Summary: Sedona Conference Governance Commentary
Just four years after issuing its first Commentary on Information Governance, The Sedona Conference recently released a draft of its updated Second Edition for public comments.
The Second Edition, which bears much in common with the prior version, was revisited to reflect “changes and advances in technology and law over the past four years.” Significantly for the ediscovery world, it emphasizes how the costs of ediscovery “should drive organizations to focus on [information governance] on the front end” so that they can obtain ediscovery results that are “more efficient, less painful, and [that yield] additional benefits from a business perspective.” How? Five critical themes for data management are evident throughout the Second Edition.
1. Strong information governance should start at the top
As before, The Sedona Conference espouses the importance of a strong top-down approach to information governance, championed by the highest ranks within an organization’s leadership. Pulling no punches, it notes that an information governance strategy is not optional. Rather, “organizations face a fundamental choice: they can control their information, or, by default, they can allow their information to control them.”
2. Aim for a holistic rather than siloed approach
That approach to information governance should be cohesive and interdepartmental rather than siloed. The Sedona Conference again doesn’t mince words when it notes that “siloed approaches fail to govern information.” But rather than the ordinary interpretation of silos as separate storage locations for data, this commentary focuses on the silos present across various departments within an organization. When different disciplines or departments divide data into “specialized categories of information issues,” there’s an inconsistent approach to its management. For instance, organizations often approach data from three or more entirely separate directions, including:
- “data privacy and security (focused on protection of regulated classes of information),
- eDiscovery (focused on preservation and production of information in litigation), and
- data governance (focused on information reliability and efficiency).”
By artificially parsing the various considerations for how data is managed, organizations fail to achieve a comprehensive view of their information, leading to inefficient handling of electronically stored information (ESI). Each department ends up “constrained by [its own] culture, knowledge, and short-term goals,” with “no knowledge of gaps and overlaps in technology or information in relation to other silos within the organization.” Taking a holistic view of data and data management can reduce those inefficiencies and improve outcomes across the board.
3. Assess and inventory all data
Building on that holistic approach, Principle 4 emphasizes the importance of making a “comprehensive assessment of information-related practices, requirements, risks, and opportunities.” This begins with a refrain that will be familiar to ediscovery practitioners: “an organization should first identify the various types of information in its possession, custody, or control” and determine where each type of information is stored. In other words, create a data map or inventory.
4. Calculate the costs and benefits of retaining data and dispose of ESI that is not valuable
Countering the traditional “keep it just in case” mentality, The Sedona Conference explicitly recommends a default orientation of disposing of data unless it is required for regulatory compliance, legal preservation obligations, or current business needs. The Second Edition lays out the benefits, risks, and general compliance requirements that organizations should consider when determining the value of data and emphasizes that “the business value decreases and the cost and risk increase as information ages.” It further recommends “consistently implement[ing] protocols designed to track legal holds” to ensure that this enthusiasm for defensible deletion doesn’t lead to the improper spoliation of information that should be preserved.
5. Leverage technology and be ready to adapt
Finally, while The Sedona Conference recognizes in this edition that “the rapid advances in technology threaten to render obsolete” any technology it describes, it nonetheless recommends implementing predictive analytics and other approaches to winnow data down to a manageable volume. Continuing its emphasis on data minimization, it suggests that technology can be used to automate many decisions, such as limiting email account sizes, enabling automatic email deletion, and using technology to categorize and classify data using predictive analytics and other tools. Consider taking the time to read this version, even (or perhaps especially) if you haven’t recently read the 2014 version. And don’t delay: you only have until December 5, 2018, to submit comments by email to firstname.lastname@example.org.