determined - Fotolia


Information governance strategy and e-discovery are intertwined

Information governance, with its emphasis on managing information throughout its lifecycle, can help your company create a stronger e-discovery process.

E-discovery isn't a reactive process -- or, at least, it shouldn't be. Managing your company's information should start long before you need to gather e-mail messages, documents and other electronically stored information for a trial. Indeed, e-discovery should be part of a larger information governance strategy, or plan for the life of your company's information. In the context of e-discovery, information governance will ensure that you have the information you need as soon as you need it and for as long as you need it.

The Electronic Discovery Reference Model underscores the importance of information governance strategy. The model's stages of e-discovery leads with information governance, which it defines as "getting your electronic house in order to mitigate risk and expenses should e-discovery become an issue, from initial creation of [electronically stored information] through its final disposition." Creating that overarching strategy is not easy, but here are four keys to doing so.

1. Learn where your information is stored. Incorporating an information governance strategy into your e-discovery framework means first learning the location of all information repositories and what exists in them. Although, on the surface, e-discovery refers only to electronic data, in reality, information in paper documents, external hard drives, thumb drives, and back-up tapes can factor in as well, and must, therefore, be included in an information governance strategy. More often than not, the scope of electronic repositories will include a number of locations, such as e-discovery software, local network drives and external file shares.

There's no doubt that information governance can have a direct positive impact on the e-discovery process.

2. Consolidate the number of information repositories. Once the physical and electronic repository locations have been identified, strive to reduce that number to a select few. For instance, companies might decide to store electronic active case data in the E-discovery software application and inactive case data in a specific network drive folder on the local network. If that's the case, define which data is active and inactive. Don't forget about physical repositories. As part of a strong information governance strategy, the location of that data should be limited as well.

3. Establish chain of custody and user controls. Next, companies must identify who has access to these identified repositories. It's not enough to simply document which repositories will be used. A user permissions protocol should be developed to ensure that only the right people in the company have access to the case data. An audit report should be able to be generated on command. That kind of responsiveness will give executives and external clients the comfort of knowing the company is audit-ready and that information is being protected against unauthorized access as well as prevent spoliation of evidence due to negligence.

This information is easy to produce on the electronic side of the house, but what about for physical repositories? A proper chain of custody protocol should be put into place for the ingestion and ongoing production of physical assets. Most likely, companies have already invested in a records management software application that manages the chain of custody of paper documents throughout the company. Why not use the same technology to track other physical assets like thumb drives and external hard drives? It's the same concept. After all, both are considered physical repositories.

4. Create disposition protocols. Many companies wonder how long they need to keep information, and the fallback answer is often, "Forever." However, this mentality is neither cost-effective nor sensible from a risk management perspective. Companies must have policies that enforce the deletion of information once it has met its legal and regulatory obligations. The key to this process is to be consistent in executing this process. Then, companies can respond confidently to auditing requirement. Not to mention, lower those hefty storage costs from its e-discovery vendor.

E-discovery and information governance are complicated subjects and the above steps touch on just the tip of the iceberg. Still, there's no doubt that information governance can have a direct positive impact on the e-discovery process, which is why it's important to take action today.

Next Steps

E-discovery tools boost information governance ROI

Federal agencies struggle with e-discovery

How to build an information governance strategy

Dig Deeper on Information governance management