How to navigate big data’s legal minefield

EY CIO blog - navigation

Lawyers are the butt of a thousand jokes – and, so the cliché goes, generally not to be trusted. Perhaps Mario Puzo, author of The Godfather, sums up the sentiment best through one of his mafia dons: “We are all honorable men here; we do not have to give each other assurances as if we were lawyers.”

Here’s the thing though. When it comes to big data and analytics, a CIO’s opposite number in the legal department may be the best friend they never knew they needed. For while organizations are increasingly focused on the opportunities from data, very few have begun to grapple with risks – particularly the legal and regulatory dangers.


The legal issues that organizations face as they seek to drive value from data differ by industry and by jurisdiction. But whatever your business, failing to confront these questions will leave your organization vulnerable to legal sanction and reputational damage. Above all, it is data protection – especially of personal data – that represents the biggest legal challenge for companies.


Consumers are increasingly forced to trust the companies they interact with as custodians of their personal data. Unsurprisingly, then, data legislation is evolving quickly. The EU, for example, is on the verge of introducing data protection legislation that will affect any organization doing business in Europe, whatever its nationality. In the US, Senator Patrick Leahy reintroduced the Personal Data Privacy and Security Act this year, hoping to tighten up rules on protection of personal data.


All told, CIOs simply cannot afford to ignore all this. Here, cooperation with the legal function can provide crucial risk management skills and advice on legislative changes. Research conducted by EY suggests they will need to apply four clear principles:


  1. Tackle legal risk from the center. An uncoordinated risk management strategy, implemented through business silos, risks breaching compliance duties applicable to the organization as a whole, rather than to individual subsidiaries.
  2. Overhaul information management practices. Organizations that are not in control of their data cannot manage risk effectively. Yet too few enterprises have a complete view of what data they hold, in what form and where – or how it is being used across the business.
  3. Build new legal architecture for big data. Companies are hiring leaders such as chief data officers to exploit analytics opportunities. But roles aimed at data protection, such as chief privacy officer, will gain importance.
  4. Link risk with opportunity. Good risk management can be one way for an enterprise to drive value from its data. They can do this by establishing a reputation for market-leading practices, for example, or by building closer and more consensual relationships with customers based on mutual benefit.

In other words, forward-thinking CIOs look on their legal colleagues not as foes to be outmaneuvered or managed, but as partners who can help the enterprise realize the potential of big data and analytics. Just keep an eye on the bill.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s