Information Governance Notes

From Information Governance 2020

Proposition
Positive
By 2020 information governance will play a central role in helping
organizations maximize the value of their information and reduce its
associated costs and risks. This will manifest itself in multiple ways, such
as dramatically reduced e-discovery costs and fewer
e-discovery battles over information, a dramatic reduction in the volume
of outdated and useless information stored by organizations, and far fewer
data breaches. Most information will be managed in an automated way
(through machine-based learning and other techniques). A significant
number of large organizations will be using Big Data techniques and
technologies to monetize or drive significant internal value from their
information. Overall, information governance will have a huge positive
effect on the way information
is managed, with benefits for organizations, society, the justice system,
and the economy.
Negative
By 2020 information governance will help drive relatively minor
improvements in the way organizations manage information, but on the
whole, the problem will be the same or worse than it is today. This will
manifest itself in multiple ways, such as growing e-discovery costs and
ongoing e-discovery battles over information, continued growth in
outdated and useless information stored by organizations, and a struggle
to contain data breaches. Most
information will still be managed in a manual way. Few large organizations
will be using Big Data techniques and technologies to monetize or drive
significant internal value from their
information. Overall, information governance will not have contributed in a
significant way to the way information is managed, with few identifiable
benefits for organizations, society, the justice system, and the economy.
We just need to understand what information we have and its value. I
believe that once the IG concept is mature and understood, people will
start to think before they type. How will taking control of information or
failing to do so by 2020 affect companies, the justice system, the
economy, and society? Taking control of information will keep
organizations from ruining their reputation. Those who dont control their
information will end up like Target, eBay, and others. And that cant be
good for the economy.

Most of the information governance tools on the market today are tools to
enable us to cope with a lack of information governance. They dont
actually establish good governance themselves. Organizations are
deploying content analytic tools to make ad-hoc disposition decisions on
groupings of content that they have not been able to apply retention rules
to. Most organizations have huge gaps in their documentary records kept
in whichever generic document repository they use (SharePoint, an
EDRM/ECM system, or simple shared drives). Many decisions are made
exclusively in e-mail without leaving a trace in those repositories.
Individuals cope with gaps in the documentary record by relying on their
own e-mail accounts. General Counsel copes with gaps in the
documentary record by searching e-mail archives.
The foundations for e-discovery were established a decade ago. The FRCP
were amended in 2006 to consider electronic documents. Eight years
later, those amendments are again being debated. The general consensus
is that many attorneys are still not familiar with e-discovery rules. In my
discussions with vendors, I note their frustration with not being able to
monetize information governance services. Several vendors have
retrenched their information governance efforts and refocused on ediscovery apparently e-discovery services are easier to sell. As I see the
issue, organizations view information governance as a support function
and cost center, and not a revenue-generating effort.
By 2020, IG will drive success in business and risk management by
leveraging powerful, innovative data analytics and ephemeral messaging
technologies. However a dramatic reduction in the volume of outdated
and useless information stored by organizations is not likely, in my
opinion. Breakthroughs in solid state storage technology like Spintronics
(an order-of-magnitude faster and more efficient than current storage
systems) save time and reduce the need to cut down stored data. In
parallel, the rapidly emerging demands of data privacy will fuel ephemeral
messaging development. This will serve to reduce risk and protect
privacy, as well as shrink the clutter of data that have extremely short
shelf lives.
Information Overload: Courts Prepare for e-Discovery Changes
Ed Silverstein Legaltech News 17 April 2015 http://www.legaltechnews.com/id=1202723823025/Information-Overload-CourtsPrepare-for-eDiscovery-Changes?slreturn=20150322161001
At the same time, data itself continues to become more complex, explains
David Houlihan, an analyst at Blue Hill Research. At first, that data was
largely in the form of email, but grew to include text messages, videos
and social media. There are also changes as storage went from onpremise and being hosted by law firms to a greater acceptance of cloud
storage and the increased use of software as a service.
Over the next few years, the volume of data will continue to skyrocket,
especially with increased use of the Internet of Things and more machine-

to-machine communication, as well as from various forms of wearable

technology.
The challenges are compounded by the tools and services available. One
study from HBR Consulting questions whether a single technology tool
exists to support the complete e-discovery workflow. But many vendors
say they provide such an offering.
.....some attorneys still show "fear and anxiety" about e-discovery, and it
can create "unnecessary pain in litigation," Houlihan adds. For example,
boutique law firms that do not have resources or knowledge on ediscovery may not be able to take on more complex matters. Or, in some
cases, one party in a matter has little knowledge of e-discovery while the
other has extensive knowledge and resources.
And attorneys without adequate technical background or those who do
not consult with specialists sometimes can make costly mistakes. They
may agree, for instance, to search terms that can end up costing a huge
amount of money.
Oot, who previously served as director of e-discovery at Verizon and as
senior counsel for e-discovery at the U.S. Securities and Exchange
Commission, says he advises clients to have someone with technical
know-how at the negotiating table when meeting with the other side's
legal team and at the scheduling conference when meeting with the judge
in the case.
In fact, the field has gotten so complex that multidisciplinary teams are
needed at many organizations in order to undertake appropriate ediscovery and minimize risks.
How to prepare information governance for the Internet of Things
Information Age Ben Rossi 16 April 2015 http://www.informationage.com/technology/information-management/123459329/how-prepareinformation-governance-internet-things#sthash.FDy3KTEM.dpuf
Connected device-to-device communication is already used in businesses across manufacturing,
automotive, agriculture, energy and healthcare, as well as being driven into consumer sectors
with the likes of connected devices in the home and fitness-related applications.
Estimates of the global number of connected devices by 2020 vary widely, ranging from 20
billion to 50 billion and more. In 2015, the number of connected devices and systems in use is
expected to reach 4.9 billion.
This just goes to demonstrate how important it is for businesses to work on their information
governance strategies now to accommodate these emerging information types, before the data
volumes generated by connected devices to overwhelm.
Another major challenge will be the regulatory and compliance implications of data that will
be moving between devices, placing new demands on data protection, security and recovery
policies.

Legal frameworks generally lag behind technological capability, and the complexities of the data
landscape generated by connected devices and systems will pose interesting legal and
regulatory challenges.
For example, a connected device in a domestic fridge could be designed to monitor energy use
or shopping needs, but could simultaneously be generating personal information about such
things as an individuals health, lifestyle and changing family structure. This kind of information
would need to be regulated and protected.
The third challenge will be the storage and retention of the information. It will be impossible (and
not the right thing) to store and keep absolutely everything.
Information governance frameworks are already struggling under the weight of emerging digital
channels, and could buckle under IoT unless organisations get better at classifying their data and
knowing what to retain and store and what to delete.
This is not always going to be easy. The challenge of determining what information constitutes a
record or has potential business value, and applying an appropriate retention rule is no mean feat
and may well seem overwhelming for the many businesses already overloaded with growing
volumes of information in multiple formats. Yet failure to take on the challenge will to expose
many to unacceptable levels of risk.
Information professionals often err on the side of caution when it comes to the data they retain.
Businesses are reluctant to destroy data that could at some future point deliver value, and they
dont want to have deleted data which may suddenly required for e-discovery purposes. This
results in hesitancy with a keep-it-all-in-case culture.
Judgement calls about record disposition will have to be made but these difficult decisions
will be helped considerably by having strong information governance in place; pre-defining and
automating categorisation to limit storage and vulnerability, and defining and enforcing clear
responsibilities amongst your team.
Information Governance Problems
Many organisations dont know who owns or who should own the content created through these
communications channels. A recent survey of information professionals, by Iron Mountain and
AIIM, revealed that a third of businesses have yet to allocate content responsibility for instant
messaging (39%), mobile (32%), social media (28%) and cloud-sharing (33%).But close to one in
ten respondents said their organisations fail to regulate even well-established information types
such as email, customer data and public online content.

Why the Internet of Things is more than just a smart fridge

Information Age Ben Rossi 22 September 2014 http://www.informationage.com/technology/mobile-and-networking/123458485/why-internetthings-more-just-smart-fridge#sthash.t8Lu845s.dpuf

The following deals with some of the technical issues surrounding data
collection and storage.
As IoT grows, the need for real-time scalability to handle dynamic traffic
bursts also increases. There also may be the need to handle very low
bandwidth small data streams, such as a sensor identifier or a status bit
on a door sensor or large high-bandwidth streams such as high-def video
from a security camera. Consider the following examples and the
applicability of network-connected device to IoT
Homes and offices
Utility meters send complex data packets to service providers where
centralised systems provide real-time monitoring to proactively detect and
remediate problems such as blackouts, water leaks and circuit overloads.
Data is analysed to improve efficiency by determining needs, spotting
trends, and predicting demand. By virtue of its smart IoT fixtures, the city
of Oslo reduced energy costs by 62%.
Wearables
From heartbeat-sensing fitness bands to step-counting smartphone apps,
wearables are the public face of IoT. A portable device is connected to a
service that aggregates data and, increasingly, shares it across social
media, with a doctor or even a gym. The cloud-based services also push
back analytics, motivational graphics and music, and location-based
maps.
Hospitals
Hospitals utilise several smart devices, both standalone and those wired
to nurses station monitors. Soon, these will be interconnected through a
highly available and secure network with server-based applications that
can track patient conditions by correlating all data not just nurses
readings allowing better monitoring, data logging and big data analytics.
An IoT-connected network helped St. Lukes Medical Center reduce
patient-bed turnaround time by 51 minutes.
Factories and warehouses
The flow of materials must be monitored and optimized for efficiency.
Location sensors are embedded in components moving through assembly
lines and inventory systems. The location of forklifts, pallets and workers
are tracked as well, while centralised software directs the activity in real
time to effectively respond to customer requests.
By implementing predictive maintenance and quality control IoT, BMW
reduced auto-warranty costs by 5% and reduced the scrap rate of
defective vehicles by 80%.
Dynamic application delivery
Along with these various applications mentioned above, and there are
plenty more. When an IoT node performs a service request, such as

sending a medical data packet, the ADC (application delivery controller)

determines which server, virtual or physical, can handle the request.
The packet is then sent to the appropriate server for processing, while
measuring the performance of the application and availability of the
server. Application delivery technology can also remember which
application server is handling a specific IoT nodes service requests.
When subsequent packets arrive from the same IoT node as part of the
same request, the session will continue with the same server, ensuring
continuity of the traffic stream and reducing the need for renegotiation.
An application delivery controller also monitors the health of application
servers. Common statistics are processor and memory utilisation, server
response time, and how different protocols are handled.
When the servers slow down or become unresponsive, advanced load
balancers dynamically route traffic to other servers to reduce client
interruption.
Evolution of the load balancer
Modern load balancers focused on application delivery are more
sophisticated and operate from Layer 4 to the Application Layer 7, making
them more in tune with application server software, how the client
responses should be handled, and the specific services being requested
by IoT end nodes. ADCs provide packet encryption/decryption, reducing
server workload and making it possible to apply advanced policies and
processing on secured traffic streams while maintaining end-to-end
security. Global Server Load Balancing (GSLB) allows the intelligent
distribution of end-node traffic across private and public clouds based on
proximity, performance or manually defined business rules for optimal
data handling and communication. To facilitate the dynamic cloud
infrastructure, modern ADCs have also been adapted to integrate into
virtual environments.
The Internet of Things is now
The Internet of Things includes the connected refrigerator plus thousands
of medical devices in hospitals; smart utility meters; GPS-based location
systems; fitness trackers; toll readers; motion detector security cameras;
smoke detectors; and embedded systems. Each of those IoT end nodes
requires connectivity, processing and storage, some local, some in the
cloud. This means scalability, reliability, security, compliance and
application elasticity to adapt to dynamic requirements and ever-changing
workloads.
Now is the time for network administrators to fully scope out all of their
Internets and how everything interconnects, from how ERP software
systems maintain monitoring rules and governance to how APIs talk to

M2M application platforms, to how asset and device management

mechanisms orchestrate version control and location.
Is Your Glass Half Full of Information Governance? Rene Laurens The
Relativity Blog 9 April 2015 https://www.kcura.com/relativity/blog/glasshalf-full-information-governance/
We are certainly seeing large organizations managing their data more
securely for compliance, regulation, human resources policies, and
business reasons.. Unfortunately, information governance is not only a
big-company problem, its an any-company problem. With the blend of
small, large, new, and old businesses in todays market, its tough to
generalize with either statement. Its truly a blendin some industries,
Reduced e-discovery costs and reduced data volumes are already in play.
In others, though, those same problems are still growing.
By 2020, more companies will at least use built-in, automated deletion
and archiving rules. Many may see this need to evolve their IG practices
after they faceor hear war stories abouthigh discovery costs in
litigation.
Wed like to see information governance better integrated into business
models and are optimistic things will move in that direction, though its
hard to say all organizations will be there by 2020. Along the way,
companies will be asking more from technology to assist with managing
dataand thats where we hope we can assist. There will always be a
human component, but the more software like ours can help, the more
businesses will see the benefits because it will be easier for small groups
to manage large amounts of data.
Proportionality, Paranoia, and the UKs Biggest e-Disclosure
Challenges The Relativity Blog Paul Gordon 21 April 2015
https://www.kcura.com/relativity/blog/proportionality-paranoia-and-theuks-biggest-e-disclosure-challenges/
Interview with Chris Dale who makes some salient points about the need
for lawyer and judicial education.
Paul: What are some differences between e-disclosure in the UK and other
parts of the world?
Chris: In comparison with the U.S., we have much fewer documents in our
cases. For reasons I dont wholly understand, we seem to produce fewer
documents per capita than Americans. In a case where we have the same
number of custodians over the same period of time, well produce fewer
documents. Dont ask me why.
More importantly, however, English lawyers are required to argue for the
narrowest scope possible. Whats the smallest number of documents
needed for justice to be done? How narrow can you make it and still have

a proper case? Answering those questions is part of their duty to the court
and to their client.
The State of Information Governance Forbes, Barry Murphy, 19 April
2012 http://www.forbes.com/sites/barrymurphy/2012/04/19/the-state-ofinformation-governance/?utm_source=twitterfeed
IG is defined as a comprehensive program of controls, processes, and
technologies designed to help organizations maximize the value of
information assets while minimizing associated risks and costs.
Everyone recognizes the need for IG, but no one wants to be ultimately
responsible for it. Businesspeople care only about the ability to easily
create and access information to do their jobs. ITs job is to support the
business. Defensible disposition projects and Legal Hold programs for
cost avoidance dont exactly have the sex appeal of implementing social
media marketing projects that can drive revenue. That is hardly
surprising, given the very real challenges of truly managing corporate
information assets. Still, though, IG is important and is gaining some traction in many
organizations. For companies that ignore IG, managing the risk that
information poses is harder and harder because the volume of information
stored keeps going up. For every effort a company takes to safeguard
information, employees create a workaround if that effort impinges on the
velocity of information. In turn, those workarounds can lead to a vicious
circle of eDiscovery nightmares.
Good IG programs build a corporate culture where responsibility for
information is a core tenet. Employees understand policies and are
incented to abide by them. That culture can only develop under a highlevel executive who truly believes in IG. Which C-level executive owns IG
is less important than the leadership and consensus-building qualities she
or he possesses.
There is no real standardization amongst which C-level executive owns IG,
nor does there need to be. For some companies, it will be best for a CIO
to own IG, for some it is best for a Legal Officer or General Counsel to
own, and for others IG is bested owned by a committee of senior
executives. One thing is for sure: IG cannot, and will not succeed, unless
there is a C-level executive that clearly owns real responsibility and
accountability for IG. Organizations seeking to exert greater control over
their information assets must close this gap. In addition, IG executive
leaders must be savvy in the ways of securing proper budgets for
projects. Anecdotal evidence from companies with good IG programs
shows buy in from senior IT and Legal executives. These executives
actually work together early and often to define what is reasonable for
the organization, any process requirements (e.g. legal hold, early case
assessment), and then allow IT to purchase the right infrastructure or
Legal to procure the right services. While it sounds trite, the key to IG
success is cross-functional communication and cooperation.

One organization had struggled with employee underground archiving

because the company was deleting emails in employees inboxes every 30
days. Employees figured out ways to keep emails longer (by
automatically forwarded the emails to themselves before the 30 day
policy kicked in or saving them to local machines). IT faced rising storage
costs and Legal realized that it was over-preserving email for litigation and
processing a ton of duplicate data. By putting an email archive in place,
the company was able to address all issues. The archive supported more
flexible retention periods, so employees did not need to be concerned
about losing email so quickly. IT was able to ease the burden on its
production mail system and need less primary storage. And, the
deployment included an eDiscovery interface that Legal could operate to
conduct litigation holds and review data. The company noted a positive
ROI very early on just from reduced eDiscovery costs. But, beyond that,
the company noted that employees were happier and more productive
without the stress of trying to horde email
It is also important to buy into the notion that IG takes a team it requires
skills in Legal, technology, process management, and an understanding of
what makes the business tick. The only way to corral all the expertise
need for successful IG is with a team tasked specifically to do just that.
Whether the IG team is the evolution of an existing records management
team or a newly created group, the important thing is that the team is
able to drive cross-functional projects. Specifically, the IG team must
understand the business and how it creates and consumes information,
know the regulatory and legal rules that the organization operates under,
be versed in technology for all aspects of information management and
able to convey requirements to IT, and possess library sciences skills for
organizing information. Ultimately, this central team will play an
important role in spreading the culture of IG throughout the organization.
Companies that address IG in the right ways actually do much more than
avoid eDiscovery costs or reduce storage costs; thats right IG is not
simply about cost reduction and risk mitigation. Better yet, companies
with good IG practices actual enable those sexier business activities that
generate revenue by ensuring information is available quickly when and
where it is needed. Perhaps 2012 will be the year that companies are able
to put together the policies, processes, and tools that allow information to
flow freely, but with all the controls in place that help to avoid nightmares
like those we have in eDiscovery today.
Information Governance: the way the wind is blowing The EDisclosure Information Project Chris Dale 18 August 2013
https://chrisdale.wordpress.com/2013/08/18/information-governance-theway-the-wind-is-blowing/
Dean Gonsowski wrote an article in May of this year called Information
Governance Still Hinges on Basic, Definitional Issues. I draw your attention to it

for two things for the definition of information governance included in it

and for the list of challenges which need to be addressed by corporations
who face up to them.
Deans definition of information governance, which he describes as a
hybrid of many permutations that exist out there is as follows:
Information Governance is a cross-departmental framework consisting of
the policies, procedures and technologies designed to optimize the value
of information while simultaneously managing the risks and controlling
the associated costs, which requires the coordination of eDiscovery,
records management and privacy/security disciplines.
The challenges, reduced to short bullet points, are the following:
Who owns information governance?
Where does it reside organizationally?
Are there information governance best practices yet?
Is there a universal, information governance definition?
How do you build the business case for information governance?
How do advanced technologies, like predictive coding, enable
information governance?
Companies who dismiss these points as a luxury which they cannot afford
in hard times, need to ask themselves the question What is it costing us
to keep all this data? This is a preliminary to a second question, which is
What would it cost us to address this?
There is more to value than these brute components of savings and
expense, but these are the ones which get board level attention even in
companies which are unwilling or unable to address deeper questions of
value. One of the more surprising conclusions which one reaches is that
relatively few companies have actually tried to answer these questions in
relation to eDiscovery, apparently content (or at least willing) to keep
paying their eDiscovery bills and buying more server space as the need
arises.
The question of return on investment is recognised by Recomminds Bill
Tolson in an article called The ROI of Conceptual Search. Although it focuses
narrowly on the ROI from one particular Recommind product, Decisiv
Search, and one specific technology, the principles covered in the article
apply in a wider context. The questions What are we paying now?, To
what could we reduce that expenditure? And How much will it cost us to
achieve that seem to me to be basic questions which ought to be
addressed by any company in the same way as they consider any other
expense and investment decision.
The answers which emerge from such questions are critical components in
broader questions about risk management. Risk and cost go hand-in-hand,
and you cannot sensibly consider mitigation of risk without knowing what

the remediation costs will be. The assessment of resulting benefit is a yet
further stage which cannot sensibly be addressed without knowing the
costs.
Consider the questions:
What is the chance of one of our aeroplanes crashing?
How likely is it that our new medicine will poison people?
Compare these with:
How likely is it that I will be sanctioned for destroying or failing
to find this document?
or
How much value lies in being able to find this document quickly
when the subject-matter recurs?
and then ask:
How much does it matter if this event happens?
..then you are beginning to see the way to the question:
What is it worth spending to be relieved of that risk?
The point is not so much whether you and I, in the abstract, can give a
weighting to any of the factors involved in these questions but whether
companies are addressing them at all. It is a pretty good bet that a
company at risk of having its aircraft crash or its medicines poison people
is very focussed on risk and willing to spend almost anything to mitigate
the risk.
The questions about deleting documents are more nuanced. What sort of
documents are these? Legal questions arise (Is there a regulatory,
statutory or other implication? and Are they already subject to a legal
hold?). There are technical questions (Can we still access and read these
documents?), and practical ones (Does anyone ever bother?), and
questions of cost (What does it actually cost to keep them?).
What has all this to do with external lawyers? What role is there for them
in the kind of proactive input which is required when legal considerations
are involved in such decision-making, as they clearly are when regulatory
and eDiscovery implications may arise.
It is not much talked about, really. You can find plenty of lawyers and
others talking about risk and its mitigation (and perhaps rather fewer
talking about benefits) but you do not often see or hear about case
studies, actual examples of projects being undertaken by more firms to
help their clients.
I suspect that this is because very few firms are offering such a service,
with the rest either uninterested or unaware of the problems and solutions
or (less creditably) seeing the steady accumulation of yet more data in
their clients hands as an insurance policy which will keep them in work for
long enough to see out their careers.

Information Governance Still Hinges on Basic, Definitional Issues

Mind over Matters Dean Gonsowski 7 May 2013
http://www.recommind.com/defensible-deletion/information-governancestill-hinges-on-basic-definitional-issues
As a relatively new discipline, information governance amplifies the need
for a common language and extends the necessary constituents, going
beyond the initial Legal-IT grouping to add in Risk, Compliance, Infosec,
Records Management, as well as stakeholders from relevant business
units. While these groups might have had periodic participation in an
episodic eDiscovery event, the information governance movement
requires a dedicated seat at the table.
Earlier this year, Judge Peck announced at LegalTech that If 2012 was the
year of predictive coding or technology-assisted review, 2013 or 14
seems to be information governance. The next step is for groups like
Sedona to continue advancing the discussion by defining whats within the
information governance purview, whos involved and what guiding
principles are at play. Until theres better clarity about these basic building
blocks it will be hard for this initiative to get beyond the early adopter
stage and go truly mainstream. If/when that happens, information
governance promises to truly ring in a new era in the defensible
management of data within organizations.
Legal Tech 2015 A New Zealand Perspective Andrew King 17 February
2015. http://www.e-discovery.co.nz/blog/legaltech-2015-a-new-zealandperspective.html
Information Governance and Big Data
As we have seen in past events, Information Governance and Big Data
featured heavily throughout LegalTech. Every organisation today now
faces greater challenges in managing the volumes of electronic
information, but also the challenge to have the ability to analyse and
actually do something with that information and be able to do so quickly,
without having to reinvent the wheel.
Information Governance was linked closely to security issues and
managing Big Data. The message was that it is becoming more important
to have a comprehensive Information Governance programme to address
security, eDiscovery and ultimately assisting organisations to make more
informed business decisions.
Just Do It: Making Information Governance Work Health Data
Management David Wesch 3 March 2015
http://www.healthdatamanagement.com/news/Just-Do-It-MakingInformation-Governance-Work-49922-1.html

If we reduce the amount of information we store or slow its growth, we

reduce both risk and costs. For many organizations, however, taking the
first step toward developing an information lifecycle governance (ILG)
program that addresses data growth is the most difficult one. Most people
think that ILG programs are tedious and fraught with complexity. They
worry about a significant commitment of effort and budget. But
companies that rely on ILG resources and best practices developed by the
Compliance, Governance and Oversight Counsel (CGOC) often find that
getting started on the journey can actually be much simpler than most
people think. CGOC is a forum of legal, IT, records and information
management professionals.
Consider a $5 billion healthcare company that in early 2014 had more
than 3,500 employees, with an IT infrastructure that included 3,500
desktops and laptops, 5,000 email mailboxes, 300 file servers, 50 TB of
SAN storage, and 80 applications that retained data. The offsite
information inventory included 14,000 storage boxes (dating back to
1986) and 6,000 backup tapes.
Like many organizations, to ensure it met its records retention
requirements, the company never threw anything away. It also cited other
data hoarder excuses, including disk space is cheap, Google can find
anything, so its not a problem, and IT can just push a few buttons and
find the emails you need, among others.
But this strategy simply wasnt sustainable. Even though the unit cost of
storage keeps going down, building and maintaining an ever-growing
storage platform is very expensive, especially when floor space and
personnel are factored in. In addition, email growth is out of control, and
email file stores, such as PST files, are hard to manage, let alone discover
properly. There are also new privacy rules that require the elimination of
data.
Even legal departments, which often insist on the save-everything policy,
are overwhelmed by the ballooning cost of producing ever-increasing
amounts of information in response to an eDiscovery request.
Besides, according to a survey conducted by the CGOC, of the information
a typical enterprise has stored, only approximately 1 percent is under a
legal hold, only 5 percent is considered a record that must be retained,
and only 25 percent has actual business value. This means that as much
as 69 percent of all that accumulated information has no business, legal or
regulatory value at all!
In deciding to act to improve information governance practices, providers
should focus on three goals:
* Ensuring compliance with all applicable laws and regulations, including
satisfying HIPAA, SOX and other regulations, fulfilling Department of

Justice requests, abiding by subpoenas and legal holds, and following the
Federal Rules of Civil Procedure (FRCP).
* Being good stewards of data by properly preserving what needed to be
preserved while properly disposing of data that had lost its value.
* Making it easier for business users to find the high-value information
they need by disposing of information they dont need.
The ILG strategy used for achieving these goals is called defensible
disposal, and it requires bringing expertise from the legal, compliance
and IT departments together with key information stakeholders from the
business side to
lay out more comprehensive records retention and destruction
policies,
develop the procedures to implement and enforce those policies,
and,
where necessary, deploy the technology to support and automate
implementation and enforcement.
In addition to business data, the targets of the defensible disposal
program included offsite storage, email stores, backup tapes, and call
recordings.
Proactive Approaches to E-Discovery Equip Systems Martin Bonney
& Martin Nikel 3 October 2014 http://www.epiqsystems.com/askQ.aspx?
id=2147484901
Where to begin?
The journey, as the new EDRM suggests, ought to start with information
governance: understanding the data universe, the records retention
policies and the legal and regulatory needs of the business. This has
obvious benefits in terms of reducing the cost of storage (many estimates
suggest by more than 40 per cent) and the concomitant cost of processing
and reviewing documents. Less quantifiable, but possibly more significant
is that by not doing this, your organisation could retain data that might
come back to bite you in the future, but could justifiably have been
deleted if retention policies had been practically applied.
The reality, however, is often that litigation or regulatory investigation hits
before this governance work has begun. The smart professional will think
positively, and be proactive no matter where they are in the process. With
the right, proactive approach, much can be achieved. An eDiscovery
requirement from a regulator or the courts can actually be a valuable spur
to get your information governance house in order. The essence of such
an approach is planning and communication. Get the key players
(typically at least IT, legal/compliance and your eDiscovery provider)
talking to each other, and invest the time to build a data map essentially
a description of the organisations data types, technical infrastructure and
storage solutions. This is an essential first step to preserving and

collecting data, and can bring an early understanding as to the scale and
nature of the challenge.
Identify what you dont need
Another benefit of building a data map is that it enables organisations to
quickly highlight data sets that can be removed from a disclosure
requirement, for example back-up tapes which duplicate emails on the
journaling system or that are easily available and can be swiftly identified
and collected. This low-hanging fruit can be useful whether your
eDiscovery exercise relates to a regulatory investigation, an internal
investigation or to litigation. Showing practical responsiveness to
disclosure requests is a way to gain essential goodwill from regulators or
the courts.
Languages and priorities
Electronic disclosure professionals can often provide valuable input in the
early stages of a disclosure requirement, not least as translators between
lawyers and IT. It may seem a frivolous point, but these groups can often
use the same terms to mean different things, and can easily come out of
meetings with a completely different understanding of what needs to be
done.
Collection strategies
Similarly, forensics consultants can often help expedite a collection
process that may otherwise take second place to normal operational IT
requirements.
While for lawyers, the priority is often to obtain and review documents
quickly, its advisable to exercise caution at this key stage. It is often
important to be able to prove the provenance of a document to the courts,
opponents or regulators. As such, it is important to maintain the chain of
custody during collection, and to work with eDiscovery providers to
document an appropriate convention for data transfer. Emailing
interesting documents through Outlook to colleagues in a piecemeal
manner can create a huge meta-data challenge and is likely to add extra
cost and duplication of effort.
Accelerators to prioritize your data:
Once you have data or a subset of data then a raft of techniques is
available to minimize cost, accelerate the review and prioritize the most
relevant information. An obvious approach is to identify key custodians
and process these first to validate keywords and confirm that there are no
gaps in the collection (e.g. via histograms, which quickly emphasize gaps
in time). Analytics tools might also highlight unexpected subject matter
not covered by key words, and social network analysis might provide
insight to key custodians not yet considered.
Finally, if the data set is large consider the use of technology-assisted
review (TAR), also known as predictive coding. Using TAR tools allow a
legal expert to train the software, using a small subset of data to provide a

weighting for hundreds of thousands of documents, allowing prioritization

of highly relevant documents, while culling the irrelevant.
The key to proactivity is planning and communication. Work closely as a
team to define what is most important to your organisation in terms of
time, cost and scope and then build and maintain a plan to deliver the
appropriate solution.