Information governance, records and information management, and data disposition policies are ways to help lower costs and mitigate risks for organizations. Policies and procedures to actively manage data are not just an IT "problem," they're a collaborative business initiative that is a must in today's "big data" environment. With electronic discovery rules, government regulations and the Sarbanes-Oxley Act, all organizations must proactively take steps to manage their data with well-governed processes and controls, or be willing to face the risks and costs that come along with keeping everything. Organizations must know what information they have, where it is located, the duration data must be retained and what information would be needed when responding to an event.
There have been numerous instances of severe legal penalties for organizations that did not have an electronic data strategy, tools, processes and controls to locate and understand their own data. In addition, the risks of unmanaged data include skyrocketing infrastructure and personnel costs and an increase in attorney time to manage massive amounts of data when a litigation event occurs.
Information governance is needed much like any business continuity and disaster recovery plans, but with an understanding of data: where data are located, how data are managed, event response, and regular testing of processes and procedures for preparedness.
Information Governance, Managing Data To Lower Risk and Costs, and E-Discovery Implications
1. Information Governance &
Management Practices,
Managing Data to Lower Risk
& Costs, and e-Discovery
Implications
ILTA Meeting – April 25, 2013
David Kearney – Volunteer City Representative
6. Overview
Applied to Electronic Discovery
Discovery is the process of exchanging evidence
between parties. During discovery, each side must share
with the other side all information that is relevant to the
matter, and significant penalties/sanctions may be
levied on any party that does not hand over information
properly.
Because discovery involves the physical collection,
restoration, and review of information, it is a costly
process. If the scope of the information an attorney
requests is too broad and results in excessive information
being produced, the litigation costs will be exponentially
increased.
8. OVERVIEW
EDRM - Information Management
Many issues can be better managed if this
stage is taken seriously and implemented with
consistent & sound practices.
This is THE STARTING POINT for the entire process.
Sound and comprehensive information
management strategies aid organizations in
the identification, preservation, and collection
steps of the process and can lower the number
of documents that need to be preserved,
collected, reviewed and produced. This is
where more organizations can GET IT RIGHT.
Furthermore, risks and costs are reduced.
9. Overview
“Part of the reason eDiscovery is so expensive
is because companies have so much data that
serves no business need. … Companies are
going to realize that it’s important to get their
information governance under control to get rid
of the data that has no business need … in
ways that will improve the company's bottom
line…” — U.S. Magistrate Judge Andrew J.
Peck, CGOC Faculty Member, in a video
interview courtesy of JD Supra Law News,
February 4, 2013.
10. Overview
Sanctions have been issued for the failure to
preserve documents, negligence during the
processes, and delay in delivering requests…
Pension Committee of the University of Montreal
Pension Plan v. Banc of America Securities, LLC
Harkabi v. SanDisk
Qualcomm v. Broadcom
Philip Morris
Morgan Stanley
11. Overview
Data Growth
40 Zettabytes is how much digitally stored data humankind will
possess by 2020 - IDC
Data production will be 44 times greater in 2020 than it was in
2009.
According to estimates, the volume of business data worldwide,
across all companies, doubles every 1.2 years.
According to execs, the influx of data is putting a strain on IT
infrastructure. 55 percent of respondents reporting a slowdown of
IT systems and 47 percent citing data security problems,
according to a global survey from Avanade.
Data generation will become significant
even at the smallest of organizations
12. Information
Management/Information
Governance
The set of multi-disciplinary structures, policies, procedures,
processes and controls implemented to manage information at an
enterprise level, supporting an organization's immediate and future
regulatory, legal, risk, environmental and operational requirements.
–Wikipedia, 3/12/13
The specification of decision rights and an accountability
framework to encourage desirable behavior in the valuation,
creation, storage, use, archival and deletion of information. It
includes the processes, roles, standards and metrics that ensure the
effective and efficient use of information in enabling an
organization to achieve its goals. -Gartner
A holistic approach to managing and leveraging information for
business benefits and encompasses information quality, information
protection and information life cycle management. -IBM
13. Records Management (RIM)
Records Management is management responsible
for the efficient and systematic control of the
creation, receipt, maintenance, use, and disposition
of records, including processes for capturing and
maintaining evidence of and information about
business activities and transactions in the form of
records.
A Record is any recorded information, regardless of
medium or characteristics, made or received and
retained by an organization in pursuance of legal
obligations or in the transaction of business
14. Data Retention Policies
Policies of Data
Meeting Legal and Business Requirements
Weighs Legal and Privacy Concerns
Determination of Time, Rules, Data Formats
Determination of Storage, Access, & Encryption
A Legal Strategy that Affords Certain Legal
Protections
15. Resources
IGRM (Information Governance Reference Model) -
http://www.edrm.net/projects/igrm
ARMA International - http://www.arma.org/
InfoGov Community - http://www.infogovcommunity.com/
AHIMA (American Health Information Management Association)
- http://www.ahima.org/
16. Information Governance
Reference Model (IGRM)
Provides
Common, practical, & flexible framework
Helps organizations develop and implement
effective and actionable information management
programs
Offer guidance to stakeholders within organizations
Facilitates dialogue among stakeholders by
providing a common language and reference for
discussion and decision-making based on the needs
of the organization
17.
18. ARMA International Maturity
Model for Information
Governance
Defines the characteristics of information
governance programs at differing levels of
maturity, completeness, and effectiveness.
The Principle (Generally Accepted Recordkeeping Principles) frames
8 principles of recordkeeping;
Accountability
Transparency
Integrity
Protection
Compliance
Availability
Retention
Disposition
19. ARMA International Maturity
Model for Information
Governance
Characteristics typical for each of the ‗Principles‘
(Generally Accepted Recordkeeping Principles) of recordkeeping;
LEVEL 1 (Sub-standard)
LEVEL 2 (In Development)
LEVEL 3 (Essential)
LEVEL 4 (Proactive)
LEVEL5 (Transformational)
20. People, Process, &
Technology
One of the reasons companies hesitate to create
and enforce retention policies is cost of software,
cost of personnel needed to manage it, etc. But,
the cost is minimal compared to paying a six-
figure settlement.
This is a Business Initiative, NOT an exclusive IT,
Records, or Legal problem.
The process needs defined, adopted, and
audited
Technology to automate and assist in defined
process needs identified, implemented, and
audited
21. Stakeholders
Collaboration Must Exist Between
Business Users – Operate the organization
Records Management - Control of the
creation, receipt, maintenance, use, and
disposition of records
IT – Implements mechanics of Info Governance
Legal Risk & Regulatory Departments -
Understand the organization‘s duty to preserve
information beyond its immediate business
value
22. Approach
Identify what you have
Assess Risks
Business needs
Legal holds
Regulatory obligations
Develop Plan
Document Plan
Implement Plan
Follow Plan – Consistency is Key
Audit Plan
23. Questions to Ask About
Data
Does the Data Have Business Value
Is the Data a ‗Record‘ and is it still under retention
Is the Data Under Legal Hold
Law Firms – Is the Data Firm Data or Client Data, Is it a
Record, and Do Your Clients Know About It/That You
Have Their Data
Corporations – Do You Know Where Your Data Is?
24. Practices
Develop a transparent and collaborative team
Understand the locations (includes BYOD &
Cloud) of the data & create data map
Understand the requirements for the data, such
as regulations, cross-border issues, data types,
business needs, and legal needs
25. Practices
Manage all information, not just ―records.‖
Connect legal, privacy and regulatory retention obligations
directly to relevant information.
Retention periods must take into account the business value
of information in addition to legal and compliance value.
Identify where information is located.
Ensure that retention and disposal obligations are
communicated and publicized in a language that
stakeholders can understand.
Allow for flexibility to adapt to local laws, obligations and
limitations.
Include a mechanism that allows legal and IT to collaborate
in executing and terminating legal holds.
Identify and eliminate duplicate information.
26. Tools – EMC
Comply with business rules and policies, industry
and governmental regulations, and assure
security and privacy for employees, customers,
and corporate intelligence.
http://www.emc.com/archiving/intelligent-
archiving.htm
Ideal for: Large Enterprises, Financial Services,
Healthcare
Built to: Improve storage management, Increase
operational efficiencies, Implement compliance
and reduce risk
27. Tools – Nuix
Nuix information governance solutions transform your
organization's unstructured data from a liability to an asset
with powerful technology and workflows for searching,
investigating and actively managing information.
http://www.nuix.com/
Solutions for e-Discovery, Information Governance,
Investigation, Defensible Deletion, and Archive Search.
Enables you to respond quickly and effectively to litigation
or regulatory action, mitigate risk, reduce costs and extract
value from your data.
28. Tools – IBM
The IBM InfoSphere Information Governance
solutions establish sustainable governance of
information quality, master the complete
lifecycle of information, secure and protect
privacy and establish standards across all types
of information projects.
http://www-01.ibm.com/software/data/information-
governance/overview.html
29. Tools – Google Vault
Google Vault, a set of information governance
tools for Google Apps customers.
Google Vault provides a place where businesses
can manage, archive and preserve Google
apps data, an action that is key to the
eDiscovery process.
Of course, Google also brings search to bear on
the eDiscovery problem because you can use
Google search tools to find documents that
meet certain criteria in an eDiscovery request.
31. Roles We Can Play…
Law Firms
Get the house in order
Assist corporate clients to get their house in order
Corporations
Proactively get the house in order (ideally before an
event)
Advise in-house and/or outside counsel of processes
needed to develop info governance plan
32. Now is the time to understand and
adopt information governance.
Don't be caught trying to extinguish
a fire when fire prevention was
really the answer.
Hinweis der Redaktion
Law firms should hold/hostcustomer events to talk about information governance in general, how information governance can impact litigation and its costs, and compliance issues related to information governance.Organizations cannot afford to not know what they have & don’t have.