerHostetler provides a component of client due diligence in the context of mergers, acquisitions, asset purchase, and divestitures to extract information of value; to assist the client in complying with existing and incipient legal hold requirements; and to cost-effectively harmonize information to existing or contemplated Information Governance Policies and Schedules.

Corporate Audit

BakerHostetler assesses and audits client Information Governance practices to ascertain gaps associated with proper information management, security, and client contractual obligations. Where appropriate, BakerHostetler may undertake efforts to address challenges directly, or assist the client with overseeing more involved compliance projects.

Legacy Remediation

BakerHostetler analyzes client information use and legacy remediation projects in the context of clients’ Information Governance Policies and Schedules, existing legal hold requirements, internal informational data analytic initiatives, and risk tolerances. Based on that analysis and client direction, we supervise the appropriate disposal of unneeded information, as well as the proper categorization of any retained information and the intelligent use of that information through new technologies and processes.

Expert, Officer and Employee Training

BakerHostetler assists clients with the identification and preparation of 30(b)(6), state analogue, and other expert and client-representative witnesses in the context of client Information Governance practices. Likewise, we train client officers and employees on the proper operation of Information Governance Policies and Schedules and their intersection with data privacy, data security, and E-Discovery issues.

Special Projects

Multinational clients demand additional expertise and varied experience. BakerHostetler’s multidisciplinary professional teams assist clients in addressing cross-discipline Information Governance projects that also involve data privacy, data security, E-Discovery, and information analytics issues.

Recognition

  • Chambers USA: Nationwide Privacy & Data Security (2013 to 2018)
    • Chambers USA Privacy and Data Security- Healthcare Spotlight Table (2018)
  • Recognized as one of the top law firms for client service, we were named to the 2018 BTI Client Service 30 for the fourth consecutive year.

Key Contacts

Blog

In The Blogs

Previous Next
Data Privacy Monitor
GDPR Spurring Legal Reforms in South America With New Legislation in Brazil
By Brian P. Bartish, Laura E. Jehl
October 30, 2018
As organizations continue to grapple with the requirements of the EU General Data Protection Regulation (GDPR) even months after its effective date, one thing is clear: The impact of the regulation extends far beyond an organization’s...
Read More ->
Data Privacy Monitor
EU-U.S. Privacy Shield Framework Joint Annual Review 2.0
By David M. Brown
October 30, 2018
As we previously reported here, the Federal Trade Commission (FTC) announced several enforcement actions in late 2017, on the eve of the first annual joint EU-U.S. review of the Privacy Shield Framework. Now the second annual review of the...
Read More ->
Data Privacy Monitor
The Weekly Privacy Rewind
October 25, 2018
Class Actions Plaintiffs Seek Approval for $4.3 Million Settlement With Sonic in Credit Card Data Breach Suit • Following a variety of lawsuits against fast food chain Sonic Drive-In related to a 2017 credit card data breach, plaintiffs...
Read More ->
Data Privacy Monitor
FDA Regional Incident Preparedness and Response Playbook Provides Guidance to the Healthcare Industry for Large-scale, Multi-patient Medical Device Cybersecurity Incidents
By Paulette M. Thomas
October 18, 2018
Earlier this month, the Mitre Corporation, on behalf of the Food and Drug Administration (FDA), released the Medical Device Cybersecurity Regional Incident Preparedness and Response Playbook (the Playbook) as part of the FDA’s ongoing...
Read More ->
Data Privacy Monitor
Broker-Dealer and Investment Adviser Agrees to Settle SEC Enforcement Action Arising From a Data Security Incident
By John W. Busch, William R. Daugherty
October 18, 2018
The U.S. Securities and Exchange Commission (SEC) recently announced a consent order settling an enforcement action brought by the SEC against Voya Financial Advisors Inc. (VFA) in connection with a data security incident that occurred in...
Read More ->