Information Governance &Management Practices,Managing Data to Lower Risk& Costs, and e-DiscoveryImplicationsILTA Meeting –...
OverviewWhy implement datamanagement practices? ―Ijust keep everything.‖
OverviewUnmanaged data raises… Costs – Infrastructure, labor, power,onsite/offsite storage, backups &disaster recovery, ...
Overview Information Governance (Managed Data) Adds value by supporting the business strategy Revenue Efficiency Comp...
OverviewInformation managementpractices should beimplemented at all companiesthat may be subject to…LitigationRegulatio...
OverviewApplied to Electronic Discovery Discovery is the process of exchanging evidencebetween parties. During discovery...
OverviewAddressed at the Far Left of theElectronic Discovery ReferenceModel
OVERVIEW EDRM - Information Management Many issues can be better managed if thisstage is taken seriously and implemented...
Overview “Part of the reason eDiscovery is so expensiveis because companies have so much data thatserves no business need...
Overview Sanctions have been issued for the failure topreserve documents, negligence during theprocesses, and delay in de...
OverviewData Growth 40 Zettabytes is how much digitally stored data humankind willpossess by 2020 - IDC Data production...
InformationManagement/InformationGovernance The set of multi-disciplinary structures, policies, procedures,processes and ...
Records Management (RIM) Records Management is management responsiblefor the efficient and systematic control of thecreat...
Data Retention Policies Policies of Data Meeting Legal and Business Requirements Weighs Legal and Privacy Concerns Det...
Resources IGRM (Information Governance Reference Model) -http://www.edrm.net/projects/igrm ARMA International - http://w...
Information GovernanceReference Model (IGRM) Provides Common, practical, & flexible framework Helps organizations devel...
ARMA International MaturityModel for InformationGovernance Defines the characteristics of informationgovernance programs ...
ARMA International MaturityModel for InformationGovernance Characteristics typical for each of the ‗Principles‘(Generally...
People, Process, &Technology One of the reasons companies hesitate to createand enforce retention policies is cost of sof...
StakeholdersCollaboration Must Exist Between Business Users – Operate the organization Records Management - Control of ...
Approach Identify what you have Assess Risks Business needs Legal holds Regulatory obligations Develop Plan Documen...
Questions to Ask AboutData Does the Data Have Business Value Is the Data a ‗Record‘ and is it still under retention Is ...
Practices Develop a transparent and collaborative team Understand the locations (includes BYOD &Cloud) of the data & cre...
Practices Manage all information, not just ―records.‖ Connect legal, privacy and regulatory retention obligationsdirectl...
Tools – EMC Comply with business rules and policies, industryand governmental regulations, and assuresecurity and privacy...
Tools – Nuix Nuix information governance solutions transform yourorganizations unstructured data from a liability to an a...
Tools – IBM The IBM InfoSphere Information Governancesolutions establish sustainable governance ofinformation quality, ma...
Tools – Google Vault Google Vault, a set of information governancetools for Google Apps customers. Google Vault provides...
OpportunitiesCorporate/C-Level PersonnelAttorneysBusiness UnitsRecords ManagersTechnologists
Roles We Can Play… Law Firms Get the house in order Assist corporate clients to get their house in order Corporations...
Now is the time to understand andadopt information governance.Dont be caught trying to extinguisha fire when fire preventi...
Information Governance, Managing Data To Lower Risk and Costs, and E-Discovery Implications
Upcoming SlideShare
Loading in …5
×

Information Governance, Managing Data To Lower Risk and Costs, and E-Discovery Implications

735
-1

Published on

Information governance, records and information management, and data disposition policies are ways to help lower costs and mitigate risks for organizations. Policies and procedures to actively manage data are not just an IT "problem," they're a collaborative business initiative that is a must in today's "big data" environment. With electronic discovery rules, government regulations and the Sarbanes-Oxley Act, all organizations must proactively take steps to manage their data with well-governed processes and controls, or be willing to face the risks and costs that come along with keeping everything. Organizations must know what information they have, where it is located, the duration data must be retained and what information would be needed when responding to an event.

There have been numerous instances of severe legal penalties for organizations that did not have an electronic data strategy, tools, processes and controls to locate and understand their own data. In addition, the risks of unmanaged data include skyrocketing infrastructure and personnel costs and an increase in attorney time to manage massive amounts of data when a litigation event occurs.

Information governance is needed much like any business continuity and disaster recovery plans, but with an understanding of data: where data are located, how data are managed, event response, and regular testing of processes and procedures for preparedness.

Published in: Business, Technology
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
735
On Slideshare
0
From Embeds
0
Number of Embeds
2
Actions
Shares
0
Downloads
21
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide
  • Law firms should hold/hostcustomer events to talk about information governance in general, how information governance can impact litigation and its costs, and compliance issues related to information governance.Organizations cannot afford to not know what they have & don’t have.
  • Information Governance, Managing Data To Lower Risk and Costs, and E-Discovery Implications

    1. 1. Information Governance &Management Practices,Managing Data to Lower Risk& Costs, and e-DiscoveryImplicationsILTA Meeting – April 25, 2013David Kearney – Volunteer City Representative
    2. 2. OverviewWhy implement datamanagement practices? ―Ijust keep everything.‖
    3. 3. OverviewUnmanaged data raises… Costs – Infrastructure, labor, power,onsite/offsite storage, backups &disaster recovery, disguises truediscovery costs, and review time. Risks – Credibility, sanctions, internalburden, security, litigation, andcompliance & regulation, e.g.Healthcare
    4. 4. Overview Information Governance (Managed Data) Adds value by supporting the business strategy Revenue Efficiency Compliance
    5. 5. OverviewInformation managementpractices should beimplemented at all companiesthat may be subject to…LitigationRegulations and ComplianceClient/Customer Data Policies
    6. 6. OverviewApplied to Electronic Discovery Discovery is the process of exchanging evidencebetween parties. During discovery, each side must sharewith the other side all information that is relevant to thematter, and significant penalties/sanctions may belevied on any party that does not hand over informationproperly. Because discovery involves the physical collection,restoration, and review of information, it is a costlyprocess. If the scope of the information an attorneyrequests is too broad and results in excessive informationbeing produced, the litigation costs will be exponentiallyincreased.
    7. 7. OverviewAddressed at the Far Left of theElectronic Discovery ReferenceModel
    8. 8. OVERVIEW EDRM - Information Management Many issues can be better managed if thisstage is taken seriously and implemented withconsistent & sound practices. This is THE STARTING POINT for the entire process.Sound and comprehensive informationmanagement strategies aid organizations inthe identification, preservation, and collectionsteps of the process and can lower the numberof documents that need to be preserved,collected, reviewed and produced. This iswhere more organizations can GET IT RIGHT.Furthermore, risks and costs are reduced.
    9. 9. Overview “Part of the reason eDiscovery is so expensiveis because companies have so much data thatserves no business need. … Companies aregoing to realize that it’s important to get theirinformation governance under control to get ridof the data that has no business need … inways that will improve the companys bottomline…” — U.S. Magistrate Judge Andrew J.Peck, CGOC Faculty Member, in a videointerview courtesy of JD Supra Law News,February 4, 2013.
    10. 10. Overview Sanctions have been issued for the failure topreserve documents, negligence during theprocesses, and delay in delivering requests… Pension Committee of the University of MontrealPension Plan v. Banc of America Securities, LLC Harkabi v. SanDisk Qualcomm v. Broadcom Philip Morris Morgan Stanley
    11. 11. OverviewData Growth 40 Zettabytes is how much digitally stored data humankind willpossess by 2020 - IDC Data production will be 44 times greater in 2020 than it was in2009. According to estimates, the volume of business data worldwide,across all companies, doubles every 1.2 years. According to execs, the influx of data is putting a strain on ITinfrastructure. 55 percent of respondents reporting a slowdown ofIT systems and 47 percent citing data security problems,according to a global survey from Avanade.Data generation will become significanteven at the smallest of organizations
    12. 12. InformationManagement/InformationGovernance The set of multi-disciplinary structures, policies, procedures,processes and controls implemented to manage information at anenterprise level, supporting an organizations immediate and futureregulatory, legal, risk, environmental and operational requirements.–Wikipedia, 3/12/13 The specification of decision rights and an accountabilityframework to encourage desirable behavior in the valuation,creation, storage, use, archival and deletion of information. Itincludes the processes, roles, standards and metrics that ensure theeffective and efficient use of information in enabling anorganization to achieve its goals. -Gartner A holistic approach to managing and leveraging information forbusiness benefits and encompasses information quality, informationprotection and information life cycle management. -IBM
    13. 13. Records Management (RIM) Records Management is management responsiblefor the efficient and systematic control of thecreation, receipt, maintenance, use, and dispositionof records, including processes for capturing andmaintaining evidence of and information aboutbusiness activities and transactions in the form ofrecords. A Record is any recorded information, regardless ofmedium or characteristics, made or received andretained by an organization in pursuance of legalobligations or in the transaction of business
    14. 14. Data Retention Policies Policies of Data Meeting Legal and Business Requirements Weighs Legal and Privacy Concerns Determination of Time, Rules, Data Formats Determination of Storage, Access, & Encryption A Legal Strategy that Affords Certain LegalProtections
    15. 15. Resources IGRM (Information Governance Reference Model) -http://www.edrm.net/projects/igrm ARMA International - http://www.arma.org/ InfoGov Community - http://www.infogovcommunity.com/ AHIMA (American Health Information Management Association)- http://www.ahima.org/
    16. 16. Information GovernanceReference Model (IGRM) Provides Common, practical, & flexible framework Helps organizations develop and implementeffective and actionable information managementprograms Offer guidance to stakeholders within organizations Facilitates dialogue among stakeholders byproviding a common language and reference fordiscussion and decision-making based on the needsof the organization
    17. 17. ARMA International MaturityModel for InformationGovernance Defines the characteristics of informationgovernance programs at differing levels ofmaturity, completeness, and effectiveness. The Principle (Generally Accepted Recordkeeping Principles) frames8 principles of recordkeeping; Accountability Transparency Integrity Protection Compliance Availability Retention Disposition
    18. 18. ARMA International MaturityModel for InformationGovernance Characteristics typical for each of the ‗Principles‘(Generally Accepted Recordkeeping Principles) of recordkeeping; LEVEL 1 (Sub-standard) LEVEL 2 (In Development) LEVEL 3 (Essential) LEVEL 4 (Proactive) LEVEL5 (Transformational)
    19. 19. People, Process, &Technology One of the reasons companies hesitate to createand enforce retention policies is cost of software,cost of personnel needed to manage it, etc. But,the cost is minimal compared to paying a six-figure settlement. This is a Business Initiative, NOT an exclusive IT,Records, or Legal problem. The process needs defined, adopted, andaudited Technology to automate and assist in definedprocess needs identified, implemented, andaudited
    20. 20. StakeholdersCollaboration Must Exist Between Business Users – Operate the organization Records Management - Control of thecreation, receipt, maintenance, use, anddisposition of records IT – Implements mechanics of Info Governance Legal Risk & Regulatory Departments -Understand the organization‘s duty to preserveinformation beyond its immediate businessvalue
    21. 21. Approach Identify what you have Assess Risks Business needs Legal holds Regulatory obligations Develop Plan Document Plan Implement Plan Follow Plan – Consistency is Key Audit Plan
    22. 22. Questions to Ask AboutData Does the Data Have Business Value Is the Data a ‗Record‘ and is it still under retention Is the Data Under Legal Hold Law Firms – Is the Data Firm Data or Client Data, Is it aRecord, and Do Your Clients Know About It/That YouHave Their Data Corporations – Do You Know Where Your Data Is?
    23. 23. Practices Develop a transparent and collaborative team Understand the locations (includes BYOD &Cloud) of the data & create data map Understand the requirements for the data, suchas regulations, cross-border issues, data types,business needs, and legal needs
    24. 24. Practices Manage all information, not just ―records.‖ Connect legal, privacy and regulatory retention obligationsdirectly to relevant information. Retention periods must take into account the business valueof information in addition to legal and compliance value. Identify where information is located. Ensure that retention and disposal obligations arecommunicated and publicized in a language thatstakeholders can understand. Allow for flexibility to adapt to local laws, obligations andlimitations. Include a mechanism that allows legal and IT to collaboratein executing and terminating legal holds. Identify and eliminate duplicate information.
    25. 25. Tools – EMC Comply with business rules and policies, industryand governmental regulations, and assuresecurity and privacy for employees, customers,and corporate intelligence. http://www.emc.com/archiving/intelligent-archiving.htm Ideal for: Large Enterprises, Financial Services,Healthcare Built to: Improve storage management, Increaseoperational efficiencies, Implement complianceand reduce risk
    26. 26. Tools – Nuix Nuix information governance solutions transform yourorganizations unstructured data from a liability to an assetwith powerful technology and workflows for searching,investigating and actively managing information. http://www.nuix.com/ Solutions for e-Discovery, Information Governance,Investigation, Defensible Deletion, and Archive Search. Enables you to respond quickly and effectively to litigationor regulatory action, mitigate risk, reduce costs and extractvalue from your data.
    27. 27. Tools – IBM The IBM InfoSphere Information Governancesolutions establish sustainable governance ofinformation quality, master the completelifecycle of information, secure and protectprivacy and establish standards across all typesof information projects. http://www-01.ibm.com/software/data/information-governance/overview.html
    28. 28. Tools – Google Vault Google Vault, a set of information governancetools for Google Apps customers. Google Vault provides a place where businessescan manage, archive and preserve Googleapps data, an action that is key to theeDiscovery process. Of course, Google also brings search to bear onthe eDiscovery problem because you can useGoogle search tools to find documents thatmeet certain criteria in an eDiscovery request.
    29. 29. OpportunitiesCorporate/C-Level PersonnelAttorneysBusiness UnitsRecords ManagersTechnologists
    30. 30. Roles We Can Play… Law Firms Get the house in order Assist corporate clients to get their house in order Corporations Proactively get the house in order (ideally before anevent) Advise in-house and/or outside counsel of processesneeded to develop info governance plan
    31. 31. Now is the time to understand andadopt information governance.Dont be caught trying to extinguisha fire when fire prevention wasreally the answer.

    ×