Uniting Legal, IT and Records Management

Make It a Team Sport

Placing the entire burden for performing e-discovery on one person may not be the best use of available resources. For example, the IT team certainly understands where the information may be stored and the best way to access it, but they really need the expertise of a legal resource to help narrow the search criteria and keyword list. Consider creating an e-discovery strike force with representatives from IT, legal and upper management to collaborate on the project and maximize the efficiency of your response.

Speak a Common Language

When you involve team members from different disciplines, make sure they understand one another. Both IT and legal are notorious for layering conversations with technical jargon. If IT is talking about MAPI access to PST files on virtual machines and legal is warning about custodian hold notifications and spoliation, there is definitely a failure to communicate. Cross train the team on the meaning of common terms in each area and caution them to explain new lingo to everyone involved instead of just assuming implicit understanding.

Don't Over Collect

When there is confusion about what information to produce, the tendency is to “give them everything.” While this may be fine from a compliance standpoint, it will substantially increase the cost of the review and production process. Over collecting is a huge problem in the e-discovery world and an excellent reason to have a collaborative team working on any response. If the IT team can conduct the search and legal can review those results interactively, they can rapidly spot issues with the results set and adjust keywords or other search criteria accordingly so IT can re-run the search to generate more efficient results.

This type of collaborative team approach is exactly what is needed when it comes to the overall management of your corporate information assets, also known as information governance. But first, let's start by looking at these groups of employees and their roles, responsibilities and the team collaboration challenges they face.

Records management (RIM). Often, these individuals come from a background of managing paper records. They sometimes aren't familiar with the strategy for managing electronic data often because they weren't involved, surprisingly enough, in the process for where it resides, how it got there and how best to access it when necessary.

The IT team. They are more frequently involved, so much so that they run into bandwidth issues. They are focused on storage management, security, policy enforcement (hopefully), reporting and analytics, search and collection and trying to maintain a data inventory.

Legal. Their focus is on lawsuits and litigation, internal investigations, legal holds and e-discovery.

The compliance officer or team. They are involved with regulatory compliance, data leakage, internal policies and risk management.

As you can see, there are a lot of moving parts that overlap and don't naturally integrate. This is why communication and collaboration are so critical when it comes to the operational issues associated with ESI.

Creating a CIGP

We have worked with many outstanding individuals in each of these departments and gained a great deal of feedback over the past 14 years. Every organization is different and most have varying levels of integration within these teams. However, much of the landscape is shifting under their feet as ESI proliferates and as the emphasis on information governance continues to gain traction. You begin to see why there is a disconnect when it comes to the data that is linking these individuals and groups together. It remains a complex issue to resolve. These individuals have all the respective responsibilities I mentioned earlier, as well as his or her other diverse daily initiatives and responsive tasks that always arise. On top of that add preservation obligations, data destruction, departing employees, cyber security threats, updates, new technology, legacy repositories, data mapping, and the list goes on. So how do you deal with these concerns and get these groups working together? With a corporate information governance program (CIGP).

Gartner defines IG as “' the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.” Simply put, IG is a set of interdisciplinary policies and procedures used to regulate the electronic assets of an organization from creation to disposal. Think of it as the administration of the electronic information lifecycle. The first step in creating a CIGP also happens to be the most critical in creating a collaborative environment among the teams we are discussing.

In order to be successful, an IG program should be viewed as an enterprise-wide initiative that is endorsed by senior management and supports the overall business objectives of the organization. Since IG will ultimately touch every area of a business, it's important to have an IG committee responsible for its implementation and ongoing management and auditing.

The Ideal IG Committee

IG committee members should represent a cross-section of the organization in order to bring diverse expertise and knowledge to the project. Typically, the committee will be represented by various departments that have direct knowledge of, and potential responsibility for, handling your organizations internal and external data requirements. This may also include regulatory requirements. Most IG committees have representation from the executive team, compliance, IT, HR, legal, records and security. The IG committee members should know where the organization's data is kept, what information needs stored, how long it should be stored, what information should be deleted, when it should be deleted and how information is accessed and moved within the organization. Treat your committee as a group of trusted advisors; they will have the knowledge to help you identify which areas of the business can benefit most from an information governance project, what the degree of difficulty will be to implement that initiative and how best to socialize the project within each segment of the business.

Conclusion

Creating an IG strategy isn't easy and neither is organizing a team of individuals this diverse across your organization. But if you are able to build a consensus that information governance can successfully reduce risk and increase the value of your electronic assets, you'll be well on your way to integrating your teams and creating a collaborative environment in your organization. An information governance committee, along with the overall strategy for handling electronic information that is inherently part of the IG process, will help records management, legal and IT not only get along but prosper.

Doug Yarabinetz manages the marketing team at Sherpa Software. In this role, he focuses much of his time on evaluating industry and competitive trends. He has authored many articles, white papers and blog posts on information management solutions and IT best practices. For additional information, visit www.sherpasoftware.com.

When organizations discuss electronically stored information (ESI), it almost always revolves around three core groups: legal and/or compliance; records management; and, of course, IT. These individuals are the lucky few whose daily routines center on the management of that information. Despite the fact that they all are responsible for important business functions associated with this data, they are seldom on the same page. How do we communicate and collaborate better to ensure we all get along when it comes to better information management and e-discovery processes?

Part of the reason e-discovery is challenging is due to its ad-hoc nature. Requests routinely arise without prior warning and, in many organizations, personnel dedicated to performing e-discovery are a luxury. Consequently, when a request arises, it can become a major interruption that delays or adversely impacts other planned projects. Whether the need to search for ESI is being created by a pending litigation, Freedom of Information Act request (FOIA) or some other directive, the process is frequently time sensitive and often onerous, which makes the importance of a team even greater.

My colleague at Sherpa Software, Rick Wilson offers the following tips to building a collaborative e-discovery team that come straight from our customer's best practices.

Make It a Team Sport

Placing the entire burden for performing e-discovery on one person may not be the best use of available resources. For example, the IT team certainly understands where the information may be stored and the best way to access it, but they really need the expertise of a legal resource to help narrow the search criteria and keyword list. Consider creating an e-discovery strike force with representatives from IT, legal and upper management to collaborate on the project and maximize the efficiency of your response.

Speak a Common Language

When you involve team members from different disciplines, make sure they understand one another. Both IT and legal are notorious for layering conversations with technical jargon. If IT is talking about MAPI access to PST files on virtual machines and legal is warning about custodian hold notifications and spoliation, there is definitely a failure to communicate. Cross train the team on the meaning of common terms in each area and caution them to explain new lingo to everyone involved instead of just assuming implicit understanding.

Don't Over Collect

When there is confusion about what information to produce, the tendency is to “give them everything.” While this may be fine from a compliance standpoint, it will substantially increase the cost of the review and production process. Over collecting is a huge problem in the e-discovery world and an excellent reason to have a collaborative team working on any response. If the IT team can conduct the search and legal can review those results interactively, they can rapidly spot issues with the results set and adjust keywords or other search criteria accordingly so IT can re-run the search to generate more efficient results.

This type of collaborative team approach is exactly what is needed when it comes to the overall management of your corporate information assets, also known as information governance. But first, let's start by looking at these groups of employees and their roles, responsibilities and the team collaboration challenges they face.

Records management (RIM). Often, these individuals come from a background of managing paper records. They sometimes aren't familiar with the strategy for managing electronic data often because they weren't involved, surprisingly enough, in the process for where it resides, how it got there and how best to access it when necessary.

The IT team. They are more frequently involved, so much so that they run into bandwidth issues. They are focused on storage management, security, policy enforcement (hopefully), reporting and analytics, search and collection and trying to maintain a data inventory.

Legal. Their focus is on lawsuits and litigation, internal investigations, legal holds and e-discovery.

The compliance officer or team. They are involved with regulatory compliance, data leakage, internal policies and risk management.

As you can see, there are a lot of moving parts that overlap and don't naturally integrate. This is why communication and collaboration are so critical when it comes to the operational issues associated with ESI.

Creating a CIGP

We have worked with many outstanding individuals in each of these departments and gained a great deal of feedback over the past 14 years. Every organization is different and most have varying levels of integration within these teams. However, much of the landscape is shifting under their feet as ESI proliferates and as the emphasis on information governance continues to gain traction. You begin to see why there is a disconnect when it comes to the data that is linking these individuals and groups together. It remains a complex issue to resolve. These individuals have all the respective responsibilities I mentioned earlier, as well as his or her other diverse daily initiatives and responsive tasks that always arise. On top of that add preservation obligations, data destruction, departing employees, cyber security threats, updates, new technology, legacy repositories, data mapping, and the list goes on. So how do you deal with these concerns and get these groups working together? With a corporate information governance program (CIGP).

Gartner defines IG as “' the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.” Simply put, IG is a set of interdisciplinary policies and procedures used to regulate the electronic assets of an organization from creation to disposal. Think of it as the administration of the electronic information lifecycle. The first step in creating a CIGP also happens to be the most critical in creating a collaborative environment among the teams we are discussing.

In order to be successful, an IG program should be viewed as an enterprise-wide initiative that is endorsed by senior management and supports the overall business objectives of the organization. Since IG will ultimately touch every area of a business, it's important to have an IG committee responsible for its implementation and ongoing management and auditing.

The Ideal IG Committee

IG committee members should represent a cross-section of the organization in order to bring diverse expertise and knowledge to the project. Typically, the committee will be represented by various departments that have direct knowledge of, and potential responsibility for, handling your organizations internal and external data requirements. This may also include regulatory requirements. Most IG committees have representation from the executive team, compliance, IT, HR, legal, records and security. The IG committee members should know where the organization's data is kept, what information needs stored, how long it should be stored, what information should be deleted, when it should be deleted and how information is accessed and moved within the organization. Treat your committee as a group of trusted advisors; they will have the knowledge to help you identify which areas of the business can benefit most from an information governance project, what the degree of difficulty will be to implement that initiative and how best to socialize the project within each segment of the business.

Conclusion

Creating an IG strategy isn't easy and neither is organizing a team of individuals this diverse across your organization. But if you are able to build a consensus that information governance can successfully reduce risk and increase the value of your electronic assets, you'll be well on your way to integrating your teams and creating a collaborative environment in your organization. An information governance committee, along with the overall strategy for handling electronic information that is inherently part of the IG process, will help records management, legal and IT not only get along but prosper.

Doug Yarabinetz manages the marketing team at Sherpa Software. In this role, he focuses much of his time on evaluating industry and competitive trends. He has authored many articles, white papers and blog posts on information management solutions and IT best practices. For additional information, visit www.sherpasoftware.com.