Extract from ZyLAB’s article “The First Ten Search Queries of a Regulatory Agency: an ACEDS Benelux eDiscovery Event”
As the number of regulators grows, so does the amount of requests for information. There can be questions asked related to fiscal, environmental, privacy, finances, or health matters; you’re expected to answer all inquiries in a timely fashion.
There is more data containing evidence of events and a full audit trail of everything that happened in your mailboxes, SharePoint, file shares, other repositories or even social media. The regulatory agencies know that too and they go after this information if they suspect anything or of they are informed by a whistle blower.
Requests for information can be tricky, but they are relatively innocent. However, a regulator can also decide to pay an unannounced visit. Such visits are a lot more disruptive for your organization. Regulators are, in principle, allowed to view and make copies of any (digital) document they need for their investigation. In both cases, panic ensues whenever a regulator shows up and the second they do, the race against the clock starts.