Empower Your Information Governance with eDiscovery

IG
.com
Empower Your Information
Governance with eDiscovery
Technologies
A useful guide designed to help information
management professionals blend traditional IG
methods with eDiscovery workflows.
Written by The Engineering & Customer Success Teams at Logikcull.com
Page 1 of 12
.com
Advances in technology have made it affordable, even advisable, for businesses
of all sizes to keep massive amounts of data. “Big data” is a buzz word that
fills people’s minds with pictures of massive datasets they can use to track
and predict customer behavior in ways that were previously impossible,
or at the very least unaffordable. Shifts in data trends have resulted in the
storage, retention, and preservation of huge collections of data, from in-house
documents to online content. Unfortunately, storing, retaining, and preserving
data isn’t enough. Data needs to be managed in order to be useful.
All of this data can be a company’s greatest asset, but it can also be a dangerous
liability. Data becomes an asset when it is transformed into useful information
that is managed effectively. Data becomes a liability when it is unused, misused, or
mishandled. The difference is often the result of conscious, purposeful, strategic efforts
to transform data and manage the resulting information.
Exacerbating the pitfalls of data mismanagement are the very real threats resulting
from a digitized global world. When constructing an information management strategy,
it is important to realize that the same technologies that empower organizations to
collect, process, and transmit more data are also used by other entities to steal data.
Some people still cling to the idea that data theft is the result of malcontent hackers
who perform their heists with few resources. Unfortunately, current evidence indicates
that corporate espionage may often be the result of concerted efforts on the part of
foreign governments that leverage stolen data for economic gain.
Related - Read our white paper on: How to Prevent Your Client’s Data from Getting Hacked
This problem is so prevalent, so real, and so damaging, with losses ranging in the billions of
dollars, that governments, universities, and private organizations are cooperating in an effort
to end the pilfering. For example, Convington & Burling LLP, in cooperation with George
Washington University’s Cyber Initiative, conducted a thorough exploration of economic
espionage and trade secret theft in relation to the legal and policy landscape, and produced
an excellent overview, stating, “In short, the same technologies responsible for accelerating
global growth are also being used to steal proprietary information and harm economies.”
Empower Your Information Governance with eDiscovery Technologies
Page 2 of 12
.com
For businesses, this means that foreign interests, perhaps empowered by government
entities, are conducting massive campaigns to intrude upon corporate information
networks in an effort to glean proprietary information, trade secrets, and other valuable
information in an effort to make decisive advancements using others’ information
investments. Combine this mounting threat with the overwhelming amount of data
being generated and stored, it’s clear that classic information management strategies
are no longer adequate. The solution proposed by many information experts is secure
information governance.
IG
Introducing Information Governance
According to Gartner, “Information governance is the specification of decision rights
and an accountability framework to encourage desirable behavior in the valuation,
creation, storage, use, archival and deletion of information. It includes the processes,
roles, standards and metrics that ensure the effective and efficient use of information
in enabling an organization to achieve its goals.”
In order to truly grasp what that definition means for organizational processes, the
definition must be broken down into component parts. Information governance is:
• A framework established with conscious, purposeful, strategic intent.
• A systematic specification of decision rights and accountability.
•A means of encouraging behaviors that assign value to data, transform data into
information, and put information to beneficial use.
•A set of processes, roles, standards, and metrics that control the use, storage,
archiving, and deletion of information.
•An effective and efficient means of leveraging information to achieve
organizational goals and objectives.
Simply put, information governance (IG) ensures that data and information are
organizational assets by creating the structure through which data is transformed into
useful information, which is then managed effectively in a secured digital environment.
Furthermore, for IG to add value to the organization, it has to empower information
users with access to otherwise secured information, while minimizing the wastefulness
of storing valueless and expired data.
Empower Your Information Governance with eDiscovery Technologies
Page 3 of 12
.com
In its full context, IG sounds overwhelmingly difficult. Luckily, there is an unexpected
resource that can tame the data monster and transform burgeoning data files into
actionable, informative datasets with tangible value.
Start with People
Information governance is not, primarily, an issue of technology. The decisions
regarding IG are not IT decisions. Gartner’s Debra Logan says, “The people who staff
the functions that produce and use the information are the people who know its value,
understand what they need to save for recordkeeping purposes, can point out the
current version of documents, should know how long a given document or set of data
is going to be useful from a business continuity perspective.”
So, the decisions regarding IG require the input of the people who create and use
information. However, an executive or manager must lead the IG charge, because the
IG decision maker must balance the needs of information users with the expense
of information governance to determine which organizational resources should be
devoted to data management. An executive would also have the authority to address
the culture and personnel of the organization, which may resist any changes to current
information management practices.
Save Everything
In the age of “big data” and Web 2.0 capabilities, businesses can literally save
everything. But why should they? Sure, if every byte of information is saved, users can
go back and use it again. But do they ever use it again? Should they use it again? How
much value does saving excess data really add to organizational efforts? The point of
information governance is to take a serious look at these questions, determine what
is really needed, make it useful, and discard what isn’t at all useful. Saving everything
may be affordable, but it is not a useful consumption of organizational resources and
does not facilitate the effective use of valuable information.
Strategy vs. Technology
Information and data management is not an IT problem, and it’s not a problem that
can be solved solely with technology. The decision makers with the organization
need to make and enforce IG decisions. Those decision makers need the input
from information users to know what does and does not have value. But, once an
Empower Your Information Governance with eDiscovery Technologies
Page 4 of 12
.com
organization has all of that, the organization will need an IT solution to manage the
IG process. This will involve sorting through the data in a way that doesn’t consume
an exorbitant amount of time and resources. Without such a solution, information
governance is a pipe dream that will cost more than it’s worth. The solution exists, but in
order to fully appreciate the technological solutions available to organizations engaging
in information governance, it’s essential to understand the technical side of information.
IGTechnical Side of Information Governance
The
The technical side of IG revolves around the framework itself: the processes,
procedures, standards, and controls that ensure the effective and efficient management
of information. Regardless of the information medium, managed information should
support an organization’s mission and goals. It is especially important to consider
the needs and responsibilities of the legal, compliance, and IT departments when
structuring the framework that will manage the organization’s information.
An effective IG framework will support a variety of information management processes,
procedures, standards, and controls. While every organization must construct a unique
IG framework to meet its information needs, every comprehensive IG framework shares
some basic objectives. A strong, effective, and efficient IG framework will meet each of
the following objectives in a way the supports the goals of the entire organization.
Records Management
Clearly, records management is an overarching goal of information governance. This is
the first thing most people think of, which unfortunately results in an undervaluing or
oversimplification of IG. According to Yusof and Chell in Records Management Journal,
records management is consistently undervalued, in part because records management
lacks the rigorous theoretical framework that supports many other business disciplines.
Ironically, the need for information governance reinforces the importance of records
management, particularly as it relates to other overarching objectives like accessibility,
security, and compliance. Making systematic records management a founding aspect of
the information governance framework ensures information empowers and adds value
to the daily operations of the organization.
Empower Your Information Governance with eDiscovery Technologies
Page 5 of 12
.com
Information Accessibility
Along with records management, information accessibility is a main driver of
information governance. There are few things that are more frustrating than to know
that an organization has terabytes of information, and yet the people who need to use
it cannot find it or access it. Successful information governance solves this problem
by storing and archiving information with a mind to its use, so that the people who
should have access do have access and those who shouldn’t have access don’t. In
fact, according to Gartner, information should be so accessible that a keyword search
interface should be available to locate it. Information governance makes this possible,
while also protecting information from inappropriate access.
Information Security
In the end, information governance comes down to information security. Unfortunately,
considering the domestic and foreign threats to information ranging from viruses and
malware created by malcontent hackers to global espionage campaigns perpetrated
by foreign governments, information security has to be rigorously protected. The
alternative is simply unthinkable. Disruptions in service, lost or damaged data, and
data theft can become huge financial disasters, some of which are sufficient to force
a business to close its doors forever. Furthermore, in the high-regulation environment
many businesses operate in, not only is information security required for the business’s
well-being, it is required by law.
Compliance
Information security is, of course, not the only compliance issue organizations
face. Every business operates in an industry full of industry, local, and government
regulations and laws that seek to control operations in some way or another. These
regulations and laws are constantly evolving, particularly in our present highregulation environment, which requires a higher degree of diligence when it comes
to handling an organization’s information and documenting and proving compliance.
Regulations govern what information a company can collect, how information should
be used, how it should be retained, and who the company can share its data with. Noncompliance of these standards may lead to harsh penalties and sanctions, sometimes
involving fines of $100,000 or more per violation. Contracts and permits may be lost.
Lawsuits may be filed. The company’s reputation may be irrevocably destroyed. And it’s
all preventable.
Empower Your Information Governance with eDiscovery Technologies
Page 6 of 12
.com
A comprehensive IG framework ensures that the organization puts in place strategies
for integrated security risk management and continuous compliance monitoring
in accordance with industry standards and regulations. This framework empowers
companies to retrieve records from any electronic or physical location to demonstrate
transparency and compliance, as well as providing secure access to records, email,
and other information sources for authorized users. In short, by building a strong
compliance program within an effective IG framework, companies will minimize risks
and maximize their ability to compete.
Information Privacy
Information privacy would appear to fall under either information security or
compliance, and in reality it falls under both. However, considering its independent
importance and the consequences of failing to secure private information, achieving
information privacy is a distinct objective of any information governance framework.
A secure IG system will ensure that private information and communications are
accessible only to those that have proper authorization, preventing the dissemination
of private information to unauthorized sources. Again, the consequences of failure can
be monumental, leading to multi-million dollar lawsuits and exorbitant government
fines. Thus, companies that collect and retain significant amounts of personal
information must take strong measures to secure it. Those that succeed will protect
themselves against data privacy lawsuits, like the recent lawsuit against the Schnucks
supermarket chain, gaining a competitive advantage over companies that do not
proactively protect personal data.
The IG/eDiscovery Connection
eDiscovery typically refers to one of two things. Electronic discovery, or eDiscovery, is
a process used in litigation to “discover” documented information for legal purposes.
eDiscovery is also an electronic document processing technology that allows you to
learn more about your documents and manage them effectively. eDiscovery software, like
Logikcull.com, was originally developed for use in litigation, and is still used to locate and
include (or exclude) documents in a dataset based on content, file type, language, email
domain, and much more, inside and outside the legal environment. In short, effective
eDiscovery software is an easy, convenient way to manage electronic documents.
Empower Your Information Governance with eDiscovery Technologies
Page 7 of 12
.com
eDiscovery software has had a big impact in litigation cases, reducing the costs of
the discovery process significantly. However, eDiscovery software’s ability to tame
data monsters isn’t just for law firms. eDiscovery capabilities can be as essential
for information governance as information governance is for the litigation-related
eDiscovery process.
Using eDiscovery for Information Governance
An effective IG system will utilize eDiscovery capabilities, so that you can use metadata
to eliminate irrelevant files from your dataset. Your eDiscovery capabilities will also
be able to intuit which parameters will be effective with a particular dataset, as some
files may have poor optical character recognition (OCR) and others may be unreadable,
unviewable, or unsearchable. Litigation experts have used semi-automated workflows
to cull data, but an eDiscovery program used for information governance should have
these capabilities built into the system. In short, eDiscovery is the IT solution that will
sort through an organization’s unorganized data without consuming an exorbitant
amount of time and resources, transforming information governance from an insanely
expensive pipe dream to an attainable, affordable reality.
Sample IG + eDiscovery Case Study: Matter Mobility
For law firms that have newly hired attorneys coming into the firm or attorneys that
have recently left the firm, matter mobility can become a huge drain on already
strained resources. In the context of incoming attorneys, matter mobility is the process
of importing a newly hired attorney’s files, which range from electronic records to
handwritten documents or other physical evidence, into the firm’s document &
matter management systems. This incoming matter mobility process can be fairly
straightforward and quick, but can easily become time consuming in the event of a
law firm merger where a large number of new attorneys are entering the firm or if the
files themselves are complicated (i.e. unorganized, missing metadata, proprietary file
formats, etc.).
Where matter mobility is almost always a drain on resources is when an attorney
leaves the firm and the matter-based files belonging to the attorney need to be
thoroughly reviewed, culled, and exported by someone familiar with the outgoing
attorney’s matters, usually another attorney, before the files can leave the firm. Unlike
eDiscovery software, most document management systems used by law firms aren’t
built for document review and culling, which makes it incredibly difficult to quickly
Empower Your Information Governance with eDiscovery Technologies
Page 8 of 12
.com
complete even a small matter mobility project. To make matters worse, attorneys
tasked with reviewing an outgoing attorney’s files are reluctant to do so because it is
not billable work and thus takes away from spending time on their own client matters.
This, combined with software that isn’t designed for quickly reviewing and culling files
(e.g. using a Mac or iPad) from anywhere a reviewing attorney may be, makes matter
mobility work a drain on a law firms valuable resources.
A potential solution to significantly speed up any matter mobility project is to utilize
the document review and culling capabilities commonly found in many eDiscovery
software applications. In a proof of concept with the law firm Orrick, the Information
Governance and Records Management team, utilizing a cloud-based eDiscovery
software, was able to reduce the time to complete a common matter mobility project
from 10 days to 2 hours. A time savings of 9 days and 22 hours for one matter mobility
project is a significant reason to consider utilizing an eDiscovery software for matter
mobility. The Orrick team was able to accomplish this by leveraging the eDiscovery
software’s native capability to filter the files by email domains, date ranges, keywords,
and a variety of other eDiscovery-specific analytical features. Since most eDiscovery
software has built in document export options for producing data to requesting
parties, the team was able to utilize this functionality, and easily package up the
outgoing attorney’s files into a Zip file that could be conveniently transferred to
another firm.
This combination of Information Governance and eDiscovery software is just one area
where efficiency seeking IG professionals can take advantage of existing software
solutions to make IG an even more valuable function within any law firm or organization.
Using Information Governance for eDiscovery
The reverse is equally true, because organizations all too often face the possibility
of litigation, even when they are rigorously compliant. Information governance that
incorporates eDiscovery capabilities into the framework will be prepared for such
possibilities, and may be able to use this preparedness to avoid, or at least limit the
costs of the possibility of litigation.
Empower Your Information Governance with eDiscovery Technologies
Page 9 of 12
.com
Simply put, when information is “discovered” for litigation that information must be
collected, processed, reviewed, and produced. This process is often cited as the most
expensive part of litigation. However, when an information governance framework
utilizes the advantages of eDiscovery software, the required information has already
been collected and processed, and, because this is done on behalf of the organization
and with the organization’s full cooperation, the quality of the collection and
processing is superior. So, the organization reaps an immediate savings on the cost of
“emergency” document collection and processing.
Typically, the eDiscovery process, in reference to litigation, can cost $3 million or more
per year. Unfortunately, when done “under the gun” of litigation, this process may be
done so poorly that reports approximate that more than 50% of reviewed documents
may be produced improperly. This could result in a lost litigation case or the public
release of proprietary information that should not have been disclosed during the
review process. Poor eDiscovery can cost up to $60 million per year, which is simply
the result of unpreparedness. Information governance that incorporates eDiscovery
capabilities can ensure the organization is prepared, which will improve the quality of
the review process while simultaneously decreasing its cost. Thus, the review process
will produce reliable results that can forestall additional litigation expenses
at considerable savings.
Empower Your Information Governance with eDiscovery Technologies
Page 10 of 12
.com
The Bottom Line: IG & eDiscovery Works
When people start considering information governance, it seems overwhelming. Maybe
it still seems overwhelming. The stakes are incredibly high, too high to ignore. Creating
an information governance framework is complicated. The process will span the
entirety of the organization. But the rewards are many, including:
• Significantly reducing the costs pertaining to security threats.
•Significantly reducing the costs pertaining to litigation and eDiscovery.
•Minimizing the possibility of data theft.
•Minimizing the possibility of litigation losses and government fines due to
compliance and security failures.
•Maximizing the organization’s preparedness for transparency and compliance
requests, as well as litigation processes.
•Maximizing employee accountability for information management.
•Improving business operations with regard to the use of information.
•Improving the ability to achieve organizational goals.
The aim of every business is to reach its goals with utmost efficiency and with the
least disruptions. A comprehensive information governance framework empowers the
business to achieve this overarching purpose more efficiently and more quickly. After
all, information is power. In fact, information may be the most vital currency on the
market today. Proper information governance leverages the power of information to
further business goals, while protecting business assets.
As difficult as this may seem, no business needs to engage in information governance
alone. Information governance is a complex system of information management that
begins and ends with the needs of the organization and its people in mind. By using an
IG framework with eDiscovery capabilities, you can ensure that information governance
is the affordable, effective solution that tames your data monsters.
Empower Your Information Governance with eDiscovery Technologies
Page 11 of 12
.com
About Logikcull
Logik is the creator of www.logikcull.com - the leading cloud-based eDiscovery
platform. Logikcull is ideal for corporations and law firms that want an easy-to-use,
affordable, and secure eDiscovery platform without needing to invest in significant
hardware and software costs. Logikcull can be accessed using PCs and Macs as well as
mobile devices including the iPhone and iPad.
To keep customer data secure, Logikcull.com resides behind an enterprise SSAE16 SOC1 Type II certified data center. For added security and customer comfort, Logikcull is not
hosted in a public cloud like Amazon Web Services (AWS). Some use cases for Logikcull
are: eDiscovery & document review, information governance, document archiving,
document collaboration, deal rooms, matter mobility, and internal investigations.
Logik is headquartered in Washington, DC and was founded by Andy Wilson and
Sheng Yang in 2004.
Visit www.logikcull.com
Email [email protected]
Call 1-800-951-5507
Follow us on Twitter @logikcull
Empower Your Information Governance with eDiscovery Technologies
Page 12 of 12