All posts tagged Information Governance

Beyond record keeping: the importance of Information Governance

Information governance is no longer limited to simple record keeping. In today’s workplace, it is the backbone of best practice across business functions and encompasses:

  • information security
  • compliance and risk management
  • privacy
  • data storage and archiving
  • business operations and management
  • IT management
  • Business intelligence and big data

In my role as an ediscovery consultant, I have seen the impact information governance has on legal scenarios involving litigation, regulatory investigations and data protection related requests such as the right to erasure. Furthermore effective information governance can bring many benefits and ensure the smooth management of various legal scenarios that depend on the production and identification of electronic evidence such as right to erasure requests.

Companies thathave their house in order generally find that requests for information are fulfilled with minimum disruption to their business. Rather than spending time searching for electronic documents, they can respond to the request right away, honing in on data quickly. Because they understand their data architecture searches  collection can be less widespread and therefore cheaper. In contrast, those with poor infrastructure waste valuable time and money seeking this out and often spend more on forensics services, processing and hosting fees.

In terms of compliance, we find that information governance and efficient compliance programmes go hand in hand. You can’t have a good compliance programme if you do don’t have a handle on where your data is, what data you are collecting and what backup systems are in place. Poor information governance provides a useful camouflage for those engaged in unlawful behaviour. Those who have been embroiled in regulatory investigations or experienced fraud know all too well the financial and reputational damage caused by not preventing misconduct.

Take the lead towards improving information governance at your company

If you have concerns about how your company is managing information, it is vital that you raise the issue with senior management, IT and other departments and begin the process of enacting change. As general counsel, your legal knowledge and responsibilities make you a key stakeholder in the process.

Where do I begin?

Some elements of information governance do require technical knowledge and specialist services such as ediscovery and data analytics. An experienced ediscovery vendor will be able to offer consultancy to tailor a specific programme for your company’s needs. However below is an outline of the typical steps involved in improving information governance:

  • Mapping and assessing data estates

Using consultative assessments, data mapping, system inventories and data mining technologies, your consultant will outline how important or sensitive data is created, secured, managed and retained throughout your organisation.

  • Analysing and classifying data

Once you know where your data resides and the extent of it, this data can then be defined and classified. Redundant and obsolete information can be eliminated using a specialist review platform, freeing up server space and reducing backup costs. Key information can be preserved and managed more easily.

  • Building context and monitoring activity

Technology such as predictive data analytics can then be deployed to mine critical information, evaluate the facts in context and define relationships between data sets and measure trends.

With stronger insight into trends and anomalies in targeted sets of content, you can holistically manage or predict risks and make informed legal decisions whilst reducing reactive legal fees.

  • Futureproofing your systems

Information governance is an ongoing process and not a one off project. Your ediscovery consultant will be able to design and implement sustainable policies, technology enabled solutions, flexible training programs, and periodic audits. This will ensure your information governance program can stand the test of time as cultural, business, legal and technical needs evolve.

About Tina Shah

Tina works at Kroll Ontrack as a Legal Consultant in Continental Europe. Tina has a variety of experience in the legal sector, including working as a lawyer for a global project management firm organised to provide comprehensive consulting services for FDA regulated companies and conducted extensive e-disclosure/document review for high profile litigation cases. Tina is a US-qualified lawyer and fluent in Italian and Spanish.

The Certainty of Information Governance’s Uncertain Future

IQPC

As I approached the Waldorf Hilton’s main entrance, my umbrella struggled and lost its battle with the cold, slicing rain. The doorman, smartly dressed in a bonded overcoat and bowler hat, directed me into the Palm Court and to the 10th annual Information Governance & eDiscovery Summit. Most attendees milling about the room seemed to pay little mind to the meteorological events beyond the room’s frosted double doors, and why would they? The only evidence of the weather was an occasional faint clap of thunder. They were focused on refining and perfecting existing information governance (“IG”) strategies. Perhaps it was my twisted umbrella, but I couldn’t stop wondering if the weather signalled the need for a new approach to IG.

IG can trace its roots to medical recordkeeping in the 1990s. Faced with ‘the development of information technology and its capacity to disseminate information rapidly and extensively,’ the National Health Service commissioned The Caldicott Report to address the tension between the need to share information versus patients’ expectations of privacy.

In the ensuing decades, IG grew from a niche healthcare concern into broad-based principles applicable to organisations across all industries. A few key points in IG’s evolution include:

  1. The NHS created and implemented its 2003 IG Toolkit “to enable organisations to measure their compliance against the law and central guidance and to see whether information [was being] handled correctly.”
  1. ARMA sought to take the general concepts underpinning the IG Toolkit and expand their applicability to all organisations, regardless of type or activity, with its 2009 Generally Accepted Recordkeeping Principles®.
  1. The collaborative efforts in 2011 and 2012 between ARMA and EDRM culminated in the updated Information Governance Reference Model which highlighted the fact that efficient, effective IG comes from “the relationship between duty and the value of information assets.”
  1. With the 2013 Practice Direction placing limits on costs in disclosure and the 2015 proposed FRCP highlighting proportionality and preservation, two leading countries’ procedural laws now systemically advance IG principles.

Today, at its core, IG is “an accountability framework to ensure appropriate behaviour in the valuation, creation, storage, use, archiving and deletion of information.” Organisations which fully utilise IG will be able to better respond to anticipated, as well as unforeseen business realities, whether in regulation, investigation, or litigation. While good in theory, in practice the adoption of an IG programme is difficult as organisations not only have to seek buy-in across departments and amongst individuals but must also make commercial arguments for the value of IG. Too often, IG, like ediscovery, is brushed aside, relegated until a specific need presents itself.

 Even when organisations do embrace IG, successful use is becoming more difficult as information continues to grow. A key tenet of IG is information disposition; and, “[i]n order to dispose of any form of information, organisations need to know the value of that information.” How practical in today’s business world is it for organisations “to know the value of [its] information”? With the explosive growth of structured and unstructured data as well as the bottom-line drive toward profit, what organisations have the means to enact version control; label, tag, and otherwise organise files and emails; control the number of chat systems used; keep personal and business communications separate; archive audio and video data; etc.? ‘Information management and governance tasks are viewed as an anathema.’

None of this is to suggest IG’s time has passed, and in fact, most “[i]ndustry experts are optimistic about the future of IG.” Rather, we need to align IG with the big data realities of the modern world. Within an ediscovery context, organisations have begun using predictive coding and other advanced analytics as well as using multi-matter management repositories to help retrieve information more efficiently and accurately than previous methods. Could analogous technologies help transform IG? Imagine a world where there was no need to ever delete data, everything was stored securely, and through human-trained artificial intelligence, anything an organisation needed could be quickly and easily found.

As I thought back upon the two days of the summit, I was struck by the calibre of the attendees. It is a rare thing to have so many leading individuals and organisations all in one place, working together to move the conversation forward. Before I exited the hotel after the final session, I stopped briefly to admire the Palm Court’s oversized skylight, casting diffuse light upon the sunken tiled floor. The room has remained largely unchanged since its construction over 100 years ago. In the world of technology, few things last quite so long. What will the future hold for IG? Will the iterative process of improvement continue, or will disruptive technologies enter the fray?

I looked at my umbrella, almost tossing it into the rubbish bin beside the front doors before thinking better of it, and I put my sunglasses on. The clouds had parted, and oranges and magentas filled the sky to the west. Such is the weather of London, ever-changing. But in that is a comforting certainty: ‘adapt . . . or scramble when the torrent falls’.

About Jeff Shapiro

Jeff joined Kroll Ontrack in July 2013, working as a Case Manager within the Legal Technologies practice group. In October 2014, Jeff was promoted to the newly created role of Managed Services Consultant. He provides end-to-end project management and consultancy for ediscovery and edisclosure clients, with emphasis on Fortune 500 companies, as well as Am Law 200 and Global 100 law firms. Jeff ensures that projects are carried out to the highest possible standards, within relevant timelines, and to the specification and cost as agreed with the client. He consults on the technical requirements of Civil Procedure Rules and practice direction, including disclosure forms, production formats, predictive coding, and Case Management Conference planning. Jeff specializes in commercial litigation, regulatory commission requests, and internal investigations, with emphasis on early case assessment and review strategy. Whilst with Kroll Ontrack, Jeff developed a ‘Case Management Manual’ to capture and consolidate existing procedures, document unwritten knowledge, and identify cost-efficient opportunities to enable a consistent and high-level of service to clients. Prior to moving to the UK and joining Kroll Ontrack, he worked for several years with leading law firms in their international ediscovery practice groups. Jeff received his Juris Doctorate from The Syracuse University College of Law, and he is licensed to practice law in the State of Virginia.