Bobby founded Exterro with the conviction that the legal industry was rife with opportunities for process improvements that could be driven from lessons learned in other industries.
Today, Bobby fulfills Exterro’s founding principles by leading the company in building a comprehensive platform for global corporations and governmental agencies to mitigate risks, control costs, and have complete end to end visibility into their legal governance, risk and compliance processes.
M.R. Rangaswami: What are the key challenges facing corporate General Counsel or Chief Legal Officers that’s driving them to consider Exterro solutions?
Bobby Balachandran: The role of the GC or CLO has greatly evolved and expanded over the past 10-15 years due to a number of macro trends. First is the constant introduction of new laws and regulations to which an organization must comply. Significant among these over the past seven to eight years has been related to the increased scrutiny on privacy with laws such as the GDPR in Europe, or the various state laws like the CPRA in California here in the United States. Third is the relentless threat of cyber-attack or breach, and the fourth is the rise of legal operations, due to a sharp focus from the C-Suite on improving the efficiency and productivity of the legal department.
All of these greater trends have combined to create new business challenges that no longer can be addressed by a single organizational department, like Privacy, Compliance, Legal Operations, Security etc.
Let me give you an example:
Laws like the GDPR or CPRA allow an individual to request to know what data you have stored on them, how you’re using it, how long you plan to store it and even ask that you delete it. If the requester is a current or former employee, not only do you need to ensure you have the workflow to ensure the request is handled by the appropriate group, but the person or group responsible for the data must be able to quickly locate it, collect it, review it, redact any personal information not related to the requester and then securely deliver this information to the requestor.
You can see how this request quickly crosses conventional divisions and responsibilities—it’s not just someone in your Privacy department’s responsibility – he or she will need to work with someone with expertise in e-discovery at a minimum. And if that data subject submits a request for data deletion, things get even more complex, because before deleting anything, you must first confirm that the information can legally be deleted. It can’t be subject to retention requirements imposed by regulatory compliance obligations or a legal hold.
As a result, you have solid or very strongly dotted reporting lines for privacy, compliance, legal operations, litigation support and even incident response into the GC/CLO. And this is forcing a new way to think about both how to organize across these different areas for optimal performance, but also how to apply technology to solve some pretty challenging business processes.
M.R. So how should a GC or CLO think about solving these challenges?
Bobby: We strongly believe it all starts with data. All of us have heard that data is the “new oil” and while it might sound trite, there is truth to the statement. How organizations collect, store, use, manage, protect and ultimately delete data largely determines how successful they can be.
But it’s not easy. The amount of data is huge and it’s growing exponentially. So, while there can be significant competitive advantages realized if you optimize your use of data, it is a double-edged sword, with significant downside risk as well.
Think of the impact that a serious data breach can have, the loss of a “bet your company” legal dispute, or the public perception you don’t treat personally sensitive data appropriately.
This is a massive problem for organizations of all kinds – private enterprise, government, education – no one is immune to the risks data poses.
But this is where Exterro helps. Our platform enables clients to understand what data they have, where it is located, what regulations apply to it, what third parties have access to it, and most importantly, respond quickly to requests for that data. A request could be e-discovery necessary for litigation, collecting evidence for an internal investigation, responding to a data subject access request, or fulfilling reporting obligations to data authorities after an incident or breach is identified, or any number of other business processes that are the responsibility of the legal department.
M.R. While that’s a broad set of capabilities, it’s not all that Exterro does, though, is it?
Bobby: No, and I’m glad you asked me that. I mentioned how Exterro can help with internal investigations or incident response earlier, and that’s due to our portfolio of FTK® digital forensic products. And while the use cases I mentioned previously are those that address corporate challenges, the largest market segment for forensic investigation solutions is law enforcement, which includes very large agencies in the federal government charged with protecting citizens as well as your local police department.
Our software is helping to stop crimes against children, human trafficking, terrorist plots, illegal drug smuggling, murders, and so forth. I’m extremely proud of the software platform our team has built, and the enviable list of Fortune 500 and Global 2000 customers who use our solutions, but it is a very different feeling – both humbling and gratifying – to know that we truly are helping to make the world a safer place.
M.R. Rangaswami is the Co-Founder of Sandhill.com