A "Wide-Angle Lens" on Legal, Compliance Issues Regarding Data

Lawyers from Shearman & Sterling recently published a comprehensive guide to equip legal and compliance professionals to think broadly about the implications of data to their businesses. The authors write that a good way to employ a “wide-angle lens” in considering the issues around data are to ask broad questions based on the themes covered in the article, such as: “Who at the firm is using data, what kind of data, from where is it obtained, how is it being held and manipulated and for what purposes, how transparent is this, what do the firm’s contracts say about data, and how do a firm’s data practices connect to its broader control and governance principles.” The article includes commentary on the regulatory schemes from U.S. regulatory agencies including the SEC and FTC and international authorities including the EU and UK. The article also explores data ethics, data governance and the oversight and role of third parties in providing and managing data. Other compliance topics covered include:

• Designing a data protection strategy with the goals of avoiding literal loss, theft or corruption; establishing protections against third-party infringement; and compliance with specific legal requirements and regulation, such as the European Union’s GDPR.
• Developing a proper framework for artificial intelligence based on regulatory expectations. For instance, the SEC expects that a firm should carefully test technology before and after it is implemented, understand and be able to explain the technology’s core operations and outcomes to the firm’s internal and external governance bodies, including shareholders and directors, and should be transparent as to risks.