That's the problem.   They have a billion choices, but none of them are actionable.   

• 40% or more of corporate data is not subject to a specific legal duty and has no business value
• Corporate data volume grew by about 50% last year, budgets grew by 0%
• IT spend averages 3.5% of revenues – data management is not cheap (Gartner)
• IDC predicts data will grow by a factor of 44 in the next 10 years

• 100 to 15,000 matters and legal holds
• 300 to 3,000 record classes
• 1,000 to 15,000 regulations that mandate specific record keeping
• 1,000 to 50,000 file shares, SharePoint sites, ECM systems and applications
• 2,000 to 40,000 departments of people working on specific business functions
• 10,000 to 1 million employees
•  3 to 130 countries in which they operate

 

In addition to the lack of connectivity and transparency, the form of legal hold and form of retention schedule are often part of the problem as well. Legal holds are described by the custodians involved; retention schedules by the business function and record class. Neither tie to information sources. Often, the form of retention schedule was never modernized from its application to paper records in a single location, and it is so generalized that it cannot be reliably applied by people who manage electronic information in multiple sources (which may or may not be records but need to be disposed nonetheless).  Some legal departments choose to manage legal holds as simple email notification, ignoring the thousands of employees in IT involved in managing the data (and the risk this represents). I still see companies where no one in the legal department knows definitively who is on hold, so it’s impossible for IT to know.    For IT there isn’t enough specificity to consistently and confidently execute, so they keep everything.   

 

If we index it all, won’t that tell us what to do?

 

In a word, no. Searching and indexing 5 petabytes of data won’t tell you what’s on hold, what’s of value and what’s subject to regulatory obligations – although it may take weeks or months to index it all, it will not solve for the billion potential combinations of legal obligation, business value and information source. The obligation and value of information are not determined by their text content but rather by business people making systematic, informed business decisions. Presenting them with an index of petabytes of data and asking them to make retrospective business decisions is a non-starter.

 

So how do you achieve defensible disposal? 

 

With Atlas, which can help you:

1. Systematically link the business processes in legal, RIM and IT to provide structural collaboration and transparency (workflow and automated collaboration rather than conference room collaboration).    
2. Modernize the RIM program and conduct a systematic information inventory that captures value, local terminology, and points to the many disparate locations where information is stored in a structured application shared with legal and IT (rather than the spreadsheets or access databases typically used in schedule refresh work).
3. Treat legal holds as an enterprise function where people, records, information categories and sources are properly identified and the hold is transparent to stakeholders (rather than as legal department issue myopically focused on notices going out but leaving IT is on its own).
4. Ensure that IT can determine in their terms and with little or no interpretation who and what is on hold, what is of value and what is subject to regulatory obligation (rather than guessing or assuming that all information has the same value or is subject to the same obligations).

Atlas publishes hold, collection, retention and classification instructions to search tools and repositories and provides IT with truly actionable procedures per data source. Sophisticated search tools can then readily determine which of the small set of record categories and policies and legal holds apply to a single, specific department, data source or individual.   Smart repositories can then execute the instructions applicable to the data they contain.  This increases infrastructure value, reduces their cost of deployment and improves results for users.

 

More importantly, Atlas and the linkage it provides enable IT to defensibly dispose of data without duties or value. It will help legal accelerate discovery and defend their process as equal beneficiaries of the information inventory and transparency into the business and IT.    It will ensure that the business gets smaller bills from IT and smaller bills from legal, and they will be able to find what they value without wading through garbage first. 

 

To quote Peter Drucker, innovators address what is visible but not seen.   Massive data accumulation happens when IT can’t easily determine what’s subject to obligation and what’s of value -- make it easy to determine with Atlas.  

 

 

 

• 100% of survey respondents agreed that defensible disposal was the purpose of information governance practice.
• 2/3s of IT and 1/2 of RIM respondents said their current responsibility model for information governance didn’t work
• 80% of respondents had little or very weak linkage between legal obligations for information and records management and data management
• Only 13% had a systematic process for linking holds to sources of data and records
• 80% had retention schedules that applied to electronic information, but only 38% said IT followed these schedules
• The single biggest pain point cited by RIM, IT and legal was lack of transparency and collaboration across stakeholders

Elements of IMRM

1.  Policies that can be articulated in departmental procedure and are executable by IT in practice
2. Specific rather than generic communication of legal holds and retention requirements that enables enterprise execution and disposal

1. Transparent cross-functional processes for legal holds, discovery, record retention, information value assessments, and information and data management
2. The end of a silo approach to legal holds and record retention practices – these are enterprise rather than departmental processes
3.  Unified vocabulary across stakeholders which recognizes and reconciles their different interests in information

There is a lot of talk about information governance these days by vendors, customers and analysts. It is definitely the right discussion but there seems to be a lot of confusion about what it means. Here’s my definition: managing the data you need as you need to as efficiently as possible. [Read: managing only the data you need to and no more while complying with applicable legal duties at the lowest total cost to the company.]

I often joke that few people spend as much time focused on legal holds, retention, privacy and data governance (and the intersection of these) than I do and if you don't believe me, just ask my husband!  

Fortunately, I love the topics because they do intersect and sometimes even collide -- there are real challenges and very real opportunities to work on.   I get to work on these topics daily with leaders in these functions in the world's largest companies which fuels my passion for the problem.   As we rolled out the information governance process maturity model with its built-in cost and risk analyses, this collaboration has gotten deeper and more productive. 

The contents of my blog are perspectives garnered from these engagements and the application of the information governance process maturity model ... expressed in my humble opinion.   I hope you find IMHO constructive and interesting.

--Deidre