Legal29 December, 2015

Big Data do’s and don’ts for the legal department

One of the trending topics in the legal profession right now is big data, which loosely stated, refers to the collection of data sets so large that they can not be processed using standard data processing tools. Big data is predictive in character, allowing organisations to make decisions that will inform their strategies. In order to avoid the risks while leveraging the advantages, here are some do’s and don’ts that help you understand how big data intersects with privacy and security to impact the legal department and the business.


Understand the specific risks your company faces:

Different industries leverage and collect different types of data. Some industries collect highly-sensitive personal data that is protected by specific law and regulations, such as healthcare and financial information. The in-house legal department needs to have a thorough understanding of the potential risks associated with the data they want to collect.

Develop a governance framework that addresses data reliability:

The framework should involve setting up the rules and regulations to consider: what are the privacy and security implications? When is data obsolete or old? What data is ethically inappropriate to monitor? Can the company purchase data from other companies? Everyone in the organisation should understand any license agreements that may restrict how big data can be combined with other information. Failure to do so could lead to broken contracts or mistrust between your organisation, business partners, and consumers.

Focus on the application, not the technology:

It’s easy to rely on technology because companies spend thousands annually investing in hardware. The only way to realise the return on investment is to apply the technology to solve a  problem; it should be an aid, not a crutch.


Inform your customers about the data you collect and how it is intended to be used. Be sure to gain their consent and communicate with them to provide updates. In order to increase convenience and improved service, customers need to understand that they will need to exchange their data.


Forget about data privacy:

Data privacy laws in many countries require that the controller implements appropriate technical and organizational measures to safeguard the security of personal data. This includes providing agreements for informed consent, and proper monitoring and tracking. For instance, if your organisation wants to use big data to increase retention rates, monitoring employees’ e-mails is not an appropriate source of data.


Secure data storage can prevent a data breach, saving organisations millions of dollars. Many legal departments used web-based third-party vendors because it is easier and far less costly than it is to clean up a data breach. Keep in mind that if a data breach does occur, it is more than just a loss of data; it’s also the loss of intuition and experience.

Underestimate the value of existing data:

One of the reasons many organisations decide against using big data is they don’t think they have enough. Actually, businesses have enough data for predictive analytics if they have been operational for at least three years. Collecting data from new sources isn’t bad, but stable historical sources are better since big data makes predictions based on data collected over time.

Focus on data collection:

Just 3% of the 2.8 zettabytes (that’s 2.8 trillion gigabytes) of data available in 2012 was ready for manipulation, and only 0.5% was used for analytics. While it might be fun to brag about much “big” there is in “big data,” the focus should be on applying data instead of collecting it.


Big data is becoming a competitive advantage and a crucial way for leading companies to outperform those in their industry. The focus should be on proactively enabling the advantages of big data to help predict and minimise risk. Big data allows organisations to make better decisions, and better decisions translates into a reduction in costs and optimisation in resources. While it’s not clear whether every lawyer will need to participate in data security, at the bare minimum every lawyer will need to understand the basics of big data.

Back To Top