Information Governance

Overview

We work carefully to understand clients’ information governance profiles and tailor solutions that fit their specific needs, risk tolerances, and regulatory and industry footprints. Clients trust us to help them navigate changing information governance paradigms, reducing risk and cost and positioning them for success.

The risks associated with outdated or faulty strategic information governance are growing as clients face record-keeping compliance penalties, e-discovery costs and sanctions, and expenses and reputational harm associated with frequent data privacy and security incidents. Success depends on the intelligent use and protection of information, but the governance of that information warrants a dramatic and unprecedented change in practice.

To assist clients in managing the maze of potential information governance hazards, our nationwide team includes certified records managers, certified privacy professionals, security professionals and international litigators. We have established relationships with an extensive network of foreign law firms and experts, ensuring the timely delivery of reliable and accurate foreign legal advice when necessary. We also partner with and direct third-party service providers when appropriate.

Our spectrum of services includes:
  • Strategic advice: We provide organizational-level advice, enterprise-wide consistency, compliance with regulatory and legal requirements, and informed prospective guidance for year-on-year success – even when confronting drastic technological and client compositional changes. Advice requires understanding, and our combined interview and investigative approach begins by showing clients where they stand before solutions are provided.
  • Information management – technology and solutions: Our professionals work closely with clients and BakerHostetler’s information technology and transactions teams to develop requests for proposals, select appropriate vendors and solutions, and execute safeguards for the use of those solutions.
  • Information use – policies and schedules: We advise clients on information governance policies and schedules, the creation and modification of those policies, and the maintenance and overhauling of related schedules. Proper policies and schedules provide clear instructions for handling personal and client information, a standard for audit and improvement initiatives, and a foundation for new internal technologies and processes.
More »
  • Prospective corporate activity: We provide due diligence in the context of mergers, acquisitions, asset purchases and divestitures to extract information of value; to assist with legal hold requirements; to help plan IT investment and data migration projects; and to harmonize information governance policies and schedules in a cost-effective way.
  • Corporate audit: We assess information governance practices for information management, security and client contractual obligation gaps.
  • Legacy remediation: We perform legacy remediation projects in the context of clients’ information governance policies and schedules, existing legal hold requirements, internal informational data analytic initiatives, and risk tolerances. We supervise the appropriate disposal of information as well as the proper categorization and intelligent use of information through new technologies and processes.
  • Expert, officer and employee training: We assist clients with the preparation of 30(b)(6), state analogue, and other expert and client-representative witnesses for client information governance practices. Likewise, we train client officers and employees on the proper operation of information governance policies and schedules and their intersection with data privacy, data security and e-discovery issues.
  • Special projects: Multinational clients demand additional knowledge and varied experience. Our multidisciplinary teams combine significant multinational experience to address cross-discipline information governance projects that involve data privacy, data security, e-discovery and information analytics issues.

Select Experience

  • Provided records policy guidance and advice to a multinational organization with offices in 30 countries and an operational footprint in 130 countries; provided additional technological analysis for records associated with communications technologies and bring your own device (BYOD) initiatives.
  • Advised on deal structure considerations involving information governance, cross-border transfer and data disambiguation issues for a multinational organization’s stock-purchase acquisition of a United States company. The acquisition focused on a substantial customer database and related document management and permissions issues.
  • Engaged in comprehensive records policy and schedule drafting, revision and deployment to a technology provider of mobile, telephone and web communication services; revamped then-current processes, working closely with the legal department through a multistage, iterative project.
  • Provided a nonprofit housing authority with revisions and guidance to existing records and information governance practices – including staffing direction and compliance considerations – during business transformation and restructuring processes.
More »

Experience

  • Provided records policy guidance and advice to a multinational organization with offices in 30 countries and an operational footprint in 130 countries; provided additional technological analysis for records associated with communications technologies and bring your own device (BYOD) initiatives.
  • Advised on deal structure considerations involving information governance, cross-border transfer and data disambiguation issues for a multinational organization’s stock-purchase acquisition of a United States company. The acquisition focused on a substantial customer database and related document management and permissions issues.
  • Engaged in comprehensive records policy and schedule drafting, revision and deployment to a technology provider of mobile, telephone and web communication services; revamped then-current processes, working closely with the legal department through a multistage, iterative project.
  • Provided a nonprofit housing authority with revisions and guidance to existing records and information governance practices – including staffing direction and compliance considerations – during business transformation and restructuring processes.
  • Provided an information governance policy and supporting strategy in conjunction with a legal hold process and documentation for a multinational consumables retailer and provider of data analytic services. Reviewed and provided guidance on specific record retention schedule issues.
  • Consulted on cross-border transfer, data hosting and storage, and information governance advice for a multinational technology organization considering human resources data hosting and consolidation efforts for Latin American operations.
  • Advised on information governance and related privacy considerations and representations for a proposed energy company venture and a domestic online consumer lending program.
  • Provided a multistate restaurant holding organization with a record retention policy and schedule guidance on human resources, payroll, OSHA, financial, legal, tax, risk management and project development issues.
  • Provided information governance advice in conjunction with an information security review and recommendations for a nonprofit healthcare services organization.
  • Provided information governance, record retention policy and schedule, and related policy documentation for an energy company’s operations, structured data and device data flows, and employee BYOD considerations.
  • Constructed bottom-up information governance and legal hold regimens, integrating policies and a records retention schedule and social media considerations into a multinational, varied operation business conglomerate seeking to mitigate risk, increase business intelligence and smooth cross-company business operations.
  • Advised a healthcare organization considering application of business associate agreement requirements to existing information governance practices, regulatory retention periods and associated legal hold considerations.

Recognition

  • Chambers USA: Nationwide Privacy & Data Security (2013 to 2018)
    • Chambers USA Privacy and Data Security- Healthcare Spotlight Table (2018)
  • Recognized as one of the top law firms for client service, BakerHostetler was named to the 2019 BTI Client Service 30 for the fifth consecutive year.

Key Contacts

Blog

In The Blogs

Previous Next
Data Privacy Monitor
EU Updates: ePrivacy Regulation Inches Forward, EDPB Issues Guidance on Interplay Between GDPR and ePrivacy Directive
July 17, 2019
Adoption of the ePrivacy Regulation Introduced in 2017, and originally slated to go into effect with the GDPR (on May 25, 2018), it now appears the ePrivacy Regulation will not be implemented before late 2021. With the Romanian...
Read More ->
Data Privacy Monitor
FTC Announces Enforcement Action, Warning Letters for Companies Falsely Claiming Privacy Shield Participation
June 21, 2019
The Federal Trade Commission (FTC) recently announced a compliance sweep of companies claiming to be in compliance with the U.S.-EU Privacy Shield and U.S.-Swiss Privacy Shield Frameworks. The U.S.-EU Privacy Shield and the U.S.-Swiss...
Read More ->
Data Privacy Monitor
Texas Moves Forward With Updates to Breach Notification Law and Institutes Privacy Council to Study Data Privacy Legislation
By Caroline B. Brackeen, William R. Daugherty
June 10, 2019
Texas is one of the many states that looked to be following in the footsteps of California’s enactment of a broad consumer privacy law (the California Consumer Privacy Act), which has far-ranging implications for businesses and consumers...
Read More ->
Data Privacy Monitor
Attempt to Expand CCPA Private Right of Action Fails, While Bills Exempting Employee Data and Otherwise Refining CCPA Advance
By Taylor A. Bloom, Alan L. Friel, Niloufar Massachi
June 5, 2019
Over the past several weeks, the California State Assembly has voted in favor of advancing to the California Senate bills that would narrow the reach of the California Consumer Privacy Act (CCPA). Senate bills did not fare as well and have...
Read More ->
Data Privacy Monitor
Nevada Adds "Do Not Sell" Requirement to Privacy Law
By Alan L. Friel, Shea M. Leitch
June 5, 2019
Last week, Nevada Governor Steve Sisolak signed new privacy legislation into law in Nevada. Senate Bill 220 (SB-220) updates Nevada Revised State 603A to provide consumers a new right to opt out of the sale of their data. Effective Oct. 1...
Read More ->