The Legal Technology industry tends to focus heavily on North America, and in many ways, it’s easy to see why. After all, technologies and workflows must align with the jurisdictions they are serving, which vary not only from country to country, but state to state.
But when it comes to Information Governance and the management and security of enterprise data, it’s easy for those lines to get blurred. After all, data can exist in multiple locations (or no location at all) simultaneously, and today’s corporations do business with clients and legal partners globally, which means their data is also global.
One might cite the fact that the United States is still the world’s leading economy, with an estimated 21 Trillion USD in Gross Domestic Product. But emerging global markets, such as the BRICS economic bloc, show that industry, commerce, and the data that goes with them, doesn’t just exist in the US.
BRICS is the economic grouping of Brazil, Russia, India, China, and South Africa. Combined their GDP is 20.6 Trillion USD (nearly equal to the United States’ GDP) and they make up 41% of the world’s human population. BRICS has come to represent the height of growth outside of the North America and Europe in the last 20 years, and that growth is predicted to continue. But as markets grow, so do the threats to their data.
High profile global data breaches
As an example, the largest data breach in India during H1 of 2021 was with Domino’s Pizza. In April 2021, an Israeli Security firm discovered a breach affecting data from 180 million orders and 1 million credit cards, as well as “critical insider data of Domino’s India’s 250 employees across various departments such as IT, legal, finance, marketing, operations, etc. The threat actors behind the leak published a sale post on an underground forum demanding 50 Bitcoins from the pizza giant if it did not want the data to ‘go public.’”
In Brazil, “Major data leaks are becoming a routine of sorts…and the government is trying to get a handle of the situation,” according to a February 2021 Forbes article. In one incident, user data from two major mobile phone carriers was leaked onto the dark web, even though there were no appearances of a breach at those companies. And in another, “personal details more than 223 million consumers – including deceased citizens – ranging from taxpayer registration numbers and vehicle data to full assessments produced by Mosaic, the system for geodemographic classification of households” which is run by Anglo-Irish company Experian.
These are just two recent examples of data-related incidents outside of Europe and North America affecting European and North American companies, not to mention the law firms representing them, which are becoming the targets of cyber attacks as well. (For more on how law firms are vulnerable to global cyber attacks, read my recent IPRO blog “Law Firms and Cyber Attacks: InfoGov Isn’t Just for Corporate Legal Teams Anymore.”
As global commerce continues to intertwine, so does enterprise data. This is why any information governance program — for both corporations and law firms — should take a global scope. After all, data knows no borders.