This Information Governance post from Helen Geib, QDiscovery General Counsel, was originally published on LinkedIn here. Please visit the original piece to leave any comment.
“Information Governance 101” was the title of the second CLE from the IndyBar E-Discovery, Information Governance & Cybersecurity section. True to billing, it was an informative primer by Professor Sara Anne Hook of IU’s School of Informatics and Computing, who regularly lectures on the subject.
Information governance is not just for big companies anymore. The high cost associated with managing, storing and protecting electronic data means that small companies and non-profits also need to adopt sound information governance policies and practices. Hook cited a recent survey by AIM and Iron Mountain showing that corporations estimated only 42% of their data is actually useful in their business. Perhaps unsurprisingly given that statistic, the same study revealed that only 10% of companies have effectively instituted a comprehensive information governance program. In short, companies keep too much and use too little.
Law firms are not immune from the pressures of big data. Lawyers in all practice areas will benefit from learning more about information governance for internal law firm application.
In addition, Hook emphasized that there is a (as yet largely unexploited) practice development opportunity for business lawyers and litigators to counsel corporate clients about information governance issues. I would add that focusing initially on high risk areas such as sensitive customer data or information management pain points like email can be an effective strategy in overcoming corporate resistance to initiating an information governance project.
One of the key points made in the presentation was the dual purpose of information governance. The first purpose is to exploit and safeguard information, an important business asset. The second is risk management. Information governance aims to minimize the considerable costs associated with compliance, litigation, privacy protection and routine data storage. An effective information governance strategy recognizes that these dual purposes may sometimes be in tension and attempts to balance them in light of business needs. The strategy should be proactive, not reactive.
Typical information governance initiatives include categorizing information and defining its use, placing appropriate restrictions on access, compliance audits and defensible disposition. Data should be actively managed throughout the information lifecycle. Although there is no single information lifecycle model, there are standard elements that recur in the various competing models. These include data creation, classification, storage and management, retrieval and use, archiving and disposal or destruction. Also important, though too often overlooked, are business continuity planning and disaster recovery.
Whatever its specific points, an effective and defensible information governance program is based on good policies and procedures designed to further the organization’s needs and goals. Creating a culture of compliance through ongoing employee education and training is essential; a program is only as good as its implementation. While fundamentally business driven, information governance also involves legal, IT and compliance.
Information governance intersects with eDiscovery in the area of risk management. First, companies can cut discovery costs by reducing corporate data volume through active data management and defensible destruction (i.e., following a reasonable document retention and destruction schedule in the absence of a superseding duty to preserve). The second benefit is increased discovery preparedness, which is important for both litigation strategy and cost containment. Third, following a reasonable information governance program is a defense to a claim of spoliation under Federal Rule of Civil Procedure 37.
Finally, Hook identified several good resources to learn more about information governance. These included ARMA International, AHIMA (focused on health information management professionals) and EDRM’s Information Governance Reference Model. Notably, ARMA International has published Generally Accepted Recordkeeping Principles that can serve as a valuable guide for all who have a role in information management.
Indianapolis lawyers interested in learning more about the IndyBar E-Discovery, Information Governance & Cybersecurity section are encouraged to visit the section’s page on the bar association’s website. The page includes an active blog and other useful resources.
Helen Geib is General Counsel and Practice Support Consultant for QDiscovery. Prior to joining QDiscovery, Helen practiced law in the intellectual property litigation department of Barnes and Thornburg’s Indianapolis office where her responsibilities included managing large scale discovery and motion practice. She brings that experience and perspective to her work as an eDiscovery consultant. She also provides trial consulting services in civil and criminal cases. Helen has published articles on topics in eDiscovery and trial technology. She is a member of the bar of the State of Indiana and the US District Court for the Southern District of Indiana and a registered patent attorney.
This post is for general informational and educational purposes only. It is not intended as legal advice or to substitute for legal counsel, and does not create an attorney-client privilege.