For most enterprises, managing data is like herding billions of very active cats. As corporations moved from paper to digital data (but still retained mountains of paper files), the sprawl initially shocked and disoriented those responsible for knowing where the data was kept.
Fast forward to now, and the shock has worn off. That is not to say that information management is no longer a challenge. Technology continues to crank out new devices that create more data. Meanwhile, employees mingle personal and work data on personal and work devices, sending bits of digital information around the globe. In short, the digital age has created an expansion of governable information unlike anything imaginable pre digital transformation.
Governance in theory remains much tidier than governance in reality. This blog will cover some of the ins and outs of managing information and governing data.
What is Information Governance
Through the lens of ediscovery, information governance is the process of making sure all your company data is in order so that your organization can mitigate risk and control costs, should litigation ever arise. It’s getting your “electronic house in order.”
The process of actually organizing your data is a multi-fold approach that should cover the entire lifecycle of the data, from the creation of electronically controlled information (ESI) to its eventual deletion. Information governance is the groundwork for a company’s control over its information. How successfully your information is governed will determine how smooth and cost-effective any potential ediscovery process might be if litigation arises.
How to Stay Ahead of Information Governance
Having an understanding of information governance and having a robust system in place for governing your information are very different things. With new data privacy regulations popping up constantly, like the EU’s General Data Protection Regulation (GDPR) and California’s Consumer Privacy Act (CCPA), corporate legal teams must be constantly assessing their data and information to make sure they’re in a solid place for litigation. Here are a few key steps for staying on top of your information governance.
1. Conduct a Data Audit
Data security is always a must, even for your ediscovery data. Shockingly, a recent survey found that only 19 percent of ediscovery professionals had conducted security audits on their outside legal service providers. Whether you perform ediscovery in-house or not, it’s important to ensure your defenses are keeping up with ever-evolving cyber threats. When conducted properly, audits go beyond catching non-compliant behavior and can be an effective way to measure, test, and reinforce security protocols on an ongoing basis.
Conducting a data security audit requires investing time and resources, but the benefits far outweigh the costs. Your legal data is one of your most sensitive and valuable assets. A security breach may expose you to potential financial and reputational damage. Protecting that data should be a top priority for every organization.
2. Make a Data Map and Keep it Updated
Data mapping is critical for ediscovery because awareness that information exists is a predicate to any downstream ediscovery process. Simply put, an organization cannot preserve, collect, process, review, or produce information unless it is aware that it has that data. Knowing what data exists, where it is, and what custodians manage it is therefore a key first step in information governance and litigation readiness.
In order to know what data exists, organizations need to have a handle on what ESI they have stored and where. Electronically Stored Information, or ESI, is any information that is created or stored digitally. Under revisions made to the Federal Rules of Civil Procedure (FRCP) in 2006, ESI was legally defined to assist with ediscovery processes as well as to accommodate litigation pertaining to electronic records. FRCP rules state that one party may present another with a legal request for documents and/or electronically stored information – including writings, graphs, charts, photographs, sound recordings, images and other data compilations – stored in any medium.
Planning for the Future
Information is an ever-evolving thing. Data sources will continue to change, custodians retire or switch positions, and new data streams or storage devices are added on an ongoing basis. Corporate legal teams that regularly revisit and update their information governance policy will be prepared to answer external ediscovery or regulatory compliance document requests and can respond promptly to the threat of litigation efficiently and effectively.