Information Governance NotesFrom Information Governance 2020

Proposition

Positive

By 2020 information governance will play a central role in helping organizations maximize the value of their information and reduce its associated costs and risks. This will manifest itself in multiple ways, such as dramatically reduced e-discovery costs and fewer

e-discovery battles over information, a dramatic reduction in the volume of outdated and useless information stored by organizations, and far fewer data breaches. Most information will be managed in an automated way (through machine-based learning and other techniques). A significant number of large organizations will be using Big Data techniques and technologies to monetize or drive significant internal value from their information. Overall, information governance will have a huge positive effect on the way information

is managed, with benefits for organizations, society, the justice system, and the economy.

Negative

By 2020 information governance will help drive relatively minor improvements in the way organizations manage information, but on the whole, the problem will be the same or worse than it is today. This will manifest itself in multiple ways, such as growing e-discovery costs and ongoing e-discovery battles over information, continued growth in outdated and useless information stored by organizations, and a struggle to contain data breaches. Most

information will still be managed in a manual way. Few large organizations will be using Big Data techniques and technologies to monetize or drive significant internal value from their

information. Overall, information governance will not have contributed in a significant way to the way information is managed, with few identifiable benefits for organizations, society, the justice system, and the economy.

We just need to understand what information we have and its value. I believe that once the IG concept is mature and understood, people will start to think before they type. How will taking control of information or failing to do so by 2020 affect companies, the justice system, the economy, and society? Taking control of information will keep organizations from ruining their reputation. Those who dont control their information will end up like Target, eBay, and others. And that cant be good for the economy.

Most of the information governance tools on the market today are tools to enable us to cope with a lack of information governance. They dont actually establish good governance themselves. Organizations are deploying content analytic tools to make ad-hoc disposition decisions on groupings of content that they have not been able to apply retention rules to. Most organizations have huge gaps in their documentary records kept in whichever generic document repository they use (SharePoint, an EDRM/ECM system, or simple shared drives). Many decisions are made exclusively in e-mail without leaving a trace in those repositories. Individuals cope with gaps in the documentary record by relying on their own e-mail accounts. General Counsel copes with gaps in the documentary record by searching e-mail archives.

The foundations for e-discovery were established a decade ago. The FRCP were amended in 2006 to consider electronic documents. Eight years later, those amendments are again being debated. The general consensus is that many attorneys are still not familiar with e-discovery rules. In my discussions with vendors, I note their frustration with not being able to monetize information governance services. Several vendors have retrenched their information governance efforts and refocused on e-discovery apparently e-discovery services are easier to sell. As I see the issue, organizations view information governance as a support function and cost center, and not a revenue-generating effort.

By 2020, IG will drive success in business and risk management by leveraging powerful, innovative data analytics and ephemeral messaging technologies. However a dramatic reduction in the volume of outdated and useless information stored by organizations is not likely, in my opinion. Breakthroughs in solid state storage technology like Spintronics (an order-of-magnitude faster and more efficient than current storage systems) save time and reduce the need to cut down stored data. In parallel, the rapidly emerging demands of data privacy will fuel ephemeral messaging development. This will serve to reduce risk and protect privacy, as well as shrink the clutter of data that have extremely short shelf lives.

Information Overload: Courts Prepare for e-Discovery Changes Ed Silverstein Legaltech News 17 April 2015 - http://www.legaltechnews.com/id=1202723823025/Information-Overload-Courts-Prepare-for-eDiscovery-Changes?slreturn=20150322161001At the same time, data itself continues to become more complex, explains David Houlihan, an analyst at Blue Hill Research. At first, that data was largely in the form of email, but grew to include text messages, videos and social media. There are also changes as storage went from on-premise and being hosted by law firms to a greater acceptance of cloud storage and the increased use of software as a service.

Over the next few years, the volume of data will continue to skyrocket, especially with increased use of the Internet of Things and more machine-to-machine communication, as well as from various forms of wearable technology.

The challenges are compounded by the tools and services available. One study from HBR Consulting questions whether a single technology tool exists to support the complete e-discovery workflow. But many vendors say they provide such an offering.

.....some attorneys still show "fear and anxiety" about e-discovery, and it can create "unnecessary pain in litigation," Houlihan adds. For example, boutique law firms that do not have resources or knowledge on e-discovery may not be able to take on more complex matters. Or, in some cases, one party in a matter has little knowledge of e-discovery while the other has extensive knowledge and resources.

And attorneys without adequate technical background or those who do not consult with specialists sometimes can make costly mistakes. They may agree, for instance, to search terms that can end up costing a huge amount of money.

Oot, who previously served as director of e-discovery at Verizon and as senior counsel for e-discovery at the U.S. Securities and Exchange Commission, says he advises clients to have someone with technical know-how at the negotiating table when meeting with the other side's legal team and at the scheduling conference when meeting with the judge in the case.

In fact, the field has gotten so complex that multidisciplinary teams are needed at many organizations in order to undertake appropriate e-discovery and minimize risks.

How to prepare information governance for the Internet of Things Information Age Ben Rossi 16 April 2015 http://www.information-age.com/technology/information-management/123459329/how-prepare-information-governance-internet-things#sthash.FDy3KTEM.dpuf Connected device-to-device communication is already used in businesses across manufacturing, automotive, agriculture, energy and healthcare, as well as being driven into consumer sectors with the likes of connected devices in the home and fitness-related applications.

Estimates of the global number of connected devices by 2020 vary widely, ranging from 20 billionto50 billion and more. In 2015, the number of connected devices and systems in use is expectedtoreach 4.9 billion.

This just goestodemonstrate how important it is for businessestowork on their information governance strategies nowtoaccommodate these emerging information types, before the data volumes generated by connected devicestooverwhelm.

Another major challenge willbethe regulatory and compliance implications of data that will bemoving between devices, placing new demands on data protection, security and recovery policies.

Legal frameworks generally lag behind technological capability, and the complexities of the data landscape generated by connected devices and systems will pose interesting legal and regulatory challenges.

For example, a connected device in a domestic fridgecouldbedesignedtomonitor energy use or shopping needs, but could simultaneouslybegenerating personal information about such things as an individuals health, lifestyle and changing family structure. This kind of information would needtobe regulated and protected.

The third challenge willbethe storage and retention of the information. It willbeimpossible (and not the right thing)tostore and keep absolutely everything.

Information governance frameworks are already struggling under the weight of emerging digital channels, and could buckle under IoT unless organisations get better at classifying their data and knowing what toretain and store and whattodelete.

This is not always goingtobeeasy. The challenge of determining what information constitutes a record or has potential business value, and applying an appropriate retention rule is no mean feat and may well seem overwhelming for the many businesses already overloaded with growing volumes of information in multiple formats. Yet failuretotake on the challenge willtoexpose manytounacceptable levels of risk.Information professionalsoften err on the side of caution when it comestothe data they retain. Businesses are reluctanttodestroy data that could at some future point deliver value, and they dont wanttohave deleted data which may suddenly required for e-discovery purposes. This results in hesitancy with a keep-it-all-in-case culture.

Judgement calls about record disposition will havetobemade but these difficult decisions willbehelped considerably by having strong information governance in place; pre-defining and automating categorisationtolimit storage and vulnerability, and defining and enforcing clear responsibilities amongst your team.Information Governance Problems

Many organisations dont know who owns or who should own the content created through these communications channels. A recent survey ofinformation professionals, by Iron Mountain and AIIM, revealed that a third of businesses have yettoallocate content responsibility forinstant messaging (39%), mobile (32%), social media (28%) and cloud-sharing (33%).But closetoone in ten respondents said their organisations failtoregulate even well-established information types such as email, customer data and public online content. Why the Internet of Things is more than just a smart fridge Information Age Ben Rossi 22 September 2014 http://www.information-age.com/technology/mobile-and-networking/123458485/why-internet-things-more-just-smart-fridge#sthash.t8Lu845s.dpuf The following deals with some of the technical issues surrounding data collection and storage.As IoT grows, the need for real-time scalability to handle dynamic traffic bursts also increases. There also may be the need to handle very low bandwidth small data streams, such as a sensor identifier or a status bit on a door sensor or large high-bandwidth streams such as high-def video from a security camera. Consider the following examples and the applicability of network-connected device to IoTHomes and officesUtility meters send complex data packets to service providers where centralised systems provide real-time monitoring to proactively detect and remediate problems such as blackouts, water leaks and circuit overloads.

Data is analysed to improve efficiency by determining needs, spotting trends, and predicting demand. By virtue of its smart IoT fixtures, the city of Oslo reduced energy costs by 62%.

WearablesFrom heartbeat-sensing fitness bands to step-counting smartphone apps, wearables are the public face of IoT. A portable device is connected to a service that aggregates data and, increasingly, shares it across social media, with a doctor or even a gym. The cloud-based services also push back analytics, motivational graphics and music, and location-based maps.

HospitalsHospitals utilise several smart devices, both standalone and those wired to nurses station monitors. Soon, these will be interconnected through a highly available and secure network with server-based applications that can track patient conditions by correlating all data not just nurses readings allowing better monitoring, data logging and big data analytics. An IoT-connected network helped St. Lukes Medical Center reduce patient-bed turnaround time by 51 minutes.

Factories and warehousesThe flow of materials must be monitored and optimized for efficiency. Location sensors are embedded in components moving through assembly lines and inventory systems. The location of forklifts, pallets and workers are tracked as well, while centralised software directs the activity in real time to effectively respond to customer requests.

By implementing predictive maintenance and quality control IoT, BMW reduced auto-warranty costs by 5% and reduced the scrap rate of defective vehicles by 80%.

Dynamic application deliveryAlong with these various applications mentioned above, and there are plenty more. When an IoT node performs a service request, such as sending a medical data packet, the ADC (application delivery controller) determines which server, virtual or physical, can handle the request.

The packet is then sent to the appropriate server for processing, while measuring the performance of the application and availability of the server. Application delivery technology can also remember which application server is handling a specific IoT nodes service requests.

When subsequent packets arrive from the same IoT node as part of the same request, the session will continue with the same server, ensuring continuity of the traffic stream and reducing the need for renegotiation.

An application delivery controller also monitors the health of application servers. Common statistics are processor and memory utilisation, server response time, and how different protocols are handled.

When the servers slow down or become unresponsive, advanced load balancers dynamically route traffic to other servers to reduce client interruption.

Evolution of the load balancer

Modern load balancers focused on application delivery are more sophisticated and operate from Layer 4 to the Application Layer 7, making them more in tune with application server software, how the client responses should be handled, and the specific services being requested by IoT end nodes. ADCs provide packet encryption/decryption, reducing server workload and making it possible to apply advanced policies and processing on secured traffic streams while maintaining end-to-end security. Global Server Load Balancing (GSLB) allows the intelligent distribution of end-node traffic across private and public clouds based on proximity, performance or manually defined business rules for optimal data handling and communication. To facilitate the dynamic cloud infrastructure, modern ADCs have also been adapted to integrate into virtual environments.

The Internet of Things is now

The Internet of Things includes the connected refrigerator plus thousands of medical devices in hospitals; smart utility meters; GPS-based location systems; fitness trackers; toll readers; motion detector security cameras; smoke detectors; and embedded systems. Each of those IoT end nodes requires connectivity, processing and storage, some local, some in the cloud. This means scalability, reliability, security, compliance and application elasticity to adapt to dynamic requirements and ever-changing workloads.

Now is the time for network administrators to fully scope out all of their Internets and how everything interconnects, from how ERP software systems maintain monitoring rules and governance to how APIs talk to M2M application platforms, to how asset and device management mechanisms orchestrate version control and location.

Is Your Glass Half Full of Information Governance? Rene Laurens The Relativity Blog 9 April 2015 https://www.kcura.com/relativity/blog/glass-half-full-information-governance/

We are certainly seeing large organizations managing their data more securely for compliance, regulation, human resources policies, and business reasons.. Unfortunately, information governance is not only a big-company problem, its an any-company problem. With the blend of small, large, new, and old businesses in todays market, its tough to generalize with either statement. Its truly a blendin some industries, Reduced e-discovery costs and reduced data volumes are already in play. In others, though, those same problems are still growing.

By 2020, more companies will at least use built-in, automated deletion and archiving rules. Many may see this need to evolve their IG practices after they faceor hear war stories abouthigh discovery costs in litigation.Wed like to see information governance better integrated into business models and are optimistic things will move in that direction, though its hard to say all organizations will be there by 2020. Along the way, companies will be asking more from technology to assist with managing dataand thats where we hope we can assist. There will always be a human component, but the more software like ours can help, the more businesses will see the benefits because it will be easier for small groups to manage large amounts of data.Proportionality, Paranoia, and the UKs Biggest e-Disclosure Challenges The Relativity Blog Paul Gordon 21 April 2015 https://www.kcura.com/relativity/blog/proportionality-paranoia-and-the-uks-biggest-e-disclosure-challenges/Interview with Chris Dale who makes some salient points about the need for lawyer and judicial education.

Paul: What are some differences between e-disclosure in the UK and other parts of the world?Chris: In comparison with the U.S., we have much fewer documents in our cases. For reasons I dont wholly understand, we seem to produce fewer documents per capita than Americans. In a case where we have the same number of custodians over the same period of time, well produce fewer documents. Dont ask me why.

More importantly, however, English lawyers are required to argue for the narrowest scope possible. Whats the smallest number of documents needed for justice to be done? How narrow can you make it and still have a proper case? Answering those questions is part of their duty to the court and to their client.

The State of Information Governance Forbes, Barry Murphy, 19 April 2012 http://www.forbes.com/sites/barrymurphy/2012/04/19/the-state-of-information-governance/?utm_source=twitterfeed

IG is defined as a comprehensive program of controls, processes, and technologies designed to help organizations maximize the value of information assets while minimizing associated risks and costs.Everyone recognizes the need for IG, but no one wants to be ultimately responsible for it. Businesspeople care only about the ability to easily create and access information to do their jobs. ITs job is to support the business. Defensible disposition projects and Legal Hold programs for cost avoidance dont exactly have the sex appeal of implementing social media marketing projects that can drive revenue. That is hardly surprising, given the very real challenges of truly managing corporate information assets. Still, though, IG is important and is gaining some traction in many organizations. For companies that ignore IG, managing the risk that information poses is harder and harder because the volume of information stored keeps going up. For every effort a company takes to safeguard information, employees create a workaround if that effort impinges on the velocity of information. In turn, those workarounds can lead to a vicious circle of eDiscovery nightmares.

Good IG programs build a corporate culture where responsibility for information is a core tenet. Employees understand policies and are incented to abide by them. That culture can only develop under a high-level executive who truly believes in IG. Which C-level executive owns IG is less important than the leadership and consensus-building qualities she or he possesses.

There is no real standardization amongst which C-level executive owns IG, nor does there need to be. For some companies, it will be best for a CIO to own IG, for some it is best for a Legal Officer or General Counsel to own, and for others IG is bested owned by a committee of senior executives. One thing is for sure: IG cannot, and will not succeed, unless there is a C-level executive that clearly owns real responsibility and accountability for IG. Organizations seeking to exert greater control over their information assets must close this gap. In addition, IG executive leaders must be savvy in the ways of securing proper budgets for projects. Anecdotal evidence from companies with good IG programs shows buy in from senior IT and Legal executives. These executives actually work together early and often to define what is reasonable for the organization, any process requirements (e.g. legal hold, early case assessment), and then allow IT to purchase the right infrastructure or Legal to procure the right services. While it sounds trite, the key to IG success is cross-functional communication and cooperation.

One organization had struggled with employee underground archiving because the company was deleting emails in employees inboxes every 30 days. Employees figured out ways to keep emails longer (by automatically forwarded the emails to themselves before the 30 day policy kicked in or saving them to local machines). IT faced rising storage costs and Legal realized that it was over-preserving email for litigation and processing a ton of duplicate data. By putting an email archive in place, the company was able to address all issues. The archive supported more flexible retention periods, so employees did not need to be concerned about losing email so quickly. IT was able to ease the burden on its production mail system and need less primary storage. And, the deployment included an eDiscovery interface that Legal could operate to conduct litigation holds and review data. The company noted a positive ROI very early on just from reduced eDiscovery costs. But, beyond that, the company noted that employees were happier and more productive without the stress of trying to horde email

It is also important to buy into the notion that IG takes a team it requires skills in Legal, technology, process management, and an understanding of what makes the business tick. The only way to corral all the expertise need for successful IG is with a team tasked specifically to do just that. Whether the IG team is the evolution of an existing records management team or a newly created group, the important thing is that the team is able to drive cross-functional projects. Specifically, the IG team must understand the business and how it creates and consumes information, know the regulatory and legal rules that the organization operates under, be versed in technology for all aspects of information management and able to convey requirements to IT, and possess library sciences skills for organizing information. Ultimately, this central team will play an important role in spreading the culture of IG throughout the organization.

Companies that address IG in the right ways actually do much more than avoid eDiscovery costs or reduce storage costs; thats right IG is not simply about cost reduction and risk mitigation. Better yet, companies with good IG practices actual enable those sexier business activities that generate revenue by ensuring information is available quickly when and where it is needed. Perhaps 2012 will be the year that companies are able to put together the policies, processes, and tools that allow information to flow freely, but with all the controls in place that help to avoid nightmares like those we have in eDiscovery today.

Information Governance: the way the wind isblowing The E-Disclosure Information Project Chris Dale 18 August 2013 https://chrisdale.wordpress.com/2013/08/18/information-governance-the-way-the-wind-is-blowing/Dean Gonsowski wrote an article in May of this year called Information Governance Still Hinges on Basic, Definitional Issues. I draw your attention to it for two things for the definition of information governance included in it and for the list of challenges which need to be addressed by corporations who face up to them.

Deans definition of information governance, which he describes as a hybrid of many permutations that exist out there is as follows:

Information Governance is a cross-departmental framework consisting of the policies, procedures and technologies designed to optimize the value of information while simultaneously managing the risks and controlling the associated costs, which requires the coordination of eDiscovery, records management and privacy/security disciplines.The challenges, reduced to short bullet points, are the following:

Who owns information governance?

Where does it reside organizationally?

Are there information governance best practices yet?

Is there a universal, information governance definition?

How do you build the business case for information governance?

How do advanced technologies, like predictive coding, enable information governance?

Companies who dismiss these points as a luxury which they cannot afford in hard times, need to ask themselves the question What is it costing us to keep all this data? This is a preliminary to a second question, which is What would it cost us to address this?

There is more to value than these brute components of savings and expense, but these are the ones which get board level attention even in companies which are unwilling or unable to address deeper questions of value. One of the more surprising conclusions which one reaches is that relatively few companies have actually tried to answer these questions in relation to eDiscovery, apparently content (or at least willing) to keep paying their eDiscovery bills and buying more server space as the need arises.

The question of return on investment is recognised by Recomminds Bill Tolson in an article called The ROI of Conceptual Search. Although it focuses narrowly on the ROI from one particular Recommind product, Decisiv Search, and one specific technology, the principles covered in the article apply in a wider context. The questions What are we paying now?, To what could we reduce that expenditure? And How much will it cost us to achieve that seem to me to be basic questions which ought to be addressed by any company in the same way as they consider any other expense and investment decision.

The answers which emerge from such questions are critical components in broader questions about risk management. Risk and cost go hand-in-hand, and you cannot sensibly consider mitigation of risk without knowing what the remediation costs will be. The assessment of resulting benefit is a yet further stage which cannot sensibly be addressed without knowing the costs.Consider the questions:

What is the chance of one of our aeroplanes crashing?How likely is it that our newmedicinewill poison people?Compare these with:

How likely is it that I will be sanctioned for destroying or failing to find this document?or

How much value lies in beingableto find this document quickly when the subject-matter recurs?and then ask:

How much does it matter if this event happens?..then you are beginning to see the way to the question:

What is it worth spending to be relieved of that risk?The point is not so much whether you and I, in the abstract, can give a weighting to any of thefactorsinvolved in these questions but whether companies are addressing them at all. It is a pretty good bet that a company at risk of having its aircraft crash or its medicinespoison people is very focussed on risk andwillingto spend almostanythingto mitigate the risk.

The questions about deletingdocumentsare more nuanced.Whatsort of documents are these? Legal questions arise (Is there a regulatory, statutory or other implication? and Are they already subject to a legal hold?). There are technical questions (Can we still access and read these documents?), and practical ones (Does anyone ever bother?), and questions of cost (What does it actually costto keepthem?).

What has all this to do with external lawyers? What role is there for them in the kind of proactive input which is required when legal considerations are involved in such decision-making, as they clearly are when regulatory and eDiscovery implications may arise.

It is not much talked about, really. You can find plenty of lawyers and others talking about risk and its mitigation (and perhaps rather fewer talking about benefits) but you do not often see or hear about case studies, actual examples of projects being undertaken by more firms to help their clients.

I suspect that this is because very few firms are offering such a service, with the rest either uninterested or unaware of the problems and solutions or (less creditably) seeing the steady accumulation of yet more data in their clients hands as an insurance policy which will keep them in work for long enough to see out their careers.

Information Governance Still Hinges on Basic, Definitional Issues Mind over Matters Dean Gonsowski 7 May 2013 http://www.recommind.com/defensible-deletion/information-governance-still-hinges-on-basic-definitional-issuesAs a relatively new discipline, information governance amplifies the need for a common language and extends the necessary constituents, going beyond the initial Legal-IT grouping to add in Risk, Compliance, Infosec, Records Management, as well as stakeholders from relevant business units. While these groups might have had periodic participation in an episodic eDiscovery event, the information governance movement requires a dedicated seat at the table.Earlier this year, Judge Peck announced at LegalTech that If 2012 was the year of predictive coding or technology-assisted review, 2013 or 14 seems to be information governance. The next step is for groups like Sedona to continue advancing the discussion by defining whats within the information governance purview, whos involved and what guiding principles are at play. Until theres better clarity about these basic building blocks it will be hard for this initiative to get beyond the early adopter stage and go truly mainstream. If/when that happens, information governance promises to truly ring in a new era in the defensible management of data within organizations.Legal Tech 2015 A New Zealand Perspective Andrew King 17 February 2015. http://www.e-discovery.co.nz/blog/legaltech-2015-a-new-zealand-perspective.html

Information Governance and Big DataAs we have seen in past events, Information Governance and Big Data featured heavily throughout LegalTech. Every organisation today now faces greater challenges in managing the volumes of electronic information, but also the challenge to have the ability to analyse and actually do something with that information and be able to do so quickly, without having to reinvent the wheel.Information Governance was linked closely to security issues and managing Big Data. The message was that it is becoming more important to have a comprehensive Information Governance programme to address security, eDiscovery and ultimately assisting organisations to make more informed business decisions.Just Do It: Making Information Governance Work Health Data Management David Wesch 3 March 2015 http://www.healthdatamanagement.com/news/Just-Do-It-Making-Information-Governance-Work-49922-1.htmlIf we reduce the amount of information we store or slow its growth, we reduce both risk and costs. For many organizations, however, taking the first step toward developing an information lifecycle governance (ILG) program that addresses data growth is the most difficult one. Most people think that ILG programs are tedious and fraught with complexity. They worry about a significant commitment of effort and budget. But companies that rely on ILG resources and best practices developed by the Compliance, Governance and Oversight Counsel (CGOC) often find that getting started on the journey can actually be much simpler than most people think. CGOC is a forum of legal, IT, records and information management professionals.

Consider a $5 billion healthcare company that in early 2014 had more than 3,500 employees, with an IT infrastructure that included 3,500 desktops and laptops, 5,000 email mailboxes, 300 file servers, 50 TB of SAN storage, and 80 applications that retained data. The offsite information inventory included 14,000 storage boxes (dating back to 1986) and 6,000 backup tapes.

Like many organizations, to ensure it met its records retention requirements, the company never threw anything away. It also cited other data hoarder excuses, including disk space is cheap, Google can find anything, so its not a problem, and IT can just push a few buttons and find the emails you need, among others.

But this strategy simply wasnt sustainable. Even though the unit cost of storage keeps going down, building and maintaining an ever-growing storage platform is very expensive, especially when floor space and personnel are factored in. In addition, email growth is out of control, and email file stores, such as PST files, are hard to manage, let alone discover properly. There are also new privacy rules that require the elimination of data.

Even legal departments, which often insist on the save-everything policy, are overwhelmed by the ballooning cost of producing ever-increasing amounts of information in response to an eDiscovery request.

Besides, according to a survey conducted by the CGOC, of the information a typical enterprise has stored, only approximately 1 percent is under a legal hold, only 5 percent is considered a record that must be retained, and only 25 percent has actual business value. This means that as much as 69 percent of all that accumulated information has no business, legal or regulatory value at all!

In deciding to act to improve information governance practices, providers should focus on three goals:

* Ensuring compliance with all applicable laws and regulations, including satisfying HIPAA, SOX and other regulations, fulfilling Department of Justice requests, abiding by subpoenas and legal holds, and following the Federal Rules of Civil Procedure (FRCP).

* Being good stewards of data by properly preserving what needed to be preserved while properly disposing of data that had lost its value.

* Making it easier for business users to find the high-value information they need by disposing of information they dont need.

The ILG strategy used for achieving these goals is called defensible disposal, and it requires bringing expertise from the legal, compliance and IT departments together with key information stakeholders from the business side to

lay out more comprehensive records retention and destruction policies,

develop the procedures to implement and enforce those policies, and,

where necessary, deploy the technology to support and automate implementation and enforcement.

In addition to business data, the targets of the defensible disposal program included offsite storage, email stores, backup tapes, and call recordings.

Proactive Approaches to E-Discovery Equip Systems Martin Bonney & Martin Nikel 3 October 2014 http://www.epiqsystems.com/askQ.aspx?id=2147484901

Where to begin?

The journey, as the new EDRM suggests, ought to start with information governance: understanding the data universe, the records retention policies and the legal and regulatory needs of the business. This has obvious benefits in terms of reducing the cost of storage (many estimates suggest by more than 40 per cent) and the concomitant cost of processing and reviewing documents. Less quantifiable, but possibly more significant is that by not doing this, your organisation could retain data that might come back to bite you in the future, but could justifiably have been deleted if retention policies had been practically applied.

The reality, however, is often that litigation or regulatory investigation hits before this governance work has begun. The smart professional will think positively, and be proactive no matter where they are in the process. With the right, proactive approach, much can be achieved. An eDiscovery requirement from a regulator or the courts can actually be a valuable spur to get your information governance house in order. The essence of such an approach is planning and communication. Get the key players (typically at least IT, legal/compliance and your eDiscovery provider) talking to each other, and invest the time to build a data map essentially a description of the organisations data types, technical infrastructure and storage solutions. This is an essential first step to preserving and collecting data, and can bring an early understanding as to the scale and nature of the challenge.

Identify what you dont need

Another benefit of building a data map is that it enables organisations to quickly highlight data sets that can be removed from a disclosure requirement, for example back-up tapes which duplicate emails on the journaling system or that are easily available and can be swiftly identified and collected. This low-hanging fruit can be useful whether your eDiscovery exercise relates to a regulatory investigation, an internal investigation or to litigation. Showing practical responsiveness to disclosure requests is a way to gain essential goodwill from regulators or the courts.

Languages and priorities

Electronic disclosure professionals can often provide valuable input in the early stages of a disclosure requirement, not least as translators between lawyers and IT. It may seem a frivolous point, but these groups can often use the same terms to mean different things, and can easily come out of meetings with a completely different understanding of what needs to be done.

Collection strategies

Similarly, forensics consultants can often help expedite a collection process that may otherwise take second place to normal operational IT requirements.While for lawyers, the priority is often to obtain and review documents quickly, its advisable to exercise caution at this key stage. It is often important to be able to prove the provenance of a document to the courts, opponents or regulators. As such, it is important to maintain the chain of custody during collection, and to work with eDiscovery providers to document an appropriate convention for data transfer. Emailing interesting documents through Outlook to colleagues in a piecemeal manner can create a huge meta-data challenge and is likely to add extra cost and duplication of effort.

Accelerators to prioritize your data:

Once you have data or a subset of data then a raft of techniques is available to minimize cost, accelerate the review and prioritize the most relevant information. An obvious approach is to identify key custodians and process these first to validate keywords and confirm that there are no gaps in the collection (e.g. via histograms, which quickly emphasize gaps in time). Analytics tools might also highlight unexpected subject matter not covered by key words, and social network analysis might provide insight to key custodians not yet considered.

Finally, if the data set is large consider the use of technology-assisted review (TAR), also known as predictive coding. Using TAR tools allow a legal expert to train the software, using a small subset of data to provide a weighting for hundreds of thousands of documents, allowing prioritization of highly relevant documents, while culling the irrelevant.

The key to proactivity is planning and communication. Work closely as a team to define what is most important to your organisation in terms of time, cost and scope and then build and maintain a plan to deliver the appropriate solution.