Information governance could well be the new cyber security, in that it is becoming a hot-button issue for organisations to better manage a bevy of business concerns, including litigation.
Chicago-headquartered eDiscovery company, Relativity last week hosted its 11th annual Relativity Fest, the theme for which was how businesses across the world have managed the “multifaceted obstacles” in the wake of the age of coronavirus.
One session, hosted by Relativity CIO Andrew Watts, focused on the need for legal teams to figure out how to manage growing streams of data from a host of platforms that didn’t even exist five years ago, such as Slack, Teams, Zoom, and myriad short message and social media platforms. In short, Mr Watts noted, information governance is becoming “really hot” at the moment, in the same way that cyber security has been in recent years.
Challenges being faced
We’re producing more data than ever before, IDC senior research analyst (legal, risk and compliance) Ryan O'Leary proclaimed, because we have more devices than ever before.
“With COVID-19, there’s a lot of video data as so many teams are working from home using platforms like Zoom. It’s pervasive across every industry and in your private life – you’re generating data in your private life no matter what company you work for, such as watching Netflix at home on the couch,” he said.
The pandemic, Walgreens senior manager of global information governance Lauren Doerries mused, has made the job of identifying key business records and information much more difficult.
“Now that everything is electronic these days, you have to find it to be able to archive it and keep it, whether that’s required by regulation or the business. The fact that we have so much information out there right now makes that so much more challenging,” she said.
“Every organisation is also dealing with ‘orphan data’, whereby people are leaving a trail of data behind them and it compounds the difficulties faced. Another issue we’re seeing is data duplication for analytics or business intelligence purposes, which creates challenges as that data is then reclassified. Keeping track of information and what it’s being used is problematic. It’s definitely impacted the way records management is handled, and governance just in general.”
Duplicative use of data is causing problems for legal departments too, Ms Doerries continued: “If you’ve traditionally used inventory as records schedules as to where information might be, if that’s not being constantly updated by a team doing that consistently, you’re probably not finding the secondary use of that data across the business, so data mapping is so important to discovery.”
“It’s getting a lot more challenging to figure out where duplicated sets of information are, planned or unplanned. Data is going in all different directions with people working from home, and they’re not realising where that data is going if documents are being duplicated in OneDrive and Teams, for example,” she said.
There are numerous implications of growing volume of video, productivity and chat data on litigation support and the industry in general, Mr O'Leary pointed out.
“The real issue that we’re going to see, and it’s started to pop up, is the ephemeral messaging such as Slack channels which can disappear or be deleted easily, so you can no longer just look at an email header, you have to be able to defensibly prove that someone was in a Slack channel at a time, not to mention you have direct messages going back and forth. That is hard to review in a traditional eDiscovery pattern, so you will have more short message solutions,” he explained.
Further complicating this question, Ms Doerries said in support, is consideration of what constitutes a record with regards to the new/ephemeral data types.
“Is a chat technically like an email, and is it a business record? Those conversations are being had all over the place. From a policy standpoint, defining what we need to retain and incorporate that into policies and retention schedules so we can do so defensibly, we’re updating a lot of our documentation to reflect whether or not we will consider information that is being exchanged in different formats and applications as business records,” she outlined.
“Long gone are the days where we had nice, long letters as our correspondence, that you could just put in a folder and call it a day. We’ve been treating email the same way for a long time, but now communications disappear after a time after design, so you need to make decisions about what is important and what needs to be kept.”
How legal teams can respond
One of the things that legal departments must do, Ms Doerries suggested, is ensure they are expanding their relationships with different functions within each organisation.
“The people at the table talking about data and what we’re doing with it are typically not the people who traditionally manage the records functions, and so we have to make sure we have a seat at the table, but also we have a continuing seat at the tables that are being created each day,” she argued.
“Most large organisations dealing with migrations have a lot more committees and standing calls – so having a representative who has data governance and retention at each of those junctures is critical. It’s not something that people always remember to include, but being turned into those groups is essential.”
When asked what action the legal department can take to tackle the myriad challenges being faced by the organisation, Mr O'Leary said that being able to advocate for budget, to do the things you need to do and really explain the scope of the problem, “is a must on a daily basis”.
“This is an area where you can prove your value to the organisation and get efficiency savings. Educating the organisation that this is everyone’s problem, not just your problem, is the most important thing you can do,” he said.
Ms Doerries agreed, and added that having increased visibility allows the legal team to not only save money at first instance but also have the longer-term ability to “target collections for discovery and reduce the time spent seeking key documents used day-to-day”.
“There’s a business value that if risk isn’t a motivating factor, the time spent looking for information usually is,” she concluded.
“We’re getting to a position where we have so much information that it really is impossible to find things if we don’t put parameters around it.”