by Mike Quartararo
Anyone who has worked with an organization to preserve and collect data in the course of an investigation or litigation knows that information governance and data management can be a challenge if the company does not have mature policies and practices in place from the outset.
Typically, law firms are working with the general counsel or associate general counsel to identify, preserve, and collect ESI. If a CIO, IT director, or system administrator gets involved, they are usually taking direction from the GC and, in most circumstances, they are reticent at best. EDiscovery can be viewed as a little intimidating to the average IT administrator.
The question that arises is whose job is it to ensure a corporate entity has sound, defensible information governance practices in place?
It’s clearly not a law firm’s responsibility to ensure the client has information governance policies in place. In fact, in most instances, by the time a law firm is involved it’s usually too late — the eDiscovery ship has sailed and there’s no time to take up an information governance initiative. This does not mean the firm should not advise the client to adopt IG practices — it certainly should!
But the answer, of course, is that it is a team effort.
Most organizations get involved in information governance in a very ad hoc if not haphazard way. Usually, it arises in response to some crisis or event, like a subpoena or litigation. Or, it might come about in response to an infrastructure or storage issue. And some organizations face huge data management challenges when two companies merge.
These are just a few of the possible scenarios. Organizations have so much information that the very idea of trying to understand it all can be daunting.
Still, information governance in not an optional endeavor.
One of the primary functions of the general counsel of an organization is to protect the business from risk. There are business risks, legal risks, internal risks, and external risks. A common denominator among risks is information. We live in a corporate world in which 150 million emails are sent every minute. Organizations create, store, and manage tons of information and it is this information that is constantly exposing the business to risk.
Whether it’s an internal bad actor leaking information, the need to secure consumer data, or insight into the scope and reach of litigation holds, these and many other risks must be mitigated.
Information can also be an extremely valuable asset to an organization. Customer data, sales trends, business intelligence — these things and more are likely to help an organization grow.
Why is it then, that fully 40 percent of companies do not have a formal information governance policy? Half of these have no plan or intention to implement one.
The number one obstacle to information governance: Budget. Other obstacles include the siloed nature of businesses — each department creates and stores data separately. There’s also a general lack of understanding and awareness, and the challenges of cultural change within organizations cannot be understated either.
More than anything, what organizations need is strong leadership and executive support. But about half of organizations do not have an information governance leader at all. In most companies, the role falls to the CIO or an IT director or a records manager. This is not good enough. Legal professionals need to lead the conversation, and they need to get all of the stakeholders to the table.
Next week, we’ll take a closer look at exactly who needs a seat at that table.
Mike Quartararo is the managing director of eDPM Advisory Services, a consulting firm providing e-discovery, project management and legal technology advisory and training services to the legal industry. He is also the author of the 2016 book Project Management in Electronic Discovery. Mike has many years of experience delivering e-discovery, project management, and legal technology solutions to law firms and Fortune 500 corporations across the globe and is widely considered an expert on project management, e-discovery and legal matter management. You can reach him via email at firstname.lastname@example.org. Follow him on Twitter @edpmadvisory.