Data Regulation: How to Implement Technological Solutions
Data is an exceptionally valuable resource – some even refer to data as the modern version of oil. Protecting this asset should be a central business concern, it should not – as is often the case – be considered an information technology or legal issue. The Protection of Personal Information Act 4 of 2013 (‘POPIA’) and the Promotion of Access to Information Act 2 of 2000 (PAIA) have meant that many South African businesses have considered technological solutions in their quest to ensure compliance with data processing and access laws, and to manage data in general. What key considerations should a business take when implementing technological solutions for data regulation? The list below is flexible, and by no means a closed list, but some key points to consider: What is the business trying to achieve? This sounds like an obvious question, but to avoid a “tech for tech’s sake” approach, give careful thought to the exact purpose of the solution. Is it to facilitate POPIA compliance? PAIA compliance? Does the GDPR apply to the processing activities of the business? How will the solution be implemented in the specific business? Will it replace or compliment an existing compliance framework? How will the solution aid a business imperative or a legal obligation? Consult with relevant stakeholders in the business with a view to developing a comprehensive plan. Each business will differ, but from board to tech to legal – consider the “what” and the “how” set out above and ensure everyone is pulling in the same direction. Ensure that the solution proposed is going to a) solve the problem, and b) be capable of delivery from a technological perspective (e.g.: is mobile required? Do you have iOS and Android functionality? How will it fit into the existing IT environment?). Avoid an approach where business critical decisions are taken in silos. To be sure, you can’t please everyone, and not everyone will agree – but consult widely and gather all the relevant information. Develop an implementation plan. Use the information collected from the first three steps to develop a comprehensive plan that should address the “what” and the “how”, and detail how the proposed solution addresses this in the context of the business concerned. In addition, consider the risks, the costs, and the resources required. Set out how the solution will assist the business or increase turnover or reduce costs etc. Critically evaluate the software. What will it assist in achieving? Are the claims made by the platform objectively verifiable? How is the user experience? What are the license terms? Critically, as part of your evaluation, with the greatest of respect, be sure that you are not taking legal advice from someone not qualified to give you that advice. For example, if the “what” and the “how” relate to POPIA compliance, consider, independently, the obligations imposed by POPIA and its Regulations, or seek professional advice on those issues. POPIA and its regulations provide that a responsible party (the term applicable to a person who processes personal information) must, amongst other things, perform a risk assessment and develop, implement, monitor, and maintain a compliance framework. In addition, responsible parties should conduct training and develop measures and systems to deal with data subject requests. Above all, responsible parties must ensure that they are complying with the 8 conditions for lawful processing set out in the Act. Consider the following: does the application achieve compliance in one or more of these aspects? What manual intervention will be required? Implementation. What is required to get the solution off the ground? What user training is required? Post-implementation. What support is needed? How often will the tech be reviewed? Tech is never static – the law changes rapidly too. Create an internal champion (if not already in place) and drive regular reviews of how the project is actually working, and what changes in future may be required. Can one use a software application to solve all of your compliance problems? Probably not. Depending on the problem and use-case, the right application can certainly go a long way to assisting with compliance, but using POPIA as an example, usually, a risk assessment and training will need additional human input and classifying and inserting data remains a thorny issue. Although I obviously cannot say I have reviewed every software package available, it is likely that each application will have its own pros and cons and will likely need to be supplemented in some way. Accordingly, it is key to have a firm grasp on what legal requirements you are seeking to satisfy by using tech, and then evaluate how it is being achieved. Tech has come a long way over the past two decades. Those who started practice in and around the turn of the century will have experienced tech as a fax machine and a clunky practice management system that was slow and counter-intuitive; this has changed but look at things carefully before deciding you are “fully compliant”. Also: remember, as at end October 2022, the Information Regulator has not endorsed any specific application, and one will not be able to defend a claim from the Regulator or a data subject with “the software told me it was compliant with POPIA”. Finally, I look forward to unpacking this topic at the Tech Fest on 8 November 2022 in Sandton, where I will look at this in light of the steps required to achieve data protection compliance, and to briefly review issues such as the role of the Information Regulator, cross-border data flows, and South Africa’s regulatory regime in comparison to the EU and the UK. About the Author Dr Lee Swales – Attorney and Law Lecturer, Livingston Leandy Incorporated Lee is a senior commercial attorney and law lecturer. He focuses on technology related legal issues, commercial agreements, data protection, and regulatory compliance. Lee primarily advises clients on a wide range of commercial and corporate matters as well as data protection compliance, information and cyber security, crypto-currency regulation, software agreements, and intellectual property related issues. Lee is passionate about technology’s intersection with the law, and the future of digital assets in the Web3 environment.
The Role of Data Strategy in Driving Competitive Advantage, Productivity, and Profitability
Developing your data strategy might not be on your priority list right now, but converting your organization to be a data-driven business could be just the transformation you need to bounce back. Hindsight, as they say, is 2021; and we are already finding that this year has proved illuminating for many organizations who, under mounting contractual questions from clients and pressure on their bottom line, have realized how valuable an asset a data strategy could be for their business. But data isn’t just about answering your contractual questions quickly and accurately, although this too is an important outcome. It’s about answering business questions, managing risk better, and finding the hidden opportunities inside your contracts that drive value, cost savings, and revenue to the bottom line. According to The McKinsey Global Institute, data-driven organizations are 23 times more likely to acquire customers, six times as likely to retain those customers, and 19 times as likely to be profitable as a result. These findings are reinforced by The BARC Leadership Survey from 201, which states that a good data strategy delivers an average of 8% increase in profit and 10% reduction in cost on a baseline. But, according to Harvard Business Review, data strategies across the world are chaotic at best, and non-existent at worst. It states that less than half of an organization’s structured data is actively used in making decisions and less than 1% of its unstructured data is analyzed or used at all. While there are myriad reasons for this in the legal sector; one of the biggest is the paralysis around getting the data strategy right in the first place. There is a raft of methodologies available that can help. Most discuss a data strategy in terms of five stages with identification of the data as the start; storage is the second phase; provisioning of the information is third; then the processing, and then the ability to govern and manage that information. But this method doesn’t necessarily fit into the mold of the legal data world. The reason that we believe financial, medical, and personal information is so much more advanced in data strategy is because of the challenging five Cs, with which the legal team must contend: Culture The belief that lawyers deliver exceptionally little, therefore the information is unique to the legal industry and cannot be understood or shared with those outside the fraternity. Colleagues There’s a growing gap between the data-intensive divisions such as finance, IT, and procurement and the legal team who are inundated with information but don’t convert that into a data strategy. Coin There’s fundamentally a lower investment in data compared to that of financial services providers, so the legal industry and in-house legal always seem to be a step behind. Conflict The challenge between protecting information and exploiting information, is a conflict the legal industry understands and something unique to us and our challenges. This can have a drag effect on the implementation of a more expansive or sophisticated data management strategy. Competition Data allows clients to differentiate between law firms, and even in-house legal teams based on quality, speed, and ease of legal services, which makes many in the legal profession uncomfortable. But if the existing data strategy methodologies are not molded to the legal sector, how can law firms and in-house legal teams develop their own, more applicable data strategies? We believe there is an alternative method that has already proved highly effective with our clients. Our process is underpinned by the understanding that nobody owns the data. To succeed, every data strategy must have cross-departmental collaboration at its heart; turning data into information cannot be achieved in silos. Our six-stage process for your data strategy is: 1. Start with the business question that needs an answer and contextualize that question Starting with the commercial question can be more challenging than the following steps. You need to consider not just what is the problem you are trying to solve, but put that question into context within your business. How does the problem or the business question we need answering fit into our corporate strategy or our roadmap? 2. Identify which data sources can answer that business question This is why sharing data must underpin every data strategy – your data sources will be across procurement, finance, sales, and legal combined. 3. Hire or train the data experts Having the right people on board is vital, but not easy. According to McKinsey: “Another challenge is attracting and retaining the right talent — not only data scientists but business translators who combine data savvy with industry and functional expertise.” These teams or individuals must deliver on managing the data sources to respond to that business challenge or question, so having a third party here can be more appropriate. 4. Deploy legal analytical overlay This analytical overlay must be applied across all the different business verticals. This is not a bolt-on; this is a crucial element in creating your analytics to give you the business outcomes and commercial answers you need. 5. Finally, begin your data gathering Any solution you choose must gather and understand contextually both structured and unstructured data. This is the only way you can ensure that you are getting the complete picture from your data. This methodology is a roadmap for how to start accessing the data you need to answer your commercial questions. Alongside this six-stage strategy there are several other considerations that we believe must be factored in throughout to ensure the success of your data journey: Define success: Many legal teams struggle with understanding the success factors of a data strategy and therefore find it difficult to present a business plan to the wider organization. But carefully and critically defining success in terms of the ROI and the commercial impact on your business is crucial. Without defining success and the financial metrics, it’s extremely difficult to find the buy-in that you require from stakeholders, financial backers, and internal champions. Work with an expert to design and implement a solution: This seems obvious, but there are no out-of-the-box solutions when it comes to a data strategy. Every case study or webinar has nuances as to why it worked for some clients in certain situations and not in others. Launch a pilot project: This allows you to find those quick early wins and maintain momentum on the strategy. It also demonstrates to stakeholders and the C-suite that there is a real impact to be gained from your strategy. Measure impact and continuously improve your strategy: One of the risks with any data strategy is being so caught up in the process that you forget to continuously measure impact and to improve on your strategy. A failing that is often ascribed to legal data is that it doesn’t take into consideration shifting conditions. We live in a time of immensely shifting conditions and your data project will be at risk if you can’t measure the impact of these changing conditions on your strategy, cost, and timelines. Senior support: We’ve discussed previously how your culture is crucial to the success of your data strategy. Having C-suite engagement and understanding at the right level is vital, as well as having champions throughout the organization, particularly in IT and procurement, is essential. Data has become a critical corporate asset. And, given the current climate, inquisitive clients, and pressures on the bottom line, the C-suite is now hungrier than ever to know what their biggest asset is worth. Data isn’t going away, it’s multiplying year-on-year and the importance of managing your data strategically is central to the success of your organization. Having a robust data strategy in place, infused with analytics, will be the driver of your business growth and ensure that your business evolves, not just survives, in the all-new post-COVID world. Don’t leave your data strategy to chance; contact us now to find out how you can benefit from our expertise and technology.
Demystifying the Vendor Conundrum: The Areas of Need
The changing landscape of legal sees many companies supporting an in-house legal counsel model, which brings great benefits for the company – some of which include risk management, access to legal support, performance management and succession planning. Samiksha Kader, Legal Counsel at Tiger Brands will be presenting at Legal Innovation & Tech Fest, sharing her learnings around the needs and challenges presented for in-house counsels. We caught up with Samiksha in the lead up to the event. Samiksha – we look forward to having you present at Legal Innovation & Tech Fest. What motivated you to get involved as a presenter at the event? I realised that many of the challenges faced and experienced by myself are also experienced by my colleagues and I would like to share my thoughts on the vendor conundrum as well as share possible solutions, and also learn from fellow colleagues on how they deal with common challenges. Tell us about your story/career journey in the legal space? And what do you enjoy most about your work? I was raised by a single mom. I was exposed to a very different reality than many of my friends and family, where my mum being the sole provider in the household and also my sole caretaker filled the role of what I later learned to be associated, in some instances with the role of a “man in society”. Being exposed to such an independent and strong female role model, I began to question at a very young age how society viewed and treated women. Given the strong opinions I would share, people regarded me as a feminist and in time, that passion to fight against the stereotypes of the world expanded to fight against racism and violence against women. I believe that law was already in my story long before I realised it was. I always want to contribute in some way to a better place to live. I suppose I gravitated to law to make that difference. Through my career, I was exposed to many aspects of the field, from matrimonial law, criminal law to IT law. I spent much of my career at Business Connexion Group, an ICT company. I really enjoyed being part of an innovative industry. What I enjoy about my job till today is that I am exposed to all facets of trade, which I get to learn about i.e. FMCG, IT, Pharmacy etc. I am still very much a human rights law enthusiast and although I have not had enough time to dedicate to it, I believe that I will keep trying to make that difference, however small. A challenge for in-house counsels is wading through the vendor conundrum to find the solution that supports all the requirements seamlessly. What are the areas that need to be focussed on to get this process right? 1. Data Management and record retention 2. Workflow management (audit trail, workflow and work load management, benefit analytics) 3. Template generation tools. About the speaker Given her background of being a specialist in ICT Law and having worked for one of South Africa’s most prominent ICT companies, Samiksha Kader had access to a fair amount of technology at her fingertips, most of which was never meant to support legal, but Samiksha found ways to make it work for legal. She is obsessed with efficiency and is always looking for answers to work smarter. Samiksha is very artistic in nature and believes the practice of law is an art form not administrative. She loves freedom, peace and nature. Her main ambition in life is to live with passion and love.
The 8 Hottest Topics Shaping Legal This Year
This year sees the launch of the Legal Innovation & Tech Fest in South Africa, the first event of its kind in the country. You might be wondering how the agenda for this event is developed so as to be on point with the latest pressing issues in the industry. It’s down to a unique research methodology that really gets industry professionals speaking their minds and sharing real challenges, plans and trends. A series of roundtable discussions and interviews with legal professionals results in a list of hot topics that have been debated and discussed within the community. It is these topics that will shape the agenda for Legal Innovation & Tech Fest 2018. This Year’s Research This year’s research groups saw over 100 senior professionals from law firms, in-house legal teams and alternative legal service providers getting together for small face-to-face discussion groups facilitated by an industry thought-leader in Cape Town and Johannesburg. Discussions revolved around the challenges and ideas for improvement and innovation in the world of law. Key Themes The following 8 themes emerged from the roundtable discussions as being most important to the legal community: The legal ecosystem, legal business and the lawyer of the future Building the skills and capability for successful innovation Data-driven decision making – what you can measure you can manage The strategy, the ROI and the business case for innovation, change and collaboration Leveraging user experience to drive user adoption Demystifying artificial intelligence, automation and augmentation The vendor conundrum – sales, implementation and beyond Stakeholder, project and change management The discussions around these topics were captured in an extensive research report which you can download here for more detailed insight. Legal Innovation & Tech Fest 2018 The inaugural Legal Innovation and Tech Fest will launch in South Africa in June 2018 and will demonstrate how legal innovation is being enabled by technology through a combination of case studies, thought-leader presentations, discussion groups, product demos and panels. All based around the key topics brought forward by the community in this report. We look forward to building the agenda and continuing the inspiring conversations around these themes. See you at Legal Innovation & Tech Fest 2018!