T.S. Eliot wrote, “Only those who will risk going too far can possibly find out how far one can go.” While this may be an inspiring philosophy in many respects, it is a dangerous path for corporations that push the envelope by allowing potential risks to fester unchecked in their data. By ignoring the perils lurking in their information stores until forced to examine their data by discovery or a regulatory investigation, companies miss opportunities to identify and remedy problems before they create liability.
The companies that do examine their data before litigation or investigations arise typically rely on traditional approaches to risk management, which include internal audit software and whistleblower training; however, neither is an effective early detector of risk. For instance, while software can mine structured data for clues as to possible infractions, it cannot parse the universe of unstructured data, such as e-mail, voice recordings, and social media, where potential violations are most likely to hide. But if companies apply other tools, such as analytics, to unstructured data, they are more likely to unearth telltale communication patterns that may be indicative of risky behavior.
As the regulatory environment continues to become more complex on every level—federal, state, and local—and in many industries—including energy, financial services, health care, and pharmaceuticals—and as enforcement actions become more frequent, legal departments must stop taking a retroactive approach to their data. Instead, they should adopt a more forward-looking strategy using data analytics tools that will enable them to uncover violations of laws, regulations, and industry standards, such as the Fair Credit Reporting Act (FCRA), the Health Insurance Portability and Accountability Act (HIPAA), and the PCI Data Security Standard (DSS).
Please join us at LegalTech New York on February 5 to learn how your organization can use data analytics to proactively detect risk and to discover best practices for implementing effective risk management programs.