Many organizations are slow to realize the threats posed by ungoverned collaboration and information sharing.
With the evolution and proliferation of collaboration and information sharing tools (from consumer-focused, online document sync and share applications through to social networking sites), improved mobile connectivity, the adoption of agile working practices, and device affordability, users are becoming increasingly self-sufficient and in control of their own IT provisioning.
Essentially, organizations’ perimeters are deconstructing. This paradigm shift from organizationally-defined to user-defined information governance means that organizations are losing control of business activity and data.
A loss of control over commercially sensitive or highly regulated information can involve significant legal risk, according to the multinational law firm Fieldfisher, including:
- Breach of data protection and privacy. Organizations need to be on heightened alert when it comes to the sharing of personal information. The unlawful sharing of personal information can lead to regulatory fines, litigation and brand damage through bad publicity.
- Breach of duty of confidence. Organizations that hold information under a duty of confidence risk litigation and damage to their commercial interests and business relationships if the information is shared in breach of that duty.
- Breach of litigation rules governing the preservation and disclosure of documents and evidence. Most jurisdictions require the parties to litigation to preserve documents and evidence and to give disclosure to the other party. Organizations that do not manage their information properly face court sanctions, increased legal costs and the loss of the case if they do not comply with their obligations.
- Breach of corporate governance rules. All companies need to keep good records of their sales and purchasing activities; listed companies need to be careful about breaching stock market disclosure rules and the risk of insider trading; large companies with market power need to be careful about anti-trust behaviors resulting from the creation of cartels. Failures of good corporate governance around records-keeping and information sharing can put organizations in breach of a myriad of regulations, exposing them to regulatory sanctions and brand damage.
Recommendations to reduce or avoid unacceptable legal risks
In order to reduce or avoid unacceptable legal risks, Fieldfisher recommends that organizations take the following actions:
- Adopt a considered position on collaborative working and information sharing. CIOs and CISOs will understand that safe and secure collaborative working and information sharing requires planning and a methodical approach to the assessment of risk. Ignoring the issues is the speediest route to legal problems.
- Be aware of the phenomenon of unofficial “self-procurement” of technology in the work place. As the “Bring Your Own Device” (BYOD) phenomenon reveals, workers do self-procure IT applications and solutions to facilitate collaborative working and information sharing, often using their personal devices, equipment and online accounts.
- When choosing a technology solution for collaborative working and information sharing, focus also on enabling “good governance”, in addition to the technical ease of sharing. A good platform should enable the organization to track, log and control how information is shared. Bear in mind that email was not designed to offer good governance, and carefully evaluate the quality of the governance offered by new, consumer-type online file sharing applications.
- Work with a technology vendor with a proven track record in facilitating and supporting safe and secure collaborative working and information sharing. A high quality vendor will be able to demonstrate deep experience and sector understanding built up over many years of engagement with enterprise customers, and will have substantial customer support operations in place to help deal with queries and problems. In other words, organizations need good governance for collaborative working and information sharing. We summarize our recommendations for good governance at the end of this document.