By CATHERINE A. CASEY (CEDS) – VICE PRESIDENT
The IGRM (Information Governance Reference Model) Revisited
Two years ago I asked people from Big 4, cutting edge technologists, staffing mavens and fellow eDiscovery geeks “What’s next in eDiscovery in 2014 and beyond?” The usual suspects kept cropping up – Big Data, technology-leveraged solutions, TAR (technology assisted review), BYOD (bring your own device) and social media. But, when I took a step further back, envisioning three to five years of evolution, one thing stuck out in my mind above all else, Information Governance (IG) writ large.
The big picture, in my mind, goes well beyond eDiscovery. In the next few years, there will be a unified approach to information management that is not siloed but rather fluidly constructed to manage information proactively, in real-time and reactively across cyber security, eDiscovery, operational and business needs. These multi-disciplinary structures, policies, procedures, processes and controls will be implemented to manage information at an enterprise level, supporting an organization’s immediate and future regulatory, legal, risk, environmental and operational requirements.
At the LegalTech Trade Show 2015, billed as the largest and most important legal technology event of the year, I attended several panels where this vision was not only discussed but expanded upon. The need for a Chief Information Governance Officer (CIGO) was debated about at length and Jason Baron (Of Counsel Drinker Biddle & Reath LLP) had this to say:
“I think the moment has come for one of two things; a designated head of info governance as a sub-function of legal … or a fully mature model where you have a C-suite person who stands as a peer of the CIO of an organization.”
Information Governance was the hot topic this year, however, a clear and concise explanation of what people meant by Information Governance was notably lacking. In a panel entitled “Information Governance – 2020″, Alison North of ARMA summed it up nicely – Big Data and Security are the two key components. Corporations are racing to monetize every last bit of data for profit, competitive advantage and cost-justification of their huge IT investments on the one hand and scrambling to mitigate the exponential cost (both monetary and reputational risk) of security breaches on the other. The Sony data breach and an 80 million records breach announced by Anthem hammered home the cost of poor IG with regards to Personally Identifiable Information (PII) in particular. The latter case is especially egregious in that the records contained names, birthdays and social security numbers of countless children who are now at risk of identity theft.
Tim Rohrbaugh, Chief Experience Officer at Identity Guard, calls the Anthem breach catastrophic.
“Every terrible outcome that can occur as the result of an identity theft will happen to the children who were on that database.”
Information Governance Writ Large
Information governance is the specification of decision rights and an accountability framework to encourage desirable behaviour in the valuation, creation, storage, use, archiving and deletion of information (Gartner Inc.). It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals. For example, to IBM information governance is a holistic approach to managing and maximizing information for business benefits and encompasses information quality, information protection and information life cycle management.
Another way of looking at it is that information governance is the superset encompassing eDiscovery, access controls, cyber security, privacy compliance and the overall architecture for a corporation or government entity’s data. Information governance was given national recognition in the USA in November 2011, with a directive from President Obama to overhaul current records management processes within the government to encompass current needs more comprehensively; this top down support will further advance the integrated view of true IG.
The New Vision: Integrated IG
In order to support IG in the widest possible sense, practitioners across all the disciplines (that IG touches) need to step back and look at the bigger picture, looking for a deep interconnection between information access and the control needs of an organization.
A Broader View of Information Governance, the EDRM and Cyber Copyright – Cat Casey 2013
Many companies have taken the first step in this transformation which comes with re-envisioning how we model the processes associated with reactive information management. The protocols and tools used to proactively and in real-time manage data are unified under one set of controls or series of controls within most organizations.
However, as soon as there is an incident, legal hold, compliance issue, independent experts in cyber, eDiscovery and/or audit experts are called in and begin to manage the data without regard for the other future needs associated with the data. Companies and providers alike understand the integration of data throughout the organization and the need to look holistically at IG. Service providers with solutions along the full spectrum of IG needs will dominate the market and much like the current end-to-end discovery solution providers, provide a seamless approach to all possible IG needs.
There needs to be an ongoing dialogue between internal IT resources and the providers of services that fall under the IG umbrella and the strained relationship between the two in many instances will need to be ameliorated. That being said, the forward progress over the last two years towards a collaborative approach to all aspects of data management is a welcomed improvement.
Learn more about our eDiscovery/ESI Service
Share Your Thoughts:
