eDiscovery Trends: CGOC’s Information Lifecycle Governance Leader Reference Guide
May 03, 2012
With all of the recent attention on technology-assisted review and current case law related to that subject, it’s sometimes easy to forget that most sanctions are issued because of failure to preserve potentially responsive data. A sound Information Governance (aka Records Management) policy is the first step to enabling organizations to meet their preservation obligations by getting control of the data up front. Organizations such as EDRM and ARMA have focused on Information Governance and have even collaborated on a January report on Information Governance. Another organization focused on Information Governance is the Compliance, Governance and Oversight Council (CGOC). In the fall of 2010, CGOC issued its Information Governance Benchmark Report, which presented findings from their first survey of legal, records management (RIM) and IT practitioners in Global 1000 companies. Recently, CGOC developed a new guide for helping organizations with succeed in improving information and eDiscovery economics.
For most organizations, information volume doubles every 18-24 months and 90% of the data in the world has been created in the last two years. In a typical company in 2011, storing that data consumed about 10% of the IT budget. At a growth rate of 40% (even as storage unit costs decline), storing this data will consume over 20% of the typical IT budget by 2014. Accumulating, storing and litigating data without value is simply no longer an economically viable proposition. The 36 page Information Lifecycle Governance Leader Reference Guide (written by Deidre Paknad and Rani Hublou) provides a program for operationalizing an effective defensive disposal program for expired data and overcome the barriers to do so. It can be downloaded here from the CGOC site (if you don’t have a user account, you’ll have to create one, but it’s free). The guide shows how to:
- Define the economic and business objectives of an information governance program to quantify savings and ensure appropriate funding for change;
- Establish a program strategy;
- Structure an organization that aligns functional silos to ensure savings and business objectives are achieved;
- Identify and improve the business processes for defensible disposal and risk reduction; and
- Audit these processes to ensure systemic, sustainable change.
Aside from the Introduction and Conclusion, the guide is divided into five parts, as follows:
- Defining Program Strategy: The focus is simple – to dispose of unnecessary data and keep only the data that has business utility or is subject to legal hold or regulatory record keeping requirements.
- Setting Quantifiable Cost and Risk Reduction Goals: Setting goals with primary focus on how to lower storage and infrastructure costs from defensible disposal, lower risk through improved governance instrumentation and lower eDiscovery costs through governance instrumentation and lower enterprise data volume. This section provides a particularly useful eDiscovery Cost Reduction section (page 13) that demonstrates the potential cost savings due to defensible disposal of unnecessary data and a Risk Reduction section (page 14) that provides a risk matrix to assess the risk level of each data process.
- Operationalizing the Strategy: Putting the plan into place involves defining business objectives for the program and means for measuring achievement, defining processes and practices to achieve the objectives, establish accountability for outcomes and defining staff and instrumentation required to work the plan.
- Program Leadership: For any program to be successful, you need buy in at the top. That includes an Executive Committee (including the CIO, CFO, General Counsel), a Senior Advisory Group comprised of line of business leaders (division executives) to provide the staff and support needed to achieve the defined goals, a plan for achievement measurement and accountability and an execution timeline.
- Process Maturity and Management: Each process should be assessed as to its level of maturity (from Level 1-ad hoc to Level 4-automated and cross-functional). The effort required in each department to achieve the objectives should be clearly mapped out and an audit process should be established for confirming that the governance programs meet objectives and raising issues when there are issues.
All in all, the guide provides an excellent approach for organizations to address implementation of an information lifecycle governance program and illustrates the benefits and cost savings for doing so. With organizational data doubling every 18-24 months, information governance costs for many organizations will skyrocket without an effective plan to manage the explosion of data.
So, what do you think? Has your organization implemented an effective information governance program? Does it have any of the components outlined in the CGOC guide? Please share any comments you might have or if you’d like to know more about a particular topic.
Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.