Information Governance – Where Should You Start?
by Julia Romero Peter, Esq. and Adam Wells
At a venerated eDiscovery conference held in Carmel recently, a panelist quite rightly pointed out that if “Predictive Coding” was the buzzword for 2012, then “Information Governance” (“IG” hereafter) is that for 2013. Indeed, there has been a noticeable incline in the number of blogs, articles, and webinars featuring IG over the last several months. Overall, we view this increased awareness of IG issues quite happily.
But while everyone seems to agree that IG awareness is a good thing, we haven’t seen much written or talked about that addresses the fundamentals of IG, and where an organization should start in order to do so. Even for those companies that have an idea of what their endgame is – their perfect future state – we find that they’re struggling to identify how to assess their current state.
We submit that in order to design and execute a complex IG strategy, one must begin by asking a series of questions to help uncover your organization’s current information management landscape. We call it Information Management because IG encompasses not just IT infrastructure (hardware and software), but also the people and processes across the organization that influence IG – functions such as Legal, Risk/Compliance, Marketing, and various Business Units.
So where is the starting point? We think the following questions, centered around three broad themes, will help an organization map their current state, and plan for a future state that successfully addresses IG.
Players/Decision Makers:
-
Who are the stakeholders in your organization from Legal, IT, and the various Business Units?
-
Where among the stakeholder departments/functions is the decision making centered? Is there a particular stakeholder or group of stakeholders driving this initiative?
-
Who are the champions of addressing IG and ediscovery within your organization? It is critical to remember that the decision makers might not be the driving force; often there is a grass-roots aspect to addressing IG.
-
Is there consensus or a great divide between Legal and IT? Between Business and Legal?
-
Do you have the internal people resources to address IG and/or ediscovery, even to perform a basic current state analysis?
Current Landscape
-
Does your organization have a data retention plan in place? Is there a viable enforcement mechanism?
-
How are retention policies enforced against data previously used for litigation and now sitting outside the enterprise? Do you track what data went where?
-
How does your organization issue, track, and enforce Legal Holds? Do you follow the same practice(s) with each and every matter you encounter?
-
Do you have a living data map?
-
How are data assets tracked?
-
Does your data require specific retention periods or treatment?
-
Is it governed by regulatory rules (example, HIPAA, PII, financial institutions, insurance polices, etc.)?
-
Is it highly sensitive?
-
What current Knowledge Management solutions are deployed within your enterprise either globally or departmentally?
-
What CRM tools are currently deployed within your enterprise either globally or departmentally?
-
What other business management systems are in place?
-
What asset library systems are in place?
-
What dynamic systems are in place (e.g., department or unit wikis, collaboration sites, etc.)?
-
Are there any data skeletons?
-
Shelved backup tapes?
-
Offline aged systems?
-
How do you address the data/information you don’t know about? Interviews? Questionnaires? etc?
-
Who collects your data? In House/IT? Vendor/Contractor? Law firm managed?
Data Outside the Enterprise
-
Have you had a hand in selecting the different eDiscovery vendors that your outside counsel is using on your matters?
-
When a lawsuit/discovery request is issued, is data typically sent and stored outside the enterprise after collection?
-
What happens with data after a matter or investigation is done? Is there a data disposition plan in place with your vendor and internally?