Information overload: it’s not just something that people suffer from. Organizations today are generally mired in a complex web of data sources, all overflowing with information. What makes it even more challenging is that too many organizations lack information governance policies—or lack enforcement of the policies on their books.
What Is Information Governance?
According to the EDRM, information governance is the first stage of the eDiscovery process. It’s defined as “getting your electronic house in order to mitigate risk and expenses should e-discovery become an issue, from initial creation of electronically stored information (ESI) through its final disposition.” The goal of any information governance project is to help organizations prepare for litigation by helping them understand what information they have, where that information lives, and how they can access, preserve, and collect it for eDiscovery.
But just what does it mean to get your information house in order? Here are some preliminary steps to take.
1. Create a data map.
It’s essential to know what and how much data you’re dealing with—and who controls that data. Use a questionnaire to identify all of the data systems that your organization is using, both officially and unofficially (that is, systems and apps that employees have downloaded without obtaining company approval), as well as who is in charge of managing that data.
Here is a general checklist of things to ask about:
· network configuration;
· network storage and locations;
· operating systems;
· file servers and their contents;
· software applications, including proprietary apps;
· email applications and servers;
· email retention policies;
· legacy or retired systems and software;
· social media;
· websites and cloud-based data;
· text messages;
· computer hardware;
· external media, including hard drives and flash drives;
· remote and personal devices used for business, including smartphones and tablets;
· backup systems and policies, including retention policies; and
· all data-related policies, including policies regarding records retention and the disposition of hardware and former employees’ data.
2. Work with stakeholders.
The plan you create to manage your organization’s information must reflect the goals and needs of key stakeholders from across the organization, including legal, compliance, IT, risk, human resources, and various business units. Consult this group for insight into existing data-related policies and procedures and gaps where improvement is required.
3. Evaluate the applicable legal and regulatory requirements.
It’s important to review the applicable laws—for every jurisdiction where you do business (think General Data Protection Regulation)—and catalog your obligations for managing, retaining, and disposing of data. (The less data you have, the less the risk of violations.) Periodically revisit the laws and regulations to ensure that your obligations have not changed.
4. Set information governance policies.
A core component of any information governance strategy is disposition. Once data no longer holds business value, it should be disposed of, so long as it’s not required to be kept for legal or regulatory compliance purposes.
5. Train employees and enforce your policies.
Irregular enforcement of policies spells disaster in court. To ensure employees adhere to the policy, make sure that your team members are on board with the information governance program and understand how policies affect their day-to-day work. Support from executives and other business leaders is critical to enforcement. Run regular audits to check compliance.
Where to Find Additional Guidance on Information Governance
To learn more about how implementing an effective information governance strategy can boost your eDiscovery efficiency and reduce costs, and for suggestions on how advanced eDiscovery technology can play a role in auditing and classifying your organization’s data, get in touch.