23 November 2021

Data-driven companies need lawyers in their IT Governance


Organizations need to be agile, efficient, innovative and resilient if they want to operate with more guarantees in this VUCA context and manage to navigate through current rough seas

Information and technology play a key role in order to achieve this goal. In fact, IT governance and management are clear corner stones of the strategy of successful organizations. 

However, this is not an easy task If we take into account that Companies are becoming digital in an exponential way, mainly due to the explosive technological development that has been even more fuelled as a triggered effect provoked by Covid 19 Pandemic. 

This implies several direct and unprecedent consequences that represent new challenges which Organizations must learn how to deal with. The first one is that, as a result of this transformation, the information that companies manage is experiencing a transition from tangible to intangible, appearing a new paradigm where electronic documents and paperless corporations are the most common rule.

The second one has to do with the fact that data volume growth has rocketed in the last few years and the trend is that this pace even will speed up more.

Although estimates vary, some predictions point out that the volume of data worldwide will increase from thirty-three zettabytes (2018) to 175 zettabytes by 2025. It is supposed an increase of 80% in 7 years. And that is not all. Another crucial factor is that the variety of the different data sources are also increasing constantly (multiple systems, programs, apps, files, etc).

All these circumstances are building a new context that requires a deep transformation and changes in the structures and strategies, mainly in those Organizations that have understood the importance of being driven by data, innovation and oriented to seamless and transversal processes. 

But what are these changes? And what role do the Lawyers and Legal Function must play on their implementation?

Some of the most important organisations of legal counsels, such as CLOC and ACC, devote special attention to the evolution and improvement of legal operations maturity and their alignment with the rest of the business. Among the key operations under the spotlight is “Information Governance and Recordkeeping” due to its crucial added value and help regarding regulatory and legal compliance of Corporations.

So, two clear facts stem from the ideas that has been exposed until now. First, that the best way to optimise an efficient use and control of companies’ information is the creation of an Information Governance. Secondly, that the Legal Function must be one of protagonist and active players of this Body.

There are many kinds of tools and training programs that can be used by Legal Counsels with the purpose of creating and levelling up policies, processes and specific actions related to “Information Governance and Recordkeeping”.

I highly recommend that we start by setting up the Governance Body, their functions, their responsibilities and defining the principles that will inspire it. In this task we might resort to reference models such as “The Calder–Moir IT Governance Integrated framework” or the “Information Governance Reference Model” (IGRM) by EDRM, the “Generally Accepted Recordkeeping Principles” (GARP) created by Arma International and ISACA´s principles included in COBIT 5. Both of the remarked reference models include among their areas of Governance, Legal and Compliance.

It could be said, on the one hand, that this situation represents a potential opportunity to Legal Departments and Legal Professionals to grow and become strategic pieces inside their organization and in the other hand, that it also constitutes a legal obligation in a more and more regulated environment.

With all these forces and flows pushing forward, it is time to the Legal Community raises awareness and begins to develop new profiles and TO get skilled in order to handle these functions with solvency. The previously mentioned reference models provide detailed references regarding international norms of standardization and best practices in terms of IT Governance and Management in which the Legal Areas can be trained in order to accomplish this essential function. 

Currently, the most important and globally recognised ones are ISO´s families 38500 and 27000, COBIT 5, ITIL and COSO.

Disruptions and new ways of understanding the legal profession are here. Let´s transform the legal function together. Embrace the change and make the most of these new opportunities.

Copyright © The Impact Lawyers. All rights reserved. This information or any part of it may not be copied or disseminated in any way or by any means or downloaded or stored in an electronic database or retrieval system without the express written consent of The Impact Lawyers. The opinions expressed in this article are those of the authors and do not necessarily reflect the positions or policies of The Impact Lawyers.

Would you like to read more?

The Impact Lawyers offers a FREE newsletter that keeps you up to date on news and analysis about the international latest legal news.
Please complete the form below and click on subscribe to receive The Impact Lawyers Newsletter subscription


The Impact Lawyers Newsletter

  • Practical templates and guides for lawyers and law firms
  • Podcasts, videos and webinars explaining how to be sucessful
  • Tips made by lawyers and other practitioners