Manage Data, Mitigate Legal Risks with Information Governance
When it comes to managing the mountains of data that businesses are continually creating, IT departments face an enormous threefold challenge: First, IT must create procedures and policies to effectively manage the data. Second, such data-management policies should fulfill the company’s business requirements. And finally, those policies must prepare your organization for the potential of litigation involving e-discovery. Together, those challenges comprise information governance.
Good information governance does not happen on its own. Business users who create and work with information are making decisions surrounding the core business — they aren’t thinking about how all this data will be properly compiled, converted, categorized, and stored for maximum efficiency. Businesses need expert guidance to help them develop an information governance strategy that includes the critical e-discovery component.
Enter Dan Pelletier, Director of eDiscovery and Information Governance Consulting at US East. Pelletier spent 25 years in IT before moving into information governance and e-discovery, and is also an attorney. He brings to the position a combination of IT and legal expertise that enables him to help clients craft and implement information governance strategies that meet IT, business, and legal requirements.
The challenge: Information explosion
Information governance is essential to managing the staggering amounts of data being created. Experts believe data volume will increase by a staggering 4300% by the year 2020. Digital data needs to be reined in, not just due to the volume, but because in most organizations it is spread across many different systems (e.g., home-grown, third-party, cloud) and even employees’ personal devices.
“Companies that lack adequate information governance policies to organize, manage, and store this data face major risks,” says Pelletier. “With the information explosion that’s happened over the past 10 years, 10 years of stuff on a hard drive somewhere in a legacy system can cause a real problem. If there’s litigation that could affect some of these unknown, uncatalogued systems, this creates a real legal risk,” he says. Without information governance, companies run the risk of costly litigation, bad publicity resulting in lost customer confidence, loss of confidential information or intellectual property, and regulatory compliance problems.
Information governance scenarios
Pelletier says that organizations that come to US East for help with their information governance strategies typically are dealing with one of the following three scenarios:
- Active litigation — “If you’re facing an active litigation with an e-discovery subpoena, your challenge is to gather data, collect it, normalize it, and provide it to the litigating attorney,” says Pelletier. “You also need to categorize data as relevant/not relevant and privileged/not privileged.”
- Seeking information governance assistance — “In this instance,” says Pelletier, “a coherent policy may need to be developed from scratch, or your organization may already have some established governance and retention policy and legal hold policies. But you may have large backlogs of data where the policy has been incompletely implemented.”
- Companies in transition — “When going through a merger, or from a startup to a mid-sized organization, a full information governance policy needs to be developed that includes retention and deletion practices, legal hold and release practices, and information governance end to end,” says Pelletier.
Whichever scenario you fall into, US East can help. According to Pelletier, “The key value-add that US East brings to the table is to go all the way into the legal and technical requirements and put together a plan that meets both needs.”
Pelletier contrasts US East’s approach with an information governance mandate driven exclusively by either the legal or IT department. Pelletier cites an example of a situation where “lawyers hand something down from Mount Olympus that is not easily implemented on the IT side, or can’t be sustained, or takes an exorbitant amount of resources. Likewise, you don’t want to drive something that’s easy for the IT organization but doesn’t meet the legal needs.”
Getting started
So, how do you get started with creating, revising, or revamping your information governance policy?
First, you need to assess all the data that is collected and stored and uncover the holes in the governance process. Then, once you’ve established a robust policy and put in place any new technologies necessary to tag, process, and store this data, the next steps to success are getting companywide buy-in, providing the right training, and creating accountability.
“It’s really understanding the problem and [the client] understanding the environment and the issues that the organization has from an infrastructure standpoint, where the data is located, and who the primary custodians and key stakeholders are,” says Pelletier. “Then we work together to develop solutions that will work for the organization in the short term and in the long term.”
A strong information governance policy offers rewards beyond security and peace of mind. Organizations can reduce storage and infrastructure costs, offer better service to customers, better manage public relations, and support existing Big Data plans. But to claim these rewards, your company’s information governance policy must be clearly defined, the right technology needs to be in place, and employees must be prepared to put the policy into practice. Says Pelletier, “If you have all the greatest tools but employees don’t know how to use them, or aren’t trained to use them, or you don’t have a well-defined policy, you’ve got nothing.”
[cta]Ready to get started with refining your information governance policies? Contact US East at info@useastusa.com or by phone at 212-840-3444. Or visit our website.[/cta]
