Information governance key for businesses amid privacy reforms
The spate of recent cyber security breaches has highlighted the importance of information governance, according to a legal technology provider.
Ahead of his panel session at the Corporate Counsel Summit 2024, TransPerfect Australia Director Tom Balmer said robust information governance is going to be critical for businesses in order to comply with upcoming privacy reforms.
Preparing for privacy reforms
The Privacy Act Review Report was released in 2023 and received broad government support.
Among a number of significant proposals is the removal of the small-business exemption, which would exempt small businesses with turnover of less than $3 million from the application of the Privacy Act.
Moreover, individuals would likely have new rights around the collection and handling of personal information, including rights of explanation, correction and erasure, as well as claims they may make where their personal information is mishandled.
This is significant because while only the Office of the Australian Information Commissioner (OAIC) may bring direct actions, the direct right of action for individuals could increase the volume of privacy-related litigation.
Lawyers Weekly reported last year that for law firms and businesses of all sizes, this proposed direct right of action would provide clients that have suffered harm due to a cyber attack the right to bring potential legal action in court for breach of privacy.
Data landscape changing at lightning speed
To combat cyber security threats, Mr Balmer told Lawyers Weekly that his organisation is focused on how businesses handle data during an investigation or litigation.
With the growing use of instant messaging services, the data landscape is changing rapidly, and businesses are required to keep pace, he advised.
“For example, in a traditional investigation or discovery process, we used to look at just emails or content on file servers when searching for data,” he said.
“But now, we have to take into account Teams messages, WeChat, WhatsApp, and text messages, as well as a myriad of other new sources of potentially relevant data. These are all incredibly important to a case because of the amount of data that is held.
“Handling that efficiently while also respecting an individual’s privacy is challenging, but it’s something we’ve adapted to.”
As a partner to law firms and corporate legal teams, TransPerfect Legal helps collect, organise and manage key data within litigation for its clients – while also helping establish better information governance practices, in line with the organisation’s operations, resources, and regulatory environment.
What steps should businesses take?
Mr Balmer said that good information governance across Australian organisations is rare – but it’s a key factor in helping reduce the risk of privacy-related litigation or regulatory investigations when done well.
Undertaking a data mapping exercise (technology-driven or simply by getting the right stakeholders in the room) to understand what data the company holds, where it is stored, who owns the data and its retention policies is the first step in significantly reducing the cyber, regulatory, and privacy litigation risk.
As part of this process, designing a workflow to access their data quickly for review by their lawyers (internal or external) is a valuable asset if faced with litigation or an investigation.
Mr Balmer recommended establishing strong relationships with outside counsel, particularly if the in-house counsel team is small, examining the value their external law firms provide, and asking for information on the workflows, technology, and providers they use to manage their data – helping to reduce third-party cyber risk.
“All of this has come under the spotlight more recently because of the major data breaches that have occurred. It’s important to note that they’re going to continue,” he warned.
“Companies need to take a long, hard look at how they manage their data internally to be able to comply with privacy regulations and avoid potential class action litigation associated with privacy breaches – which are prevalent in the US and on the rise in Australia.”
He concluded: “Establishing a good relationship with regulators is also extremely helpful – while it may not necessarily avoid further investigation or litigation, companies may see more leniency/kinder timelines when they respond quickly to regulators’ requests.
“A lot of companies aren’t prepared, or don’t have the resources or established workflows to be able to respond quickly, which doesn’t shine a positive light on them when the regulator comes knocking.”
To hear more from Tom Balmer on how you could prepare your business for litigation in an increasingly litigious climate, come along to the Corporate Counsel Summit 2024.
It will be held on Thursday, 2 May 2024, at The Star Sydney.
Click here to book tickets and don’t miss out!
For more information, including agenda and speakers, click here.