The Journey Continues: Legal GRC Needs to Include Integrated Defensible Processes

Bobby Balachandran

Apr 14 2021

The following is the third post in a new blog series from Exterro CEO Bobby Balachandran, where he shares his thoughts on the issues legal leaders care about and his vision for addressing them. Read Bobby's last blog here.

Over the last handful of years or so, legal departments—along with the market for legal and compliance software—have changed dramatically. As I mentioned in my lastpost, legal departments are moving away from point software that solves only one or two legal uses to platforms that solve a multitude of business challenges across many use cases.

This is happening for two reasons: One, the market has dictated it. And two, there are solutions available that now solve for a number of legal and compliance use cases.

For Exterro, this started in earnest in 2019, when we acquired one of the top names in privacy compliance: Jordan Lawrence. While we had focused our resources on building the best e-discovery solution on the market, I saw developments in the privacy and compliance markets manifesting my vision for a much broader platform that could cover a range of legal applications—a Legal Governance, Risk, and Compliance (GRC) platform.

The General Data Protection Regulation (GDPR) set the stage for a new era of data protection and privacy compliance that has effectively sparked a new regulatory movement in the U.S. Now, with the adoption of the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), New York’s Department of Financial Services Cybersecurity Regulation, and a host of other regulations, the U.S. is well on its way toward a sprawling data privacy regime that has the potential to continually disrupt the regular course of business. The costs for organizations that fail to adequately address GRC concerns in the wake of these measures are too high to ignore.

The Convergence of Privacy and E-Discovery

I’ve written at length about this topic before, but both e-discovery and data privacy require that organizations are able to identify, preserve and collect data; review, redact and produce relevant data under tight timelines; and attain a comprehensive understanding of their data—what they have, where it lives, who can access it (including third parties), and which regulations govern it. Companies that don’t have a handle on their data practices have faced costly e-discovery, data privacy, and compliance nightmares over the last couple years.

This is what Exterro saw when we acquired Jordan Lawrence: a suffocating increase in scrutiny over how companies handle their data. The acquisition helped us fulfill our vision of becoming the baddest Legal GRC platform out there, capable of solving the complex legal and regulatory challenges facing businesses and automating those processes to save time and money. That’s exactly how we’ve approached our development—and watching our technologies work in concert to solve business challenges is truly a thing of beauty.

Jordan Lawrence’s industry-leading data inventory and data retention solutions are the perfect complement to Exterro’s data management and rich AI capabilities. The combination of these solutions into a comprehensive Legal GRC platform means that it is now much easier for organizations to develop sustainable and robust data inventories for e-discovery and privacy compliance.

For example, we integrated Jordan Lawrence’s top-of-the-line compliance processes with Exterro’s search and collection capabilities to develop our data subject access request solution—one that combines a simple interface that is easy to use for both the requestor and the fulfillment team with the most robust back end to easily address complex requests like those that come from employees, who have data scattered throughout your organization.

Our incident and breach management software combines Jordan Lawrence’s global regulatory library with Exterro’s powerful workflow orchestration to help general counsel implement a robust and defensible response process.

The use cases and capabilities are endless, and as we continue to push new boundaries with our AI, our clients, along with dedicated legal tech watchdogs, can expect some very exciting shifts in the future.

More Privacy Challenges on the Horizon

The GDPR and CCPA removed constraints on discovery by granting citizens unprecedented rights to their data, and there is no sign that the adoption of privacy regulations in all kinds of jurisdictions will slow down any time soon. Even during a year in which the global economy was battered by a pandemic, state and local governments in the U.S. and leaders in other countries have continued to write and implement laws that will lead to heavy fines without compliance.

Companies that don’t have a handle on their data practices, along with well-orchestrated processes for taking action with their data, will continue to struggle.

This is why Exterro is aggressively growing and developing new solutions along the way—and it’s why, a few months ago, we fueled the fire within us by acquiring the world’s top digital forensics firm, AccessData.

In my next post, I’ll talk more about that acquisition, and what it means for Exterro’s current and future clients.

Contact us today to learn more about our products and our
approach to improving how you collect, analyze and use data.
Tell Me More