What is Information Governance?
The Electronic Discovery Reference Model (“EDRM”) commences with the Information Governance (“IG”) stage (see the image below). While the term sounds quite formal, with respect to e-discovery, in practice, “Information Governance” really means getting your electronic house in order so that you can mitigate risks and expenses should e-discovery become an issue in the future. “Getting your electronic house in order” covers the entire data lifecycle, from the initial creation of electronically stored information (“ESI”) through its final disposition, and potentially involves an organization’s entire suite of technology and related processes, policies and strategies. Indeed, IG becomes the foundation and framework of an organization’s management of its information assets and, importantly, the degree to which e-discovery processes are streamlined and cost-efficient is dependent upon having effective IG policies and procedures in place.
What Falls Under Information Governance?
- Policies and Procedures: IG policies and procedures establish the framework for an organization’s data management practices. Policies vary and may include any or all of the following: security; records management; retention and disposition schedules; archiving; data privacy; information sharing; and remote working. Procedures establish the workflow for the information and may include any or all of the following: creating and receiving information; collaboration and sharing information; disposing of information; managing personal information; and acceptable content types. Proactively establishing policies and procedures that govern data management is an invaluable exercise when it comes to e-discovery and general litigation readiness.
- Disaster Recovery, Contingency and Business Continuity: The IG framework also establishes policies, procedures and workflows which address how to handle data loss, and specifically any or all of the following: how to report information losses and security breaches; incident management and escalation; backup and disaster recovery; and business continuity management. These workflows can be planned and tested in advance to minimize delays, risks and potential liabilities. With respect to the e-discovery process, these policies and workflows help an organization understand where data resides and how to identify and handle archived or backup materials should they become relevant in a dispute.
- Audits, Measurement and Review: A critical aspect of effective IG is the inclusion of monitoring procedures so that processes are tested, errors and inefficiencies are recognized, and improvements are put in place. These auditing and review procedures are important in e-discovery because they provide an organization with the ability to confirm that data loss procedures are in place, well-tested and effective in case concerns of data loss, data manipulation or spoliation come into play.
What Are the Benefits of Good Information Governance in the E-Discovery Process?
Effective IG policies and procedures can lead to increased efficiencies and decrease risk throughout the litigation process, and particularly, during the EDRM lifecycle. Knowing where relevant information lies, how it is stored, how it is protected, how it is organized, how to access it and how to use it to your benefit all falls under the umbrella of IG. Having “good” IG practices in place can mean the difference between, on the one hand, incurring unnecessary costs because you need to redo a collection because it was incomplete and in an unusable format and, on the other hand, coming in under budget because you did it right the first time. Implementing effective IG strategies that serve to reduce the storage of information that is no longer needed and encourage the intelligent disposition of data can drastically reduce both an organization’s costly data footprint and the time and costs needed to implement preservation holds and search databases for relevant documents, which helps to avoid costly and wasteful overbroad preservation and collection. When time and effort is devoted to developing and implementing good IG, the result can be measurable cost savings down the line.
What Are the Challenges of Information Governance in the E-Discovery Process?
Organizations are coming to terms with the notion that they maintain ever increasing volumes of information stored in varying formats and locations. Some of this data is important to keep and some can be discarded. One of the challenges with IG in the e-discovery process is actually knowing where all potentially relevant data lives. In my experience, the initial list of data sources and custodians that I receive from a client is never the last, final list. Data sources grow, custodians change and strategies for gathering data follow suit. A second challenge with IG in the e-discovery process is the sheer number of data sources. For example, the use of mobile devices, working remotely and the ramifications of cloud computing and social media should be considered and managed. A third challenge with IG in the e-discovery process is tracking the data from the point of identification through collection and processing. While tracking the data can be time consuming and require close attention to detail, it is incredibly important for security and efficiency. A fourth challenge of IG in the e-discovery process is caused by employee turnover. As part of any data mapping exercise, it is important to designate who is the most knowledgeable about a data source so that you know who to contact when it is time to preserve and collect data. However, that single contact cannot be the only person with that specialized knowledge. It is important to make sure that any IG plan provides multiple human resources, backups and contacts.
In summary, while IG is listed as the first stage of the EDRM, experience shows that it actually weaves through the entire e-discovery lifecycle. Good IG is critical to ensuring that all of the stages that follow, and the litigation as a whole, run smoothly.
DISCLAIMER: The information contained in this blog is not intended as legal advice or as an opinion on specific facts. For more information about these issues, please contact the author(s) of this blog or your existing LitSmart contact. The invitation to contact the author is not to be construed as a solicitation for legal work. Any new attorney/client relationship will be confirmed in writing.