Date post: | 11-May-2015 |
Category: |
Business |
Upload: | david-kearney |
View: | 657 times |
Download: | 1 times |
Information Governance & Management Practices, Managing Data to Lower Risk & Costs, and e-Discovery Implications
ILTA Meeting – April 25, 2013David Kearney – Volunteer City Representative
Overview
Why implement data management practices? “I just keep everything.”
Overview
Unmanaged data raises…Costs – Infrastructure, labor, power,
onsite/offsite storage, backups & disaster recovery, disguises true discovery costs, and review time.
Risks – Credibility, sanctions, internal burden, security, litigation, and compliance & regulation, e.g. Healthcare
OverviewInformation Governance (Managed Data)
Adds value by supporting the business strategyRevenue Efficiency Compliance
Overview
Information management practices should be implemented at all companies that may be subject to…LitigationRegulations and ComplianceClient/Customer Data Policies
OverviewApplied to Electronic Discovery Discovery is the process of exchanging evidence
between parties. During discovery, each side must share with the other side all information that is relevant to the matter, and significant penalties/sanctions may be levied on any party that does not hand over information properly.
Because discovery involves the physical collection, restoration, and review of information, it is a costly process. If the scope of the information an attorney requests is too broad and results in excessive information being produced, the litigation costs will be exponentially increased.
OverviewAddressed at the Far Left of the Electronic Discovery Reference Model
OVERVIEWEDRM - Information Management
Many issues can be better managed if this stage is taken seriously and implemented with consistent & sound practices.
This is THE STARTING POINT for the entire process. Sound and comprehensive information management strategies aid organizations in the identification, preservation, and collection steps of the process and can lower the number of documents that need to be preserved, collected, reviewed and produced. This is where more organizations can GET IT RIGHT. Furthermore, risks and costs are reduced.
Overview“Part of the reason eDiscovery is so
expensive is because companies have so much data that serves no business need. … Companies are going to realize that it’s important to get their information governance under control to get rid of the data that has no business need … in ways that will improve the company's bottom line…” — U.S. Magistrate Judge Andrew J. Peck, CGOC Faculty Member, in a video interview courtesy of JD Supra Law News, February 4, 2013.
OverviewSanctions have been issued for the failure to
preserve documents, negligence during the processes, and delay in delivering requests…
Pension Committee of the University of Montreal Pension Plan v. Banc of America Securities, LLC
Harkabi v. SanDisk Qualcomm v. Broadcom Philip Morris Morgan Stanley
OverviewData Growth
40 Zettabytes is how much digitally stored data humankind will possess by 2020 - IDC
Data production will be 44 times greater in 2020 than it was in 2009.
According to estimates, the volume of business data worldwide, across all companies, doubles every 1.2 years.
According to execs, the influx of data is putting a strain on IT infrastructure. 55 percent of respondents reporting a slowdown of IT systems and 47 percent citing data security problems, according to a global survey from Avanade.
Data generation will become significant
even at the smallest of organizations
Information Management/Information Governance
The set of multi-disciplinary structures, policies, procedures, processes and controls implemented to manage information at an enterprise level, supporting an organization's immediate and future regulatory, legal, risk, environmental and operational requirements. –Wikipedia, 3/12/13
The specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals. -Gartner
A holistic approach to managing and leveraging information for business benefits and encompasses information quality, information protection and information life cycle management. -IBM
Records Management (RIM) Records Management is management responsible
for the efficient and systematic control of the creation, receipt, maintenance, use, and disposition of records, including processes for capturing and maintaining evidence of and information about business activities and transactions in the form of records.
A Record is any recorded information, regardless of medium or characteristics, made or received and retained by an organization in pursuance of legal obligations or in the transaction of business
Data Retention Policies Policies of Data Meeting Legal and Business Requirements Weighs Legal and Privacy Concerns Determination of Time, Rules, Data Formats Determination of Storage, Access, & Encryption A Legal Strategy that Affords Certain Legal
Protections
Resources IGRM (Information Governance Reference Model) - http://
www.edrm.net/projects/igrm
ARMA International - http://www.arma.org/
InfoGov Community - http://www.infogovcommunity.com/
AHIMA (American Health Information Management Association) - http://www.ahima.org/
Information Governance Reference Model (IGRM)Provides
Common, practical, & flexible framework Helps organizations develop and implement
effective and actionable information management programs
Offer guidance to stakeholders within organizations
Facilitates dialogue among stakeholders by providing a common language and reference for discussion and decision-making based on the needs of the organization
ARMA International Maturity Model for Information Governance Defines the characteristics of information
governance programs at differing levels of maturity, completeness, and effectiveness.
The Principle (Generally Accepted Recordkeeping Principles) frames 8 principles of recordkeeping; Accountability
Transparency
Integrity
Protection
Compliance
Availability
Retention
Disposition
ARMA International Maturity Model for Information Governance Characteristics typical for each of the
‘Principles’ (Generally Accepted Recordkeeping Principles) of recordkeeping; LEVEL 1 (Sub-standard)
LEVEL 2 (In Development)
LEVEL 3 (Essential)
LEVEL 4 (Proactive)
LEVEL5 (Transformational)
People, Process, & TechnologyOne of the reasons companies hesitate to
create and enforce retention policies is cost of software, cost of personnel needed to manage it, etc. But, the cost is minimal compared to paying a six-figure settlement.
This is a Business Initiative, NOT an exclusive IT, Records, or Legal problem.
The process needs defined, adopted, and audited
Technology to automate and assist in defined process needs identified, implemented, and audited
StakeholdersCollaboration Must Exist Between
Business Users – Operate the organizationRecords Management - Control of the
creation, receipt, maintenance, use, and disposition of records
IT – Implements mechanics of Info Governance
Legal Risk & Regulatory Departments - Understand the organization’s duty to preserve information beyond its immediate business value
Approach Identify what you have
Assess Risks Business needs Legal holds Regulatory obligations
Develop Plan
Document Plan
Implement Plan
Follow Plan – Consistency is Key
Audit Plan
Questions to Ask About DataDoes the Data Have Business Value
Is the Data a ‘Record’ and is it still under retention
Is the Data Under Legal Hold
Law Firms – Is the Data Firm Data or Client Data, Is it a Record, and Do Your Clients Know About It/That You Have Their Data
Corporations – Do You Know Where Your Data Is?
PracticesDevelop a transparent and collaborative team
Understand the locations (includes BYOD & Cloud) of the data & create data map
Understand the requirements for the data, such as regulations, cross-border issues, data types, business needs, and legal needs
Practices Manage all information, not just “records.” Connect legal, privacy and regulatory retention obligations
directly to relevant information. Retention periods must take into account the business
value of information in addition to legal and compliance value.
Identify where information is located. Ensure that retention and disposal obligations are
communicated and publicized in a language that stakeholders can understand.
Allow for flexibility to adapt to local laws, obligations and limitations.
Include a mechanism that allows legal and IT to collaborate in executing and terminating legal holds.
Identify and eliminate duplicate information.
Tools – EMC Comply with business rules and policies,
industry and governmental regulations, and assure security and privacy for employees, customers, and corporate intelligence. http://
www.emc.com/archiving/intelligent-archiving.htm
Ideal for: Large Enterprises, Financial Services, Healthcare
Built to: Improve storage management, Increase operational efficiencies, Implement compliance and reduce risk
Tools – NuixNuix information governance solutions transform your
organization's unstructured data from a liability to an asset with powerful technology and workflows for searching, investigating and actively managing information. http://www.nuix.com/
Solutions for e-Discovery, Information Governance, Investigation, Defensible Deletion, and Archive Search.
Enables you to respond quickly and effectively to litigation or regulatory action, mitigate risk, reduce costs and extract value from your data.
Tools – IBM The IBM InfoSphere Information Governance
solutions establish sustainable governance of information quality, master the complete lifecycle of information, secure and protect privacy and establish standards across all types of information projects. http://
www-01.ibm.com/software/data/information-governance/overview.html
Tools – Google VaultGoogle Vault, a set of information governance
tools for Google Apps customers.
Google Vault provides a place where businesses can manage, archive and preserve Google apps data, an action that is key to the eDiscovery process.
Of course, Google also brings search to bear on the eDiscovery problem because you can use Google search tools to find documents that meet certain criteria in an eDiscovery request.
OpportunitiesCorporate/C-Level Personnel
Attorneys
Business Units
Records Managers
Technologists
Roles We Can Play…Law Firms
Get the house in order Assist corporate clients to get their house in order
Corporations Proactively get the house in order (ideally before
an event) Advise in-house and/or outside counsel of
processes needed to develop info governance plan
Now is the time to understand and adopt information governance.
Don't be caught trying to extinguish a fire when fire prevention was
really the answer.