“Information Governance” – What’s All the Buzz About, and What Does IG Have to do with E-Discovery?
“Predictive coding” reigned as the hot topic of conversation in legal technology circles over the last few years, but its preeminence soon may be over. “Information governance” now features prominently in the commentary of thought-leading lawyers and legal technologists. But what exactly is “information governance?” And what are the implications for e-discovery? Over the next several months, I’ll explore in the DiscoverReady Blog the developments around information governance (IG) and the various ways in which IG impacts the practice of law generally, and the conduct of e-discovery in particular. But to start, I’ll offer up some definitions and a framework for thinking about IG and other related topics that are also getting increased attention. To do that, I’ll pose some questions that I’m hearing often in my conversations with DiscoverReady’s clients and our industry colleagues:
What is Information Governance?
I’ve seen a number of different definitions of information governance, some more complicated than others. The Sedona Conference advanced the following definition in its Commentary On Information Governance (2013) (available at https://thesedonaconference.org/publications): “[A]n organization’s coordinated, inter-disciplinary approach to satisfying information legal and compliance requirements and managing information risks while optimizing information value.” The EDRM published a model for information governance (called IGRM, naturally) that you can access here. And the newly-formed Information Governance Initiative is working to craft a definition based on input from its various constituencies. (You can help them with that effort by taking a short survey.)
These and other definitions reveal that various commentators disagree on what exactly we mean by information governance and what falls within its scope. Indeed, a recent survey of law firms by the International Law and Technology Association exposed that, while the majority of firms identified IG as an issue for discussion, most have not taken any formal action; in large part they attribute their inaction to a lack of clarity over what IG really means. Hopefully the ongoing work of thought-leading organizations will bring us to a consensus definition of IG.
In the meantime, I’ll put forward the fairly simple definition that I use. My definition rests on the assumption that an organization’s information is an asset, which it needs to manage like any other asset. Information governance is the program by which an organization seeks to maximize the value of its information while minimizing the cost and risk associated with that information.
What about “Big Data” – Where does that fit in?
“Big data” is a component of information governance. As organizations accumulate more and more data, they are turning to powerful analytics to help them understand these data better and use them more meaningfully. Indeed, today we are stockpiling data in such large volumes that it’s no longer possible to access or manipulate the data using traditional methods. “Big data” is a shorthand way of referring to organizations’ efforts to wring more value out of their information through sophisticated analysis of their huge data stores.
What’s the difference between information governance and knowledge management?
Knowledge management refers to the efforts of an organization to manage the knowledge learned by its people through its information. “Information” exists in a vacuum; it becomes “knowledge” when humans access and analyze it, and then learn from it. A good KM program will ensure that important knowledge is shared and made available to those who need it and can make valuable use of it. See What is KM? Knowledge Management Explained, May 4, 2012. An organization’s IG should include knowledge management routines, as a means of maximizing the value of its information.
How do data privacy concerns impact IG?
Inevitably, the vast collections of information kept by an organization will include information about individuals protected by privacy laws and regulations. One of the risks associated with information is inadequate protection of that private information. Therefore, as part of the effort to mitigate risk, an IG program should include appropriate data privacy protocols and protections.
I hear a lot about “cybersecurity” these days – Is that a part of IG?
In a word, yes. There’s a catch-phrase that’s been circulating recently, “Data is the new oil.” To protect an asset as valuable as oil, a robust IG program will incorporate measures to address the risk posed by data hackers and other security threats coming from cyberspace. Those threats to information security create the risk of monetary losses as well as diminished competitive advantage, business disruption, and legal liability.
How does Information Governance relate to e-discovery?
Information Governance and e-discovery relate to each other in a number of different ways. But as a basic matter, a good IG initiative will help make e-discovery more efficient and effective, and less expensive. And when e-discovery is carried out thoughtfully and strategically, it can contribute back an organization’s IG program. That value loop, and the various ways to create and enhance that loop, is what I’ll be addressing here in upcoming blog posts. So come back soon!