10 Emerging Compliance and Information Governance Trends

Adequately protecting and securing company data can be challenging. We provide tips and insights on compliance and information governance.

The Securities and Exchange Commission Office of Compliance Inspections and Examinations (OCIE) will increasingly focus on cyber-security and conducting examinations of financial services institutions to ensure appropriate governance and risk assessment, access rights and controls, and data loss prevention are being put into regular practice. Organizations must be prepared to provide and demonstrate proof of adequate security measures and consistent enforcement, which begins with proactive and strategic information governance practices.

Increasing use of cloud-based applications and collaboration tools, combined with a lack of employee awareness to sensitive information, will make controlling data access and security difficult. In FTI Technology’s “Advice From Counsel” study, approximately one-third of respondents said this was the main roadblock in developing and implementing an information governance program.

Financial regulators will begin exercising their ability to demand a full, 360-degree reconstruction of any trade, from pre-trade communications to post-trade activity. Information governance initiatives can help establish the processes and technology that will enable this type of data storage, collection and production across the gamut of data types and sources, including audio recordings and social media messages.

The European Union-United States Privacy Shield agreement will come together slowly, leaving a lot of gray area around data protection requirements for cross-border e-discovery. Cross-border e-discovery involves information gathering for international litigation. Given this, it is important for corporate legal, IT and compliance teams to take action and establish programs that ensure that sound information security and data privacy protections are in place, no matter how cross-border e-discovery is approached in the future.

Data security and compliance with data protection regulations will be the No. 1 driver of information governance initiatives. Companies are focusing on four key areas: securing personally identifiable information for employees, clients and patients; securing IP; protecting against cyber-attacks; and developing systems to ensure secure network access by approved partners.

Big data and legacy data, and legal or compliance-related holds on that data, will be a barrier to implementing effective information governance for many corporations. To resolve this, experts suggest getting outside help from professionals who have the experience in tackling the many moving parts. Big data, besides being simply voluminous, also consists of many content types that may or may not be able to be processed by compliance/governance applications, especially in legacy systems.

Social media content will increasingly come under examination by regulators, and confusion around how to manage and incorporate social media data into deletion/retention programs will set in.

Compliance teams will recognize the importance of either leading information governance initiatives or working more collaboratively with legal and IT to develop information governance. The “Advice From Counsel” study found that the vast majority of these programs are currently spearheaded by legal and IT.

Reliance on outside service providers and experts will increase as regulators become more aggressive and regulatory compliance becomes more complex.

More companies will adopt tools that make it easier for employees to follow compliance protocols and understand data sensitivities.