The legal industry is undergoing transformational changes as aspects of information governance and eDiscovery are refined with new data governance solutions and technologies to address evolving business and regulatory requirements.
In this blog we will cover the practice of Information Governance, its importance to eDiscovery, the emerging use of AI and other technologies in this space, and the current shift in focus within IG teams that can yield unexpected benefits to organizations.
Information governance has been a hot topic in recent years due to the amount of data that organizations generate, which has been increasing at more than 60% per year across an interconnected universe of applications, devices, and services all running in tandem. Furthermore, recent growth statistics estimate that the majority of the world’s data – at least 75% and likely closer to 90% – has been created in just the past two years. Today, there are more than 100,000 companies globally with data storage needs that exceed 1 petabyte (or 1 million gigabytes) and this number will continue to rise in the coming years.
Navigating the complexities of this unprecedented growth is no longer just a challenge for security teams, as it has become a genuine challenge for anyone responsible for managing and using information. As a result, information governance is an issue that impacts every part of an organization, as well as every process that must leverage data including eDiscovery.
With this in mind, companies must begin approaching eDiscovery as an information governance problem that involves a number of stakeholders. This requires legal, compliance, governance, and security teams working together with adaptable tools to effectively manage and mine the ever-widening pool of information.
What is Information Governance?
The practice of Information Governance intends to achieve the following three goals:
Manage information to meet business objectives while balancing risk and maximizing value.
Develop and implement policies, procedures, and controls to manage the entire lifecycle of information from creation through deletion.
Effectively manage the organization’s data assets in order to comply with regulations, reduce risk, and improve business processes.
Information Governance also fulfills the responsibility organizations have to foster data securely through a system that aims to maintain three salient features as proposed by the Federal Information Security Modernization Act of 2014 listed below:
Data confidentiality, which means preserving authorized restrictions on access and disclosure;
Data integrity, which means guarding against improper data modification or destruction and includes ensuring information non-repudiation and authenticity;
Data availability to ensure timely and reliable access to and use of data.
It is important to note that organizations are responsible for governing data stored on-premises as well as in the cloud. Since most organizations today have some data footprint in the cloud, information governance providers now offer tools that facilitate executing data governance policies in the cloud that also adhere to existing regulations and standards.
Information Governance & eDiscovery
In the context of eDiscovery, information governance is the process of making sure all your company data is in order so that your organization can mitigate risk and control costs should litigation arise. Information governance is the groundwork for a company’s control over its information. How successfully your information is governed will determine how smooth and cost-effective any potential eDiscovery process may be if litigation arises.
With many legal professionals working from home under the expectation of maintaining stringent data production discovery timelines, the challenge today is to stay compliant with the law and continue to meet the Electronic Discovery Reference Model (EDRM) guidelines.
The first step in the EDRM workflow is information management—in other words, data governance. This highlights the importance the reference model attaches to information governance. Good data governance forms the backbone of search, retrieval, and protection of data, which facilitates your organization’s ability to meet eDiscovery requirements.
In 2015, Rule 37(e) of the Federal Rules of Civil Procedure (FRCP) was updated, requiring litigants to take reasonable measures to preserve electronically stored information (ESI). This requirement brought the importance of data governance to the fore. Under the new rule, if a court finds a party is prejudiced due to loss of ESI, it may sanction the party who lost ESI for lack of reasonable measures to preserve ESI. Better and smarter data governance helps meet the requirements of law.
Effective information governance programs yield the following benefits:
Help organizations to better understand and manage their data - This can be particularly helpful in the context of eDiscovery, where organizations typically need to quickly identify and produce relevant data.
Reduce the volume of data subject to eDiscovery – By implementing policies and procedures that control the creation and retention of unnecessary data, organizations can reduce costs and risks associated with eDiscovery related requests for information. However, it should be noted that eDiscovery providers have also innovated to reduce the cost and burden associated with collecting excess data by employing solutions such as ECA (early case assessment), technology assisted review, and other best practices that include date range & search term culling.
Improve responsiveness to eDiscovery requests – By having a well-defined process for responding to eDiscovery requests, organizations can more quickly and accurately produce the required data that help minimize disruptions to business activities and reduce the risk of sanctions or adverse judgments.
Ongoing challenges associated with eDiscovery include the following items:
High volume and complexity of ESI make it difficult for organizations to locate and produce the data required for eDiscovery.
Risk of spoliation which occurs when data is lost, destroyed, or altered.
Cost associated with time-consuming tasks to locate, collect and transfer data.
The implementation of policies and procedures that manage the lifecycle of ESI, enact litigation holds as needed, and create data maps to better organize and locate data establish a strong foundation for an effective information governance program. However, in order to keep pace with increasing data volume growth, along with the adoption of new messaging apps and data types used to communicate, newly developed technologies created to meet mounting data management needs have provided a significant boost to information governance teams.
Leveraging the Power of AI, Machine Learning and Automation
Huge amounts of data to process require sophisticated technology. In the coming months and years, organizations will increasingly access the power of AI and machine learning to automate the organization and use of data.
Many available technologies now incorporate machine learning, which is a form of predictive analytics that constantly test correlations based upon known patterns in hopes of finding new ones. Machine learning has a wide range of applications in data governance, such as discovering patterns that aid in structuring data, identifying duplicate or poor-quality data, applying metadata tags, and deploying detectors that can enhance business intelligence to retrieve data specific to your investigations. These new solutions also enable the implementation of data loss prevention rules that prohibit transmission of sensitive data to third-party data stores.
To offer a brief example that illustrates the power of automation, in a recent information governance (IG) presentation at the MIT Chief Data Officer and Information Quality conference, former GlaxoSmithKline (GSK) executive Mark Ramsey explained how the company wrestled with 15 petabytes of information in a massive project to build a detailed inventory of all data the company owned. The scope was breathtaking: Over 1 billion files, thousands of information sources and 26,000 relational database outlines — or schemas — had to be consolidated and mapped. There was no way for humans to do it, so GSK assembled a software toolbox that automated much of the process. This experience underscores the importance of utilizing technology to manage data troves whose size long ago outstripped the capacity of human operators.
Metadata management is another powerful feature that some solutions in the market currently deliver. Simply put, metadata consists of information about data. This includes a host of details, from owner and creation date to the history of changes, rules for access and much more.
Metadata makes data more visible and retrievable so organizations can construct data maps and users can find the data they need in seconds by entering a keyword and other parameters. Once the data is located, metadata can provide clues on how to understand it. Additionally, metadata tags can prescribe access and usage rights, drive archiving and provide an audit trail. This helps companies demonstrate regulatory compliance and also provides users the assurance they are working with the most recent and accurate information.
Emerging technologies in cognitive computing offer the capability of automating metadata. Metadata management, done right, ensures data integrity, reduces redundancy and allows organizations to realize key benefits from their data.
Information Governance Can Reveal Benefits to Business
Once focused mainly on regulatory compliance and mitigating risk, data governance is experiencing a marked shift in focus. Organizations and users have begun to grasp the power of data in driving business goals. As a result, the future of data governance moves beyond simple compliance to a more proactive and holistic approach.
Collaborative governance focuses on engaging people and processes to uncover business benefits. Moving forward, data governance strategies will include an emphasis on building data literacy. They will harness technologies like AI and machine learning (ML) more efficiently and streamline metadata management.
Too often, organizations make data governance an IT concern and focus on the technologies involved. Implementing the right technologies in the right way can certainly support data governance; however, governance works best when users understand the power of data and their role in ensuring data integrity and security.
Moving forward, successful organizations will work to democratize data with the goal of making trusted data safely available to those who need it. Data literacy efforts aim to educate users about best practices for securing and processing data. When all users take ownership for corporate data, compliance and data-driven decision-making improve across the organization.
The future of information governance looks bright as more organizations move away from checkbox compliance towards practices that support business strategies, and in the process transform information governance from a corporate chore to a business improvement opportunity.
With the current trajectory of data growth, information governance teams and professionals will need to master new tools of the trade that leverage automation in order to govern the vast body of institutional knowledge. Fortunately, the tools to tackle the challenge are emerging at the right time.