How Do Information Governance Policies Help Manage eDiscovery Risks?

Posted by Jeremy Greer | Fri, Oct 09, 2020

What is Included in Information Governance? Definition of Information Governance

What is information governance/ information governance definition: Information governance is a top-down approach to corporate information management which may include multi-disciplinary policies, structures, and workflows to minimize risks, meet legal requirements, and meet other business objectives. This area of thought leadership encompasses a wide range of goals that could differ greatly across various stakeholders. For example, a thorough information governance program could be considered beneficial for the purposes of data security, records management, data analytics, data governance, ediscovery, risk, as well as compliance.

 

Is Information an Asset or a Liability?

It is important to maximize the value of information while limiting liability. Organization and effective governance of information assets will put companies in a position to succeed. Information exists everywhere now, especially with the business world's transition to the virtual office. Technology is advancing at such a rapid pace while it could be argued that information governance practices have not made quite the same dramatic leap. Keeping information governance as a low priority will only lead to reactive data approach as opposed to a proactive approach.

The truth is that data CAN be an asset - for example - I can search my email and pull up a credit card number that was sent to me in an email thread 3 years ago. Does the convenience of being able to perform this action outweigh the risks of holding onto this data? As eDiscovery professionals we should always be conditioned to consider and re-consider these risks. For starters, there are data security risks. Effective data management is case-specific, but it could be true that the more data your organization holds on to, the greater the potential damage in the case of a breach. By setting automatic data deletion processes, these risks can be reduced to an extent.

There are MANY more risks to consider and your data governance policies and procedures need to account for those risks.

 

Information Governance Surveys - How Common Is the Use of Information Governance Programs?

An information governance market has just cropped up over the last few years and we have seen a massive increase in information governance professionals who recognize the value of the information we hold. The State of Information Governance Report by the IGI Initiative surveyed a number of information governance practitioners and providers.

The 2018 survey revealed some interesting trends that I would infer have continued moving in the same direction going into 2020.

  • The number of respondents reporting they have never undertaken an Information Governance project fell by a dramatic 90%
  • 41% leap in the number of professionals who say the IG market is clearly identified
  • 26% rise in the number of organizations with an IG Steering Committee
  • 41% rise in the number of IG leaders with “Information Governance” in their title
  • 46% of respondents agreed that their organization is extracting business value from the information it holds.

 

The information is clear. Data professionals have continued to take information governance more seriously over the past several years. Let's compare some of these findings with one survey discussing some of the perceived IT and IG effects related to the 2020 covid pandemic.

 

2020 Remote Work-From-Home Cybersecurity Report in May of 2020, polled over 400 IT security decision practitioners.

  • A staggering 84% anticipate broader and more permanent WFH adoption beyond the pandemic
  •  More than half (54%) expressed that COVID-19 has accelerated migration of users’ workflows and applications to the cloud.
  • “The mass adoption of WFH has highlighted the need for organizations to embrace more holistic secure access strategy that supports both flexible working and the growing shift towards hybrid IT

 

Given the changing landscape of data management and the shift towards cloud systems, businesses will also need to see an equal shift towards the appropriate information governance practices.

 

Information Governance Through the Lense of eDiscovery - Managing Risks and Limiting Potential Legal Costs

As an eDiscovery company we have seen a wide variety of eDiscovery cases, and the data can range from organized to extremely unstructured. Businesses can and should prepare for potential preservation orders and litigation because this is a sound risk management strategy. In order to meet compliance on rules and regulations, a structured data map and org chart should be kept on hand so that the right person can be contacted to make sure automatic deletion policies and or other deletion actions can feasibly be put on hold. Furthermore, having these policies and knowledge of business practices means that if litigation is impending, you will not have to drop everything to meet preservation orders.

Document review is commonly considered the most expensive segment of eDiscovery and is often the most expensive part of the entire litigation process besides the trial itself. Proactively limiting the amount of data in circulation is the first step to lowering potential document review costs both from data hosting and reviewer hours. Ultimately, staying organized, meeting regulatory requirements, and lowering potential costs are important benefits of an established information governance program.

 

Information Governance Maturity Model

Analyzing your organization's place on this information governance maturity model can be a great start for implementing these ideals into practice. The chart starts at level 1 (sub-standard) with no one in charge of records management, continuing on to level 2 (in Development) where the organization does not store information in a systematic fashion but at least the business is aware of the benefits of information governance, all the way up to level 5 (transformational) where the organization's senior governing board places great emphasis on information governance processes

Take a look at the following link for more info on the full model: Information Governance Maturity model.