Sound information governance practices are easily the foundation upon which successful electronic discovery projects are built. I know this because I have lived it. Without question, projects run more smoothly when the client has strong information governance practices in place.
Records Management Reinvented
Information governance involves managing the creation, use, storage, and disposition of data, records, and information maintained by an organization. It encompasses ideas, concepts, and practices involving but not exclusively relating to electronic discovery. And it involves managing not only paper and electronic records, but all information maintained by an organization. It also implicates compliance with laws and regulations pertaining to records retention, information security, and the privacy and confidentiality of information.
Thought of another way, consider that the records or any electronically stored information may potentially be evidence in a lawsuit or investigation. Information governance, then, becomes critically important because the records of an organization provide insight into the past and sometimes future activities of that organization. The information may be needed to tell a story.
Long before we had e-discovery, we had records management. ARMA International, the largest records and information management organization in the world, has been around for 60+ years. Now we have this more holistic view of the value and the efficient, collaborative use of records and information, particularly as it relates to legal matters. Information governance is not a technology or a tool; it is not just policies and practices; or managing risks or costs; it is an enterprise-wide undertaking designed to organize information for the benefit of the organization. It’s the new records management – on steroids.
What’s a project manager to do?
Many people ask “what are the information governance responsibilities of a project manager in e-discovery?” For starters, it is essential for the PM to understand information governance, records and information management generally. A PM needs to have basic knowledge of information technology infrastructure and data management systems. And although it is ultimately the client’s responsibility to implement effective IG policies, there may be situations in which an organization does not have IG policies. A PM may need to guide the client or at least refer the client to resources that may help to structure sound IG policies.
One objective of information governance is for organizations to prepare for litigation. Being “litigation ready” means that an organization knows (or can easily determine) what information it has, where that information resides, and what needs to be done to preserve it for discovery when necessary. So, at the outset of a discovery project, the PM and attorneys should consider the client’s information governance maturity. If formal policies exist, what is the nature and substance of the policies? What is the extent of compliance with the policies? If no policies exist, how does that impact the preservation of information in discovery? Project managers need to help attorneys and their clients understand information governance and its importance to the discovery process.
Regardless of whether the client has policies in place, as a PM, it is important to understand how the client creates, stores, and disposes of ESI. It is necessary to learn the types of hardware, software, data processing and storage devices the client uses. This includes the client’s network configuration, operating systems, workstations, laptops, file and email servers, and backup systems. A data map or even a simple network diagram is helpful in learning about an organization’s systems and helps to visualize and identify the locations of the different types of electronic records maintained.
Figure 1: Simple Network Diagram
Ask Questions (lots of them)!
Ideally, attorneys and the PM should confer with the client’s in-house counsel and IT and records personnel. A good practice is to use a questionnaire or checklist to ask about the client’s systems and identify assets that may contain potentially relevant information. Doing so not only provides a record of the conversation, but also enables attorneys to make informed decisions regarding the best course of action for preserving and later collecting the documents. A good questionnaire or checklist might make inquiry about the following:
- Network configuration, storage, and operating systems in use
- Types and number of file servers in use and the contents of each
- Email applications, number of servers, mail store size and retention
- Software applications, databases, or proprietary applications in use
- Types of workstations and/or laptops in use
- Remote access, home use, and personal and smartphone device polices
- Backup systems in use; backup policies, frequency, and retention
- Legacy or retired systems no longer in use
- Policies on former employees, retention and disposition
- External media, hard drives, CDs or DVDs, and flash drives
- Internal or external websites, intranets, shared drives, and social media pages
- Text messaging programs and unified voicemail systems
A client’s adoption of and consistent adherence to sound IG policies can demonstrate reasonable and good faith compliance with discovery obligations. If, for instance, documents or ESI are no longer available because they were disposed of pursuant to a formal policy before any obligation arose to retain them, then an organization should in theory be freed of the obligation to preserve and collect or produce that information. Defensible deletion like this will ultimately reduce the volume of ESI collected and can result in huge savings on e-discovery projects. It is not improper to dispose of ESI if there is no legal or other obligation to retain it.
Good IG policies can result in more efficient and cost-effective discovery projects. When an organization knows the information it has, where it is, and how best to preserve or collect it, the early stages of the e-discovery process will be more efficient. Likewise, an organization with sound IG practices is less likely to over-collect ESI in discovery, which further reduces cost.
The information governance stage of a discovery project—learning how a client creates, stores and manages its documents and ESI—provides the foundational underpinnings for many decisions that will be made later in the case. While the responsibilities associated with information governance rest for the most part with the client organization, it is important that the project manager and attorneys who advocate for the client know and understand the client’s IG policies and practices.
Links to additional resources on Information Governance: