By Marcus Durand on Thursday, July, 15th, 2021 in Articles,Blog Posts,Blog: Records & Information Management (RIM),Latest Updates. No Comments
The New eDiscovery Landscape
Before the onset of the COVID-19 pandemic, businesses in industries with high litigation risk were facing increasingly complex eDiscovery challenges, thanks in large part to the big data revolution. Covid-19 has added another layer to the eDiscovery sphere, as the burgeoning remote workforce has created new data sources that must be managed and protected. Modern enterprises have new data types (novel and non-standard), which are expanding the scope of what is discoverable. Electronically stored information (ESI) now encompasses social media, streaming media, text messages, wearable technology and, yes, online meeting recordings.
eDiscovery teams must be knowledgeable about the legal implications of managing responsive data on these new, seemingly far-flung data repositories. Of course, expanding the scope of data to be identified, preserved, collected, processed, reviewed, and produced has the potential to slow down discovery and increase cost. Beyond litigation, data breaches are more prevalent than ever, and another source of poor data management are possible violations of individual privacy. A cyber incident can cause a costly investigation and can cost an organization millions of dollars for incident response, fines, and potential damages to affected individuals. To complicate matters further, legal departments face pressure from leadership to reduce costs.
With an explosion of data from new and varied sources, how can companies take a proactive posture in managing eDiscovery risk?
How effective Information Governance can reduce eDiscovery Risk
To effectively manage eDiscovery risk, companies must build a governance framework that identifies discoverable data and applies lifecycle management to minimize that data. While there are a number of different approaches that can be taken to tame the big data beast, companies are increasingly turning towards the interdisciplinary field of information governance.
So, what is information governance and how can it help manage eDiscovery risk? According to ARMA International, “Information Governance is the overarching and coordinating strategy for all organizational information. It establishes the authorities, supports, processes, capabilities, structures and infrastructure to enable information to be a useful asset and reduced liability to an organization, based on that organization’s specific business requirements and risk tolerance.” (ARMA Guide to the Information Professions[1])
Information Governance is a comprehensive, cross-functional strategy built on traditional records management and enterprise content management that maximizes informational value while reducing informational risk throughout the records lifecycle. An effective Information Governance program positions the organization to focus on gaining insight and value from content that has true business value, enabling organizations to mitigate risks, reduce costs and increase efficiencies.
Information Governance is a holistic approach to managing an organization’s information assets, incorporating multi-disciplinary strategies that aim to maximize informational value while reducing risk and aligning with the organization’s strategic goals. Policies, procedures and workflows, as well as infrastructure (technology) form the basis of an Information Governance program.
Policies and procedures establish the governance framework for the program. These policies and procedures incorporate records and information lifecycle management, security and risk management. Specifically, a records retention schedule that is supported by robust procedures and oversight ensures that records are destroyed in a legally defensible manner while minimizing Discovery exposure. Additionally, the Information Governance framework helps to ensure that the organization’s technological infrastructure and systems are in alignment with overall organizational objectives.
While a records and information management policy and retention schedule can provide the legal defensibility needed to destroy records in a compliant manner, it will be hard to enforce if an organization does not have a clear understanding of not only where source repositories reside, but also where copies of records may be stored. After all, if a record is deleted from its source repository while copies still reside in paper, email, SharePoint and system backups, then those copies become discoverable. Thus, for the records retention schedule to effectively minimize Discovery risk, an organization must have a mechanism for systematically identifying and destroying records located in both source and copy repositories, and system backups.
Accordingly, a data map is an effective approach to create a comprehensive and accurate picture of where an organization’s information assets reside. Planning and conducting a data map is beyond the scope of this article, but after this task is complete stakeholders will clearly be able to determine data (or records), data sources, location, how data is being used, and who has access to it. All original and copy repositories must then be linked back to the records retention schedule to enable electronic records lifecycle management and minimize Discovery exposure. The process will require involvement and input from many throughout the enterprise in order to create a complete and precise map. Finally, a current data map will add structure to unstructured information, and an organization will be better positioned to store, manage, and discover ESI efficiently.
Finally, robust monitoring and controls are necessary to the sustainability of an effective eDiscovery program. Fortunately, compliance monitoring is a critical component of effective Information Governance programs. For larger organizations, there are a number of technology applications that can be quite effective in monitoring the movement of organizational data and providing timely information to management stakeholders. However, organizations large or small cannot rely on technology alone to preserve the integrity, security and lifecycle of organizational data. User training and systemic auditing are necessary to ensure continued compliance and effectiveness.
How to Get Started
Building an eDiscovery Program based on Information Governance principles can be an intimidating task. Cadence Group has been providing information governance and records management consulting services to public and private sector organizations of all sizes for over a quarter century. Our certified consultants can help get your organization’s information governance program off the ground by providing:
- A full information governance program assessment and compliance roadmap
- Records retention scheduling, including legal research
- Records inventorying and information mapping
- Physical and electronic records cleanup strategies
Click here to set up a free consultation.
[1]ARMA International, “ARMA Resources: Information Governance,” ARMA, 2021, https://www.arma.org/page/Information_Governance.