During the last decade, the costs associated with managing digital records required for business analysis, regulatory compliance or as evidence in litigation have skyrocketed. For many companies, these expenses exposed some enormous shortfalls in records management investment.
The burden associated with these costs rallied new information governance strategy spending, and vendors responded. Technologies such as enterprise content management systems and data forensic solutions emerged to empower executives with tools that enable full governance of a company's digital information assets.
But in the enthusiasm to embrace new technologies, companies neglect 20th century records management techniques that remain essential. Of course there are old practices that must be thrown out, but new technology only thrives when deployed in an environment that supports it. As companies accelerate their information governance transition, here are four important strategies that should continue.
Make the business case
Information governance strategy champions should always emphasize how they contribute to a company's wealth creation, such as these faster and more efficient tasks:
- Access to historical data
- Data analysis for business decisions
- Transactions, such as due diligence required by mergers, acquisitions and joint ventures
- Data transfers to take advantage of cloud-based service offerings
Note that none of these benefits include the traditional information governance selling points such as compliance or litigation cost reduction. Instead, they focus on how governed information enables companies to create new wealth.
Train, train, train
In the 20th century, records management relied on employees to do much of the classification and management of paper-based information. For that reason alone, employee training was important. Modern information governance emphasizes automated classification, automated access controls/security, cloud-based storage and big data analytics. Many executives mistakenly believe that these innovations reduce the need for training.
In the enthusiasm to embrace new technologies, companies neglect 20th century records management techniques that remain essential.
Information governance training remains essential. For employees that handle manual classification, they need to understand how classification schemes interact with data to know when to intervene and provide alternative treatments. They must know about legal obligations to preserve information not digitally stored in company systems. It's necessary for them to understand how new systems and technologies alter traditional notions of confidentiality and access.
Information governance also creates new training demands for senior executives, legal counsel and auditors. Senior executives should understand information governance's economic impact. Executives and legal counsel need to learn that comprehensive data logs influence how a company protects and defends its legal interests. Quite simply, the breadth and depth of log data that records actions down to individual keystrokes dramatically alters the approach to information governance-related legal proceedings. Training is essential to underscore how information governance controls have made computers superior witnesses, more reliable than any human being testifying under oath.
Identify and preserve the 'records'
In the 20th century, rules and regulations emphasized preservation of paper documents with specific content and commercial functions. Those documents still exist, but in electronic formats and with their content increasingly distributed across different databases and Web servers.
Careful design is required to assure that distributed content can still be preserved in a format that is just as good as the "real thing" for regulatory purposes. Regulators are not pleased with record components that are not preserved with the same level of integrity as original paper records.
At the same time, record preservation processes must be adapted to include log data and related systems metadata. Doing so gives a more complete sense of the record's provenance and history and provides regulators with more detailed data.
More on information governance strategy
Build 'digital trust' to make the most of data assets
Beware these info governance traps during BYOD management
Regulators are catching on that this additional data can help evaluate a specific record's integrity. For example, the U.S. Securities and Exchange Commission specifically requires broker-dealers in Rule 17a-4(f)(vi) to preserve ". . . all information necessary to access records and indexes stored on the electronic storage media; or place in escrow and keep current a copy of the physical and logical file format of the electronic storage media, the field format of all different information types written on the electronic storage media and the source code, together with the appropriate documentation and information necessary to access records and indexes."
Destruction, disposition of antiquated information
The low costs of digital storage, combined with decreasing cloud-based storage service costs, have led companies to keep business records of no value to the company's operations or legal requirements. In other words, storage is so cheap, why spend money to get rid of stuff?
A recent survey by the Compliance, Governance and Oversight Council reported that 75% of respondents said the greatest challenge leading to "massive amounts of legacy data" is the inability to know how to dispose of information in a legally defensible manner. Federal e-discovery rules provide a legally valid means to dispose of information. When data remains accessible, companies can incur significant costs trying to prove the antiquated data is not relevant to litigation or other legal inquiries.
The bottom line is to work with counsel and build a plan that allows data with no further value to be tossed out.
As companies continue to adapt their information governance strategy to the digital age, it's important to remember these proven data management techniques. Information and records management in the 21st century does not require reinventing the wheel, but instead building on tried and true processes to ensure effective governance of regulatory and legal data.
About the author:
Jeffrey Ritter is one of the nation's experts in the converging complexity of information management, e-discovery and the emergence of cloud-based services. He advises companies and governments on successful 21st-century strategies for managing digital information with legal and evidential value. He is currently developing and teaching courses on information governance at Johns Hopkins University's Whiting School of Engineering and Georgetown University Law. Learn more at www.jeffreyritter.com.