As consumer data privacy laws become more country, state and even sector-specific, legal technologists are discovering that how they manage and store data has taken on new urgency. In the process, they’re finding that by creating and adhering to data standards, other internal processes can be simplified as well.
In managing data for any reason, be it new client intake or customer privacy concerns, creating data standards should always be the first priority. But merely creating data standards is not enough. Data standards need dedicated enforcement – that’s where data governance comes into play. Many executives in the legal field, and even IT professionals, confuse data standards with data governance. Simply put, the term data standards applies to the information itself –the data that is collected and stored. Data governance encompasses all the tasks that need to be performed in order to transform data so that it aligns with the data standards.
When applied to the collection and use of personal data, standardization is only now emerging as the nexus of complex laws and diverse consumer preferences in order to ensure transparency. Seen under the harsh lights of regulatory compliance, data governance aligns IT and Business to define data ownership and policies, decision rights and escalation procedures. With regard to privacy initiatives, data governance determines who owns the data, how and by whom data is created, how and by whom data is updated and who arbitrates decisions when disagreements arise, or new needs are identified.
However, creating a set of data standards isn’t a one-and-done exercise. Standards also must encompass hierarchy and taxonomy. In a law firm for example, or in any business that collects any kind of data – personal or otherwise – hierarchy is the ability to group like items together in multiple ways for purposes of displaying the item in downstream systems and reports. The taxonomy classifies the product and creates specific attribution for the product by category. To illustrate, what follows is a somewhat over-simplified personal injury data standards scenario:
Item A: Case #12345
Taxonomy Node: Personal Injury
Hierarchy Nodes: 2018 Cases, Cases in Alabama, Cases involving Tree Falling, etc.
Item B: Case #67890
Taxonomy Node: Personal Injury
Hierarchy Nodes: 2020 Cases, Cases in Alabama, Cases Involving Automobiles, etc.
Item C: Case ABC12345
Taxonomy Node: Personal Injury
Hierarchy Nodes: 2020 Cases, Cases in Missouri, Cases Involving Tree Falling, etc.
Although each of the case numbers above fall into the “Personal Injury” taxonomy node and share like attributes, they are split up based upon different scenarios (by state, case type, etc.). This method makes the core data principles sound but allows flexibility in how to view the data.
A master data management (MDM) platform can be a useful tool for firms and companies that collect large amounts of diverse data that require varying data standards. For example, with proper data standards in place, MDM automates the process of flagging extraneous data within its taxonomy and hierarchy. MDM also provides other helpful tools, such as the capability to search public records of similar cases, applying the standard taxonomy and hierarchy.
Turning to consumer data privacy laws, companies and law firms have a high volume of information stored that falls under the purview of consumer data privacy laws. Non-negotiable data standards help ensure that there isn’t extraneous, inaccessible information being stored and shared with clients that they do not have a legal right to have – for example, other personal injury cases which an attorney has referenced in their notes.
So, what happens if data standards are not followed? For instance, using the personal injury example, if there are multiple consequences, several people or different locations involved? Data governance also applies to how to manage “unexpected” data – data to which the standards were not applied – by flagging it and then transforming it to meet the data standard.
To review, data standards determine everything that comes after—taxonomy, hierarchy and finally, and most importantly, governance. But data standards are a two-way street. Getting data in properly is essential so that it is handled properly on its way out – especially when requested by a client under consumer privacy laws. That’s the key to why data standards are imperative for storing and securing data: so that it is only accessible to those who should have access. And, consequently, an individual only has access to the data they are actually entitled to.
Even when employing a data management program, such as an MDM platform, that collects and stores data based on a set of data standards, the human element remains essential. A specific person should be assigned to handle data governance and have the capability to transform all information to align with the data standards. The person assigned to this task will vary from organization to organization and the role itself is currently in flux.
In summary, achieving data standardization has become a prerequisite for attorneys, law firms and in corporations. Creating and implementing data standards focuses on several key data governance considerations:
Auditability – Data-related decisions, processes and controls subject to a data governance program must be auditable and include the necessary documentation to support compliance-based and operational auditing requirements.
Accountability – A data governance program must define responsibilities for cross-function data-related decisions, processes, and controls.
Checks & Balances – In defining accountabilities you will need to introduce checks-and-balances between business and technology teams, as well as, between those who create/collect data, those who manage it, those who use it, and those who introduce standards and compliance requirements.
Change Management – The data governance program must support both proactive and reactive change management. Simply for sustainable success in projects that involve data, you need to control how and when that data changes.
Data standards and data governance may seem complex. In fact, there is a risk – especially in the legal profession – of overcomplicating a governance plan. It’s important to keep in mind that data standards actually exist to simplify the process of compiling and storing data. The goal is to get the most use out of your data and make it accessible, when, where and by whom it is most advantageous.
Originally posted here: https://www.law.com/legaltechnews/2021/05/13/what-legal-technologists-need-to-know-about-data-standards/?cmp_share&slreturn=20210414091818