Information Governance

A comprehensive approach for managing information in a digital world

In the pre-digital age of paper-recorded information, many law firms have at some stage had to struggle with mountains of paper that have overwhelmed the storage capacity, efficiency and even profitability of all but the most resourceful of firms. The digital era would seem to have offered relief from paper’s long, cumbersome reign over information management, but data in the voluminous, intangible digital era must also be properly managed. This is an imperative most effectively achieved through the implementation of information governance.

Information governance sounds as though it implies a system of control over data, and in a sense it does involve taking charge of information. But more precisely defined, information governance is a comprehensive, multi-faceted approach for managing, employing and processing information so as to maximize its benefits for an enterprise while meeting regulatory, legal, security, environmental and operational requirements.

The need for such a holistic framework for dealing with huge amounts of data is reflected in some sobering statistics about just how much information is populating and rapidly proliferating in the digital universe. Because data production in the world is doubling every two years, the amount of information in the already wide expanse of the digital universe has been projected to multiply tenfold between 2013 and 2020, with the growth rate rising even more rapidly at some businesses.

Law firms, which among businesses are relatively new to the digital world and traditionally favor comfort zones heavily fortified by documentation, are particularly prone to prodigious data creation.

But the old lumbering model does not work very well when transmission of electronic data can move faster than a gavel in a courtroom, nor is it compatible with an industry that increasingly must adapt to and operate within an internet-driven world.

One factor that has not changed in the legal profession but which makes the adoption of information governance all the more compelling is one that looms over every law firm: litigation and especially its associated process of discovery.

Within the modern framework of e-discovery, the following statistic neatly encapsulates the point of why information governance is so important: For every 1,044 pages of evidence processed through e-discovery, only one is actually produced.

From a cost perspective alone, the aforementioned statistic suggests that the benefits of being able to return only relevant information through e-discovery can be substantial, to the tune of up to a 1,000 percent reduction of costs. Considering the fact that e-discovery is estimated to cost between $1.5 million to $3 million per terabyte of stored information, that would translate into some serious savings. However, even if that figure is far too generous, less optimistic projections would still translate into significant savings.

More conservative, realistic projections for savings that information governance confers upon e-discovery are behind the more basic, yet essentially correct definition of information governance as a system for controlling data. That is because a proactive means for gaining control of and managing more effectively the classification and storage of information makes it easier for a
firm to identify and retrieve only the pieces of data that are relevant to a specific issue.

Some of the key reasons why it is so important for a firm to take charge of its data were enumerated in a 2014 survey of various businesses, a survey whose findings are nonetheless very applicable to law firms. Among the findings, the survey revealed that 50 percent of all businesses had to recreate information because they could not locate the original. Remarkably, 90 percent of these businesses were clueless about the content in their stored data. And finally, 58 percent of the companies had the burdensome habit of retaining information indefinitely.

Why govern data?

The importance of actively governing data rather than allowing data to proliferate to the point where its daunting size governs a firm points to the need for getting ahead of and controlling data accumulation. This is accomplished by identifying and deleting duplicate or extraneous information — as much as 69 percent of data in the possession of most enterprises has no business, legal or regulatory value — and when applied to e-discovery, this application of information governance can dramatically reduce the amount of data to be searched.

Another beneficial and digital-relevant means of controlling and organizing data accumulation is through the use of Cloud-based computing provided by third-party web servers. The Cloud offers a flexible, relatively secure and cost-effective means of archiving information as well as a significant expansion of storage space while freeing up on-premises software.

For law firms, another aspect of litigation that makes reining in data through information governance all the more important is the need for meeting evolving regulatory requirements, particularly security and protection mandates, whether they impact internal information or information belonging to a firm’s clients. A prime example is the 2013 Health Information Portability and Accountability Act, which requires organizational security and protection of stored health information.

Security is a serious, though surmountable, challenge of effective information governance, and it is one that law firms must ensure to avoid any potential damage to their reputation or finances. Information governance that provides effective information security will include a focus on the key concepts of confidentiality, integrity, accessibility, authenticity and reliability.

Security: Striking a balance between confidentiality and accessibility

The value of integrity, authenticity and reliability to law firms is pretty straightforward — information should be accurate, credible and trusted. However, firms must find a way to strike a balance between the need for confidentiality and having accessibility to information. Only authorized users should have access to information, yet the appropriate people must have access to that information when they need it.

Some of the ways in which firms can ensure that the information security aspect of information governance will be implemented include the following: all data should be classified and organized to enable easier identification and retrieval; all sensitive or personal information should be password protected or, better yet, encrypted, which permits the anonymizing of data; and all obsolete data, including data held by third parties, should be safely deleted or destroyed, an objective that ensures data will not be vulnerable to external attack or exploitation.

There is an additional step firms should take to ensure information security, and it concerns social media. With so much of a firm’s proprietary information, customer preferences or marketing trends posted on Facebook, Twitter or LinkedIn, there is always the risk that employee use of those platforms could result in unintentional or intentional leaks of confidential or personal information. Firms must guard against this possibility through reasonable management of such employee communications, just as they would for employee use of emails.

It stands to reason that effective information governance involves management of human resources as much as it does management of the information itself, and the former requires adequate training of staff. However, statistics show that only 16 percent of all businesses conduct regular information governance training of their employees; another 31 percent do no training at all.

Customize governance programs to fit your law firm’s needs

While large law firms with their vast volumes of information stand to gain the most from the implementation of an information governance program, the streamlining, time-saving and cost-effective benefits such data management provides apply to medium and small firms as well, if only on a smaller scale. Indeed, one could argue that medium and small firms, with their more limited
resources, particularly can use the leg up that an information governance program will provide to keep information from disproportionately overloading a firm’s capacity to handle all of it.

An information governance program should be customized to fit the specific needs of a firm, but every information governance program should share some common traits, not least of which is the need to craft a statement that defines in basic terms what the firm seeks to accomplish through implementation of the program.

But beyond a statement defining the objectives of a firm’s information governance program, the firm must also determine which key players will be executing the program, including the members of a ruling committee and a records manager.

While these leading executive and administrative positions are important, a firm’s information governance program must be inclusive, i.e., the firm must define the roles that all other employees will play in carrying out and upholding its information governance policies and procedures.

An information governance policy can cover issues such as security, records management, archiving, records disposal, data privacy and information sharing. More specific procedures will govern how a firm and its employees work with information, including the creation or receipt of information, personal information, and the storing, sharing and deletion of information.

Implementation of an information governance program is not a simple, seamless task and may come across as a challenge to some firms. Thus, it is best achieved when methodically assembled as if each component is treated as a building block and in no particular rush. Information governance is also not a static process and should always be monitored, updated and reviewed to suit a firm’s specific situation and needs.

Operating within a highly competitive and evolving industry, law firms should be particularly sensitive to the need for minimizing the risks and costs of information management. Through the implementation of information governance, law firms can realize those objectives and significantly improve the way they conduct their business.