Beginning Next Week: InsideCounsel will become part of Corporate Counsel. Bringing these two industry-leading websites together will now give you comprehensive coverage of the full spectrum of issues affecting today's General Counsel at companies of all sizes. You will continue to receive expert analysis on key issues including corporate litigation, labor developments, tech initiatives and intellectual property, as well as Women, Influence & Power in Law (WIPL) professional development content. Plus we'll be serving all ALM legal publications from one interconnected platform, powered by, giving you easy access to additional relevant content from other InsideCounsel sister publications.

To prevent a disruption in service, you will be automatically redirected to the new site next week. Thank you for being a valued InsideCounsel reader!


Records and e-discovery processes can improve data security

Legal departments can play an important role in data security.

Every day it seems as though I read about another company that has suffered a data security breach. From Sony having its PlayStation network hacked to Citibank’s Visa cards being compromised to the release of files purportedly stolen from AT&T, Corporate America’s information infrastructure is under attack. There may be an important role for the legal department in helping to defeat these threats.

Data security faces a fundamental challenge: How do organizations provide employees, customers and other legitimate stakeholders access to data while, at the same time, limiting access to the “bad guys” and other non-legitimate users? Problems arise when companies do not know what type of data they have, have not defined what security and access is appropriate and where data resides. This is where the legal department’s records management and e-discovery processes can play an important role.

Record Retention Schedules – Many companies are updating their record retention schedules to not only include what types of records they have and how long they should save them, but also to include the level of security and privacy each type of document should be afforded. Updating a record retention schedule is an excellent opportunity to review document security. Data security classification is an important step to locking down data, and many organizations already have a useful record retention framework to conduct this classification.

e-Discovery Processes – Data security suffers when companies do not know what documents they have where and data breaches often occur as a result of the wrong documents being stored in the wrong place. Legal has faced a similar problem, needing to identify where and which documents contain relevant information during litigation. The same in-house e-processes companies have developed for e-discovery may and should also be leveraged for data privacy. Many legal departments are already pretty good at this. Data often leaks to where it should not be, and legal departments often already have a framework in place to find and control it.

Data Deletion – I have often mentioned in this column the importance of effective and defensible data deletion as part of a record retention program. Many records and documents containing sensitive information have little business value beyond a short period of time, and should be deleted early and often. Effective data deletion is not just for records anymore.

Although not part of its traditional role, the legal department has an important role to play in data security. 

author image

Mark Diamond

Mark Diamond, Founder & CEO of Contoural, Inc., is a regular contributor to Inside Counsel on Litigation Readiness and Records Information Management. You can e-mail...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.