Explore

Using, Modifying, Storing, Retrieving Information – The Importance of Information Governance as Preparation for Successful E-Discovery Series, Part 3

Category: ,

The Importance of Information Governance as Preparation for Successful E-Discovery

The first article of this series offered a basic introduction to information governance and how it differs from information management. In our last installment, we explored how information governance should influence the creation and/or ingestion of information and how doing so will lead to a more successful e-discovery process.

Now comes the hard step that seems to give many organizations fits: using, modifying, storing and retrieving information. This phase is equally as influential as creation and ingestion. Even if creating and ingesting are in perfect concert with information governance, chaos will result if the next step doesn’t sustain that level of governance.

Organizations often don’t understand just how important it is to have a sound strategy for use and storage of information until they are compelled by the court to locate and produce it under the rules of electronic discovery. The difficulty surrounding responding to investigations or litigation matters can be greatly reduced when proper attention is given to how information is being used, modified, stored and retrieved. Essentially, this is the heart and soul of information governance.

Recall from the preceding article that we noted these key differences between merely managing information and truly governing it:

  • Governance increases focus and the requirement for policy compliance and sets in place the mechanisms to control and monitor adherence.
  • Governance will hand down negative consequences for noncompliance, much in the same way that the courts hand down sanctions for noncompliance.

A solid understanding of information governance will open windows of opportunity when use, modification, storage and retrieval are considered. This is the why, how, where (from/to) and what will be next of information use, which can raise such intricate questions that many organizations don’t even bother to examine them. But they should.

The Governance of Use

Unfortunately, many organizations find it too cumbersome to set basic use restrictions. And it is often senior management who fail to empower, support and even abide by such restrictions. Nevertheless, this is where it must begin. Two basic considerations are:

  • Not everyone should be able to use whatever information exists, and that begins with the right to access. Technology provides us with the ability to strictly govern, or restrict, who has access to what.
  • The place or location of use should also be thought through. Organizations often allow information to be taken and used wherever an individual believes it is needed. This opens an organization to security risks. Restrictions should be put in place similar to those found in commercial stores, where an alarm will sound if an attempt is made to move merchandise outside its allowed space without being paid for.

The Governance of Modification

All modification of data should be closely monitored. Not all modifications should be allowed by any user; rather, only authorized users following strict compliance rules should be given the ability to modify information. What constitutes “modification”? In addition to editing, it is important to note these other forms of data modification:

  • Deletion is a modification.
  • Saving to an unapproved location is a modification.
  • Placing information on an unapproved, noncompliant device or storage utility is modification.

The Governance of Storage

The ability to determine where information is stored should be removed from the individual user’s hands. It is important that data storage decisions strictly follow the organization’s governance policies.

  • If you have a certain role, a certain position or work in a certain department having certain functions, then your information is in this one place, or these predetermined places.
  • If you want to conduct research online, then you are allowed to exit the organization’s intranet via a specific channel but never allowed to remove organizational information via that channel.
  • After using and/or modifying information, the user has no decision-making ability for where (or how) the information is stored.

The Governance of Retrieval

If governance of use, modification and storage have been properly established and deployed, as well as being properly governed, retrieval becomes incredibly successful, and frankly, quite easy. On the other hand, if the opposite is true, this can be an organization’s worst nightmare – and if the organization ends up in court, it can become very, very expensive.

Compliance for its own sake is not enough, organizations must be able to leverage that compliance and demonstrate how compliance is benefiting the organization. Electronic discovery is certainly one area where the benefits become immediately apparent and demonstrable.

Our last installment, Archiving, Release, and Destruction of Information, will address the archiving, destruction or release of information. It turns out that if we are diligent with the first 90 percent of governance, the final 10 percent can become straightforward and routine.

Because you need to know

Contact Us