Meet Linda Baynes, KLDiscovery’s Director of IT Governance, Risk, and Compliance

KLDiscovery achieved record-breaking performance in 2023 through strategic investments, including the expansion of information and data security. In our previous blog post, we published the first installment in a series to shine a spotlight on our people, processes, technology, and innovation, showcasing how each has contributed to our historic success. In this post, we are diving deeper into KLDiscovery’s information and data security operation with Linda Baynes, Director of IT Governance, Risk, and Compliance.

“In an age where data breaches continue to proliferate, KLDiscovery stands as a beacon of excellence in the realm of information security.” Linda Baynes, Director of IT Governance, Risk & Compliance

As information security continues to evolve, what are the most important recent developments?

Cyber threats continue to change as bad actors find more sophisticated ways to launch attacks against both individuals and organizations. Information Security teams, like we have at KLDiscovery, deploy technology and practices to prevent such attacks from impacting our environments and to maintain the confidentiality, integrity, and availability of both corporate and client data. With that said, the most important element to understand about information security and protecting data is the role all team members play. Ensuring every employee knows they are a potential target for a cybersecurity attack and how to protect themselves and KLDiscovery is our best defense. While we continue to invest in expanding our information security management system (ISMS) with new technologies and best practices to address an ever-changing cyber threat landscape, our people and their commitment to doing their part to identify and report potential threats are key factors in the success of our security program.

What are the most frequently asked information security questions you hear from clients and prospects?

Without a doubt the most frequently asked questions are about access controls. Clients and prospects want to know who has access to their data, how access is granted or denied, whether access is geographically limited, and what reporting is available regarding access to their data. We have robust controls in place including unique user accounts, strong password requirements, multi-factor authentication, application whitelisting, and more.

Part of the investments that led to a record-breaking year in revenue attainment for KLDiscovery in 2023 included adding six new information security certifications and compliances. What prompted those additions?

It is not typical to add six new certifications and compliances to an organization’s security and compliance footprint. The decision to pursue these new certifications started with meeting the security needs of our clients, which include healthcare providers, insurance companies, financial institutions, and law firms and their clients. We provide a host of data management services to our clients from data recovery and tape management to eDiscovery, cyber incident response, and investigations. One of our most important roles is to handle our clients’ data in a manner that maintains the regulatory and legal protections they are required to deploy over their data.

The new certifications sought to provide our clients and stakeholders with evidence from independent third-party auditors and information security professionals that KLDiscovery’s ISMS and practices were designed and implemented in accordance with the same security frameworks our clients are required to administer.

The eDiscovery industry is always evolving. Not only does the technology change, but so does the scope and breadth of services we provide clients to help them manage their need to identify relevant information, analyze its significance, and deliver appropriate information to clients, courts, third parties, and others. The certifications and audited compliance statuses we obtained in 2023, as well as the standard certifications and compliances we have maintained for years, provide clients with assurances that KLDiscovery is not resting on past success, but is investing in all parts of the organization, information security included, to meet future needs.

KLDiscovery hired 335 new team members and promoted 124 employees in 2023. Were any of those new hires or promotions on the Information Security team?

Yes, and I am thrilled about the growth of the Information Security team on both the Compliance and Operations sides. Since I was promoted to my current role in 2021, we have more than doubled the number of Risk and Compliance Auditors on our Compliance team. This additional hiring was in preparation for pursuing new certifications, including the Federal Information Security Management Act (FISMA), the Federal Risk and Authorization Management Program (FedRAMP), and the Trusted Information Security Assessment Exchange (TISAX). We achieved FISMA – NIST 800-171 Audited Compliance status in 2023. In 2024, we launched our FedRAMP and TISAX certification efforts and are currently working with independent, third-party auditors as part of the certification process.

We are also investing in maturing our Third-Party Vendor Management Program with the hiring of a dedicated Information Security Compliance and Vendor Management Analyst and automating our process by using a custom-built governance, risk, and compliance (GRC) platform. Third party vendor management is an area of concern for our clients. With many of the most impactful breaches occurring due to a successful attack on a target’s vendor, ensuring a company’s vendors are operating in a secure manner has become a requirement, particularly over the last five years.

Three members of my team are focused on responding to clients’ security assessment questionnaires, exploit inquiries, and other due diligence questions. Five members of my team are focused on a host of risk and compliance activities including risk management, vendor management, client audits, certifying agency audits, and internal audits. The Information Security Client Inquiries (ICI) side of the team recently welcomed a new member based in Greece. Because KLDiscovery is a global company with a client base extending around the world, it was important to me to add an EMEA-based team member to position us to provide more geographically dispersed support and increase the diversity of our team. With Information Security team members across the United States and EMEA, we have the bandwidth to address clients’ requests in not only a timely manner, but also from a local perspective, leveraging the team’s cultural and language skills.

What makes KLDiscovery’s information security stand out, particularly from others in the industry?

The teams supporting our ISMS have years of experience in their areas of expertise and we work in a collaborative manner to identify where issues may arise and act quickly to counteract potential vulnerabilities. Moreover, the inclusive culture fostered at KLDiscovery encourages a rich exchange of ideas, promoting an environment where innovation thrives. Throughout KLDiscovery’s leadership and across the ISMS program, we have an impressive amount of knowledge and insight about information and data security. We understand protecting our clients’ data and our environments is paramount to our ability to be of service to our clients. This is the reason we are constantly monitoring our environment and practices to improve what we do, be it at the application level, project support level, or network level. Our people are a central component to deploying state-of-the-art technology and excellent client service.

In an age where data breaches continue to proliferate, KLDiscovery stands as a beacon of excellence in the realm of information security. Through a meticulous blend of talent acquisition, technological advancement, and training that goes far beyond the minimum requirements, we underscore our commitment to providing data protection to a global client base.

As a licensed attorney, would you tell us about the journey from law school to your information security and compliance career at KLDiscovery?

When I graduated from the University of Akron School of Law with a Juris Doctoral degree and the University of Akron College of Business with a Master of Business Administration degree, I did not envision becoming a GRC Director, rather I was interested in corporate law. After I took the West Virginia Bar exam, I started seeking employment at local law firms. I took a job as a contract attorney in the document review operation of a firm with its global headquarters in my hometown of Wheeling, West Virginia while I applied to other opportunities.

The temporary contract position soon blossomed into my first fulltime Attorney Team Lead position, later leading to my role as a Managing Attorney Team Lead, and then Associate Operations Director of the Discovery Analytics & Review Services Group. My eDiscovery review experience at the firm grew as I supervised more than 25 Attorney Team Leads, 10 paralegals, and teams comprised of anywhere from 2 to 200+ contract attorneys working on 30+ cases simultaneously. My caseload ranged from high-stakes patent infringement matters and multiple defendant residential mortgage-backed securities litigation to labor employment and other white collar litigation matters. I served as a Chair of the Diversity and Inclusion Committee and as a mentor at the firm. Additionally, and perhaps presciently as I look back now, I served on the advisory board for the company that would become KLDiscovery where I shared input on the development of new eDiscovery products, platform features, and tool functionality.

After 5 years at the firm, I was ready to explore other opportunities and decided to take on a contract consultant engagement at the company that later became KLDiscovery, revamping the request for proposal (RFP) process. Fortunately, I soon moved into a full-time Discovery Consultant role and was able to hire another Discovery Consultant. As the team grew, I developed an interest in learning about information security to enable me to answer client questions. It was at this time I asked the Information Security team if they would work with me and I was thrilled when they welcomed my request with open arms, generously sharing their information security knowledge with me. Collaborating with the Information Security team, I began to understand various domains and how KLDiscovery managed and deployed data security.

My interest and ability to expand my information security governance knowledge base laid the foundation that enabled my transfer to the Information Security team, where I was later promoted to my current position. To me, this illustrates one of the things I love about KLDiscovery—how our people live our company values. I was eager to use my professional experiences and knowledge to support the company in a different manner and with the help of others, I found a path to do so.

How has the evolution of your role at KLDiscovery mirrored the evolution of the information security landscape?

My role in governance, risk, and compliance is situated at the intersection of legal, information security, and eDiscovery/data recovery business operations. As data privacy and cybersecurity become a greater concern for both individuals and government agencies, there has been a marked increase in the development of data privacy laws and regulations that apply to companies whether they operate in highly regulated industries or not. To ensure KLDiscovery meets new compliance requirements and remains at the forefront of the evolving cybersecurity landscape, I not only draw from conversations with clients across a diverse range of industries, I also leverage my legal education and experience along with my information security governance and real-world eDiscovery experience.

What do you value most about KLDiscovery?

Firstly, I value the people and culture at KLDiscovery. I have a wonderful leadership team that is approachable and supportive and my direct reports are talented, smart, and diligent. I serve on the One Fingerprint Business Resource Group at KLDiscovery and find it rewarding to bring team members’ stories to the rest of the organization, recognizing their unique contributions while fostering collaboration amongst a globally dispersed team and highlighting how much we have in common regardless of where we may reside around the world.

Secondly, the organization as a whole is forward-thinking and innovative. I love learning and this is a great place to stay at the front of the curve. There is always something new happening as we continue to grow and develop to meet our clients’ changing needs.

You were recently nominated for the Gayle O'Connor Spirit Award. Would you share more about the award and what the nomination has meant to you?

The Gayle O’Connor Spirit Award is a peer-nominated award, and while I do not know who nominated me, I am honored and humbled by someone taking the time to submit my nomination. This award is given as a tribute to those who exhibit enthusiasm, mentorship, friendship, and an encouraging spirit that inspires, educates, or promotes the common interests and cohesion of professionals in eDiscovery, legal technology, information governance, cybersecurity, and data privacy. To me, this nomination confirms that the work my team and I do at KLDiscovery is making a meaningful difference in our industry. For that, I am extremely grateful.

We thank Linda for sharing her time and expertise to showcase a behind-the-scenes look at KLDiscovery, highlighting the experience, achievements, and contributions she and her team have made to advancing information security at KLDiscovery.

From enhancing our team with global talent to implementing the latest certifications, KLDiscovery demonstrates an unwavering dedication to excellence in information and data security. Investing in both technology and the experts who know how to fully leverage it, we continue to bolster our offerings to safeguard client data and cultivate an environment where each team member is empowered to contribute to our collective success. This comprehensive approach ensures our record-breaking year in 2023 was not an isolated achievement but a strong foundation for sustained excellence in service and security.

Stay tuned for additional stories focusing on the people and investments behind KLDiscovery’s ongoing success.