Can a company have too much data?

Yes, if you’re not careful, according to a panel of in-house lawyers speaking on Tuesday at the annual Association of Corporate Counsel meeting in Boston.

Large financial institutions that have experienced data breaches sometimes have no clue that the compromised data even existed in the first place, said Rachel Reid, Chief Privacy Officer of Voya Financial, who has spoken with lawyers at such companies.

“They didn’t know that it was even out there, or what information was on it,” said Reid, referring to the lawyers’ lack of knowledge of the compromised servers at their banks. “Not knowing what data you have just compounds the difficulty of these (cyber threat) issues.”

Reid’s comments came during a morning panel, titled, “Playing in the Big (Data) Leagues: Consumer Mining, Data Privacy and Compliance.”

The panel featured five speakers: Reid, Charlie Bingham, Corporate Counsel with Microsoft Corporation, Cassie Sadowitz, Deputy General Counsel of the Jacksonville Jaguars, Danielle Vanderzanden, a shareholder of Ogletree Deakins Nash Smoak & Stewart and attorney Emily Roisman.

Reid also said that if in-house lawyers use “data mapping,” or a process that monitors data storage and use, “ask yourself how confident you are in its accuracy.”

At one moment of the panel discussion, Ogletree Deakins’ attorney Vanderzanden asked the audience – consisting of dozens, if not hundreds of attorneys – “how many of you know with confidence that the data that you don’t use goes away?”

Not a single hand in the room was raised; one lawyer smirked and shook his head.

“You’re never done,” said Vanderzanden, referring to the work that lawyers are responsible for in securing the company’s data. “If you have hard copy records, you want to secure those as well and you need to know where they are – focus on all of your data, not just electronic data.”