Perhaps you feel it in your gut, but you can’t quite put your finger on what makes electronic discovery so complex and expensive. To help with issues of complexity and the rapidly expanding breadth of electronically stored information (ESI) retained by organizations, savvy attorneys are now beginning to utilize the information governance reference model (IGRM)—created by the same organization that brought us the now-ubiquitous electronic discovery reference model (EDRM)—to visualize the essential concepts and lead discussions with clients about unified information governance. These professionals are going well beyond the typical, reactionary, case-by-case approach to discovery issues and are proposing broader solutions to managing ESI, even before such information may be relevant to a specific matter.
Defining Information Governance
Widely known in the industry, George Socha succinctly describes the IGRM, saying, “Elegantly simple, the IGRM is a powerful communications tool that attorneys can utilize as they counsel organization’s leadership and key stakeholders on IG-related topics that impact electronic discovery and compliance.”
More formally, Gartner defines information governance (IG) as the “specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival, and deletion of information.”
The IG reference model adheres to the ARMA International Generally Accepted Recordkeeping Principles (GARP), which are based on globally recognized best practices designed to meet legal and regulatory requirements and were developed to provide a scalable, broadly applicable framework to address issues surrounding the creation, management, and governance of electronic information.
No longer disparate issues, information management, e-discovery, and data security are most effectively addressed through a unified IG strategy.
Streamlining E-Discovery with the IGRM
An organization’s team of in-house attorneys, lead outside counsel, RIM, and IT professionals can be instrumental in guiding discussions with business management to achieve better IG. The collateral benefits of achieving unified IG include:
- Streamlined electronic discovery processes (for example, the capacity to quickly implement comprehensive protocols for the preservation of ESI);
- The knowledge to expedite the identification of inaccessible data pursuant to Federal Rule of Civil Procedure 26(b)(2)(B);
- The technical capacity to promote cost-effective and scalable collections efforts;
- The insight to provide a court with information to make reasoned proportionality determinations under Federal Rule of Civil Procedure 26(b)(2)(C); and
- The ability to leverage a comprehensive understanding of internal systems early in the meet-and-confer process.
Regardless of whether events requiring e-discovery are infrequent, episodic, or seemingly nonstop, an organization’s business records are valuable assets that must be safeguarded and properly managed at all times. By illuminating the benefits, duties, and risks attendant to IG in the normal course of business, you can help prepare your corporate clients for success. The ultimate objective should be to achieve incremental process improvements that lead to a transformational level of highly effective IG.
Implementing IG in the Corporate Structure
While there is no need to sound alarm bells at this time, Gartner has predicted that, by 2016, 20 percent of chief information officers in regulated industries could be terminated if they do not successfully implement the discipline of IG. Fortunately, with the IGRM in hand, counseling corporate clients about information governance topics should be much easier. And, helping to steer the enterprise in the right direction should bring praise and gratitude.
Often, the benefits of IG are overlooked because the implementation of requisite technologies and protocols is not viewed as a cohesive and comprehensive process, but rather as a series of projects competing for scarce resources. Effective IG, however, requires buy-in from the top down. The GARP Principle of Accountability requires that an organization’s senior executive be assigned to oversee the recordkeeping program. This executive will benefit from direct access to counsel about the relevant policies and procedures to be implemented and updated.
As an initial step, it is important to assemble the essential stakeholders of a corporate client for a roundtable discussion. To identify these individuals, ask the following questions:
- Who are the officers of the organization?
- Who are the members of the board of directors?
- Who is the chief information officer or chief technology officer?
- Who manages and maintains particular IT systems?
- Who is in charge of information security?
- Who is in charge of records and information management?
- Who knows about the current recordkeeping policies and technology infrastructure?
- Who implements and ensures compliance with any information-management policies?
- Who is the general counsel for the organization?
Important IGRM Documents and Preliminary Questions
Be sure to review key documents in advance of the roundtable discussion, such as the following:
- Organizational chart
- Document-retention policy
- Device-requisition policy
- Data map prepared in connection with prior litigation matters
Make sure that the data map includes not only the types of devices/networks that make up your client’s information ecosystem, but also charts out security and access controls, back-up polices and schedules, disaster recovery plans, data formats supported by various devices, retention policies, archiving processes, device-requisition procedures, and any other policies that govern how that data flows through those devices/networks.
Candid dialogue—in other words, the GARP Principle of Transparency—should lead to both infrastructure and policy refinements or, if necessary, overhauls that help the corporation attain a transformational level of maturity with respect to its IG. Corporate clients benefit from involvement by counsel who can shed light on inefficiencies that might otherwise result in unnecessary downstream costs. One benefit of engaging in the discovery of electronic information in the context of litigation is that it helps to shine a light on systemic information-management issues; however, this same benefit can be achieved without the stress that comes with potential litigation.
To move the various roundtable discussions forward, practitioners should consider the following general questions:
Technologies and IT Policies
- What recordkeeping technologies does the organization use?
- What database applications does the organization use?
- What voice-message system does the organization use?
- What mobile devices does the organization provide and/or support?
- What technologies were previously in use but are now considered legacy?
- What IT operations are currently consolidated?
- Does the organization currently utilize an intelligent IG solution that integrates archiving and e-discovery processes?
- Does the organization’s existing IG solution have centrally managed functions that address security, information retention and protection (automated legal hold), and disposal functions?
- What are the processes for handling system updates, upgrades, and maintenance?
- Does the organization’s existing IG solution include a comprehensive, holistic approach that addresses the wide variety of devices (including smartphones, tablets, and other mobile devices), use of social media, and data stored in the cloud located across physical locations including those outside of the United States?
Business Processes and Policies
- What processes are necessary for the organization to conduct its business?
- What policies are in effect regarding how the organization conducts its business? Superseded policies? Effective dates for polices?
- What are the benefits and drawbacks associated with each of these processes and policies? When and why were the processes and policies put into practice?
Additional Preliminary Considerations
- When did the company last update its document-retention policy?
- If the corporation owns one or more subsidiaries, have all subsidiaries adopted and implemented the document retention policy of the parent company?
- How will we measure successful implementation of unified IG?
Common Challenges in IG
Two common challenges for attorneys advocating for effective IG are addressed by applying e-discovery lessons learned.
The first challenge is that corporate stakeholders across business units—IT, RIM, and legal—may not immediately appreciate how IG deficiencies can have a serious deleterious ripple effect throughout the corporate environment. The same stakeholders may also have difficulty understanding how a particular process improvement in one area can create efficiencies in another. To overcome this challenge, objectively minded counsel should provide proactive advice and, if possible, empanel and lead a multidisciplinary team that has as its mission policy integration, process transparency, and stakeholder empowerment to achieve unified IG.
The second challenge is that outside counsel—who typically advise a corporate client about e-discovery related issues—might not be engaged by that corporate client to also consult about its strategy and plan to implement improvements to its IG because such discussions often occur outside the context of a legal proceeding. During discovery, counsel’s first task is often a quick, pragmatic assessment of a client’s information-management systems for the limited purpose of identifying potentially relevant information for a particular litigation. Such a reactive, scattershot approach fails to leverage the knowledge of the internal stakeholders or insights gained through any previous electronic-discovery process to facilitate the meaningful development and proactive improvement necessary for unified IG. An organization that enlists counsel as part of its team to fully evaluate the IG program stands an improved chance for realizing unified IG.
With increased frequency, in-house and outside counsel alike are engaging clients in thoughtful dialogue about inefficiencies observed during a particular matter involving electronic discovery. Use of the IGRM in connection with these efforts will help lead to improved IG for an organization. As technologies and tactics for handling electronic discovery continue to develop (such as predictive coding, data archiving, and automated content categorization), a focus will naturally shift to IG policies and practices. By achieving unified IG, electronic-discovery processes become tightly integrated with an organization’s centralized IG platform and effectively converge. Visualizing big-picture considerations in this way facilitates an ongoing conversation designed to better protect a company’s information assets, establish intelligent document-retention policies, and streamline e-discovery processes.
Download the IGRM
The IGRM [PDF image] empowers discussions with organization leadership and key stakeholders in achieving unified data governance. For more information about the IGRM, see this white paper recently published in collaboration with ARMA International.