Federica Romanelli, The hidden risks of dark data

Law firms produce great amounts of data while carrying out their business. Many information such as legacy file shares, back-up tapes, archives and former employee emails are generally stored but do not hold an immediate business purpose. These “miscellanea data” have been defined as “dark data”, i.e. those information assets organizations collect, process and store during regular business activities, but generally fail to use for other purposes (see more at Gartner).

In the majority of instances, organizations and law firms retain dark data for compliance purposes. However, storing, managing and securing them typically result in great expenses for low values in return.

The cost of dark data storage is not the only issue that should be considered by law firms. There are several other risks that may arise if the management of dark data is neglected. Think of legal risks: dark data may contain confidential information, which – if exposed — could lead to liability.

There are also know-how risks deriving from dark data. Inadvertent disclosure of information relating to a business practice and operations may lead to the firm’s competitive disadvantage.

The reputational consequences that data breaches will have on firms shall not be neglected either. All of the above without mentioning the unknown exposures, considering that the value of dark data for firms is still unexploited.

All in all, law firms should be aware and shed some light on dark data.

And dark data inquiry shall not be static. As technology and the relevant law evolve, a lawyer’s understanding should keep pace. A lawyer should: (i) periodically review current data security measures; (ii) stay abreast of best practices in data security and implement them; and (iii) keep informed of changes in the law, particularly as they relate to privileges and waivers thereof.


For more information on dark data, see e.g.: