Information Governance: the way the wind is blowing

eDiscovery for litigation is important, but is only a part of the value which lawyers and eDiscovery providers can bring to corporate clients. The skills and technology developed to meet eDiscovery challenges can be applied to wider issues, some of which directly affect the cost and risk of eDiscovery as well as having value in their own right.

I have published 8,000 words this week, spread across 18 articles. Between them they cover a wide range of topics, countries and companies relating to the electronic discovery / disclosure of electronic documents: rules, technology and privacy have all turned up;  the UK, the US, and Hong Kong all featured, and you were spared a couple of articles about France which have not (yet) made it beyond draft stage. Coming too late for me to cover was an apparent attempt by US Judge Scheindlin to keep alive the fear of sanctions on which so many millions of dollars have been spent since her Zubulake Opinions. Is she a stern upholder of necessary standards or an outdated barrier to sensible and proportionate discovery? I will read the Opinion first, but the headlines by those who have read it suggest a certain lack of sympathy for this judicial rearguard action.

This volume of articles (sorry about that) is partly deck-clearing on my part, making way for what comes out of ILTA in Las Vegas in the coming week. It is partly a reflection of the breadth of interesting topics which connect to eDiscovery. It is partly a consequence of the busy-ness of the industry, when every day brings new developments, new products and new views which are worth passing on.

I have, however, barely mentioned one topic whose importance overrides all the others for the companies whose electronic data we are concerned with. Almost all the things which are seen as problems in litigation or in a regulatory or an investigations context spring from the volume of information which companies keep and for which many of them have no plans. It costs them a fortune, in storage, security and management, in eDiscovery obligations which strike them from time to time and because of the lost value which is tied up in information which no one can ever find.

I came close to it in an post called Proactive use of technology-assisted review beyond litigation which was about about an article by Laura Kibbe of Epiq Systems called There’s more to TAR than litigation. That drew attention to the proactive use of technology-assisted review to identify and classify potential issues as they arise – a really good example of the idea that eDiscovery skills and tools have more positive uses than the reactive role for which they were developed.

Many of the companies who are known (to readers of this blog anyway) primarily as providers of eDiscovery solutions are paying ever closer attention to the vast data stores which lie at the root of the eDiscovery problems. Recommind, for example, is probably best known to many as a provider of predictive coding software for litigation. It was originally (and remains) a provider of information management solutions, including specifically the archiving of email with its Decisiv email archiving tool and the management of knowledge, particularly for law firms. Its focus is increasingly on the application of its skills and technology to markets wider than law firms and eDiscovery.

I say that much not just as an advertisement for Recommind but as a reminder of its qualifications to talk about information governance. It was already clear that Recommind would be moving in that direction when its appointment of Dean Gonsowski at the beginning of 2013 sent a clear signal that Recommind’s focus was shifting (or, rather, extending) towards the roots of the information problem.

Dean Gonsowski wrote an article in May of this year called Information Governance Still Hinges on Basic, Definitional Issues. I draw your attention to it for two things – for the definition of information governance included in it and for the list of challenges which need to be addressed by corporations who face up to them.

Dean’s definition of information governance, which he describes as “a hybrid of many permutations that exist out there” is as follows:

“Information Governance is a cross-departmental framework consisting of the policies, procedures and technologies designed to optimize the value of information while simultaneously managing the risks and controlling the associated costs, which requires the coordination of eDiscovery, records management and privacy/security disciplines.”

The challenges, reduced to short bullet points, are the following:

  • Who “owns” information governance?
  • Where does it reside organizationally?
  • Are there information governance best practices yet?
  • Is there a universal, information governance definition?
  • How do you build the business case for information governance?
  • How do advanced technologies, like predictive coding, enable information governance?

Companies who dismiss these points as a luxury which they cannot afford in hard times, need to ask themselves the question “What is it costing us to keep all this data?” This is a preliminary to a second question, which is “What would it cost us to address this?”

There is more to value than these brute components of savings and expense, but these are the ones which get board level attention even in companies which are unwilling or unable to address deeper questions of value. One of the more surprising conclusions which one reaches is that relatively few companies have actually tried to answer these questions in relation to eDiscovery, apparently content (or at least willing) to keep paying their eDiscovery bills and buying more server space as the need arises.

The question of return on investment is recognised by Recommind’s Bill Tolson in an article called The ROI of Conceptual Search. Although it focuses narrowly on the ROI from one particular Recommind product, Decisiv Search, and one specific technology, the principles covered in the article apply in a wider context. The questions “What are we paying now?”, “To what could we reduce that expenditure?” And “How much will it cost us to achieve that” seem to me to be basic questions which ought to be addressed by any company in the same way as they consider any other expense and investment decision.

The answers which emerge from such questions are critical components in broader questions about risk management. Risk and cost go hand-in-hand, and you cannot sensibly consider mitigation of risk without knowing what the remediation costs will be. The assessment of resulting benefit is a yet further stage which cannot sensibly be addressed without knowing the costs.

Consider the questions:

What is the chance of one of our aeroplanes crashing?

How likely is it that our new medicine will poison people?

Compare these with:

How likely is it that I will be sanctioned for destroying or failing to find this document?

or

How much value lies in being able to find this document quickly when the subject-matter recurs?

and then ask:

How much does it matter if this event happens?

..then you are beginning to see the way to the question:

What is it worth spending to be relieved of that risk?

The point is not so much whether you and I, in the abstract, can give a weighting to any of the factors involved in these questions but whether companies are addressing them at all. It is a pretty good bet that a company at risk of having its aircraft crash or its medicines poison people is very focussed on risk and willing to spend almost anything to mitigate the risk.

The questions about deleting documents are more nuanced. What sort of documents are these? Legal questions arise (“Is there a regulatory, statutory or other implication?” and “Are they already subject to a legal hold?”). There are technical questions (“Can we still access and read these documents?”), and practical ones (“Does anyone ever bother?”), and questions of cost (“What does it actually cost to keep them?).

What has all this to do with external lawyers? What role is there for them in the kind of proactive input which is required when legal considerations are involved in such decision-making, as they clearly are when regulatory and eDiscovery implications may arise.

It is not much talked about, really. You can find plenty of lawyers and others talking about risk and its mitigation (and perhaps rather fewer talking about benefits) but you do not often see or hear about case studies, actual examples of projects being undertaken by more firms to help their clients.

I suspect that this is because very few firms are offering such a service, with the rest either uninterested or unaware of the problems and solutions or (less creditably) seeing the steady accumulation of yet more data in their clients’ hands as an insurance policy which will keep them in work for long enough to see out their careers.

There are a few exceptions to this. One of them is Drinker Biddle & Reath, which has set up a subsidiary company devoted to the information governance and eDiscovery requirements of its clients, recently recruiting Bennett Borden and Jay Brudz for this purpose. They come from eDiscovery backgrounds, but their primary focus is on proactive advice designed to help clients reduce both cost and risk by the implementation of information governance programmes.

Another lawyer focusing on this is Anthony Diana at Mayer Brown. An article by him of 1 August is headed Think Storage is Cheap? Think Again, which has the subheading Is there such a thing as defensible deletion of electronic data? Like Dean Gonsowski in the article referred to above, Anthony Diana sets out some of the questions which an organisation needs to ask itself, as well as offering some suggestions. Other law firms are quietly doing work like this for clients with no particular interest in shouting about it.

The skills and knowledge which must be applied to make such programs work are much the same as those needed for managing eDiscovery / eDisclosure. Furthermore, it is the lawyers who have hands-on experience of eDiscovery, and the costs and the risks which go with it, and who are best placed to form a view as to defensible deletion strategies amongst the other components of information governance.

The commercial world has more lawyers than it needs at the moment. Relatively little of what is traditionally thought of as litigation actually requires much black letter law. What is needed is the ability to bring the legal element into the assessment of risk which businesses must make all the time, recession or no recession. There is work for law firms and eDiscovery providers who are willing to lift their eyes beyond the mere solving of eDiscovery problems as they arise.

Home

About these ads

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 165 other followers

%d bloggers like this: