Information Governance and Defensible Disposal: Getting to “Gone”
It’s interesting how certain topics seem to bubble around endlessly just below the surface with no particular energy behind them until: Voilà! The day comes when folks can speak of little else.
Such is the case with – yes, I’ll say it – Information Governance (IG). Even though the forward-thinkers have been trying to gain momentum around this concept for quite some time, 2014 will be known as the year it finally took flight. Anyone who attended this year’s Legal Tech or keeps up with industry blogs and doesn’t know that IG is the biggest buzzword going has apparently been spending too much time blowing up chocolates in Candy Crush.
But, like the paranoid who really is being followed, just because it’s a buzzword doesn’t mean it’s not important. Information governance names what should be an integral part of every organization’s mandate: ensuring security and accountability through policies, processes and standards for electronic data the company relies upon to achieve its business objectives.
The good news (and the challenge as well) is that IG connotes an executive effort from the C-suite—good, because it took quite a while for this to finally trickle up and be recognized as a corporate imperative—but challenging, in that IG requires some very hands-on, non-C-suite types of activities to be truly effective. That’s where buzzwords falter and reality sets in.
But, not to worry. Like corporate compliance, just the aura of information governance emanating from on-high gives credence to the notion that there should be a bright line around the world of electronically-stored information, directing focus to data-related risks and rewards and empowering those with associated responsibilities to step to the plate and do what needs to be done.
And one of the things that needs to be done, often discussed but not undertaken, is a concerted effort to reduce a company’s digital footprint by disposing of the ESI it no longer needs. An effort well worth its weight in freed-up servers and IT resources (not to mention unbilled legal fees), data disposal should be high on the list of IG imperatives for a number of reasons, all of which essentially boil down to reduced cost and risk.
For one thing, data cleanup requires the kind of focused internal investigation that helps more fully describe a company’s true ESI environment, warts and all. This may lead to some not-so-pretty facts about legacy data that no one wants to hear about (like the storage facility where 500 backup tapes from a litigation hold eight years ago live in racks next to dead laptops from departed employees and boxes of old Wang drives), but that’s all the more reason to carry it out. Also, looking at the way data actually accumulates and travels within and outside the enterprise can be revelatory, raising red flags that lead to tighter policies, consolidation of data stores, better employee training, enhanced security efforts and overall heightened ESI awareness in general.
The barriers to data disposal aren’t surprising. The actual ROI isn’t that obvious or calculable. People are busy with things that seem more pressing. It’s hard to figure out where to start or how to do actually do it and to show that you did it defensibly. The problem is, though, and this may be why information governance finally made its big breakthrough this year: we’ve reached the tipping point. Data volumes are growing so big so fast that something’s got to give. You just can’t keep accumulating and storing this stuff forever. And despite all the excitement about “big data,” for most companies it’s more of a big problem, and possibly just a rationalization we’ve all adopted to keep avoiding the disposal effort.
So, what to do in the face of all this existing and accumulating ESI? For one thing, realize that there’s no silver bullet. No one solution is going to fix it and anyone that tries to sell you such a thing may as well throw in a bridge.
Instead, it may make sense to borrow from the psychologist’s toolkit. When a situation seems overwhelming, the best approach is to partialize; that is, assess the totality of the situation and then break it down into manageable units before you consider what action, if any, should be taken for each. Isolate one aspect where you can clean up the data store and do it methodically. Although dead laptops and old Wang drives should be on someone’s list as a longer term initiative to address, it may make more sense to tackle a portion of the live environment first, reducing unnecessary email and fileshare volume and archiving what you need to keep. Prioritize one department or fileshare or email store to clean up, then move on to the next. At the same time, learn as you go and consider what reforms, if any, should be put in place to govern information more effectively for the future. An approach that tends to mitigate data accumulation on an ongoing basis will have the best payoff in the long run.
Let’s face it, governing anything means working diligently to maintain order over chaos. No one thinks governing information is going to be easy, but everyone seems to agree, finally, that it’s absolutely necessary.
Join H5 on Thursday, March 27th from 1:00-2:00 PM EDT for a live webinar to learn about a methodical and practical way to implement a data disposal plan:
“Getting to Defensible Deletion – A Roadmap for Legal & IT”
This expert panel includes Julia Brickell, Executive Managing Director and General Counsel at H5 and Conor Crowley of Crowley Law Office to address the legal considerations, Robert Fowler of Jordan Lawrence to explain how to develop defensible rules, and James Wolf, Senior Technical Director of H5 on leveraging technology to put the rules into action.