For an information governance plan to be effective, it needs to be complete. The content that your organization generates, the purpose that content serves, where it's stored, and who needs to access and modify it are all important considerations, and the more comprehensively you can answer these questions, the better your results will be.
With a plan, an information lifecycle model, a team, and discovery at the outset, you will be able to define an adequate plan and process. Determine what each function of your business needs from content management, how they manage and collaborate on content, and build from there.
Start with Legal
While information governance requires a multidisciplinary approach, your legal team is often in the best position to define content that is subject to a myriad of record retention laws or needs consideration for litigation holds. Here are four main areas in which legal counsel can contribute their expertise:
- Keeping audits and litigation in mind: Legal counsel should assist all company functions in understanding what to write and what not to write. For example, records addressing a quality issue should be factual, and not include words that suggest liability, such as “defect,” “liable” or “guilty,” nor should they contain subjective judgment words like “dangerous,” “risky” or “unsafe.”
- Providing an accurate assessment of company documents: Because legal counsel is cross-functional, it is in a prime position to inventory records across the company and help determine where and how records should be retained to facilitate a reasonable turnaround if the data is requested.
- Outlining the proper retention of key records: This involves legal requirements and takes into consideration the duration of the statutes of limitations. Records must be retained long enough to substantiate claims or defenses in audits or litigation.
- Defining a defensible disposition process: There is a cost associated with the retention of electronic data that is redundant, obsolete and trivial, so-called ROT, as well as outdated key records. It has been estimated that the cost to retain just one GB of data ranges from $2 to $20 per year. Storing 1 TB costs between $2,000 and $20,000 annually.
Bringing in IT
In a study from Veritas, the majority of IT executives said their organization is either in the process of implementing an information governance program, or planning on doing so. This study categorized each respondent organization as either "high performing" or "low performing," based upon the results of their program.
Not surprisingly, those that scored as "high performing" had information governance programs that included more of their departments in the process, including IT. By nature of this inclusion, they also included more of the organization's data, including email and content on file shares.
Even a medium-sized company, with 400 to 500 employees, needs to store approximately 30 to 40 TB of data. While the IT staff might argue that storage is cheap and may be getting even cheaper, the amount of data to be stored is still growing at a staggering rate. A study by the Pew Research Center found that the volume of organizational data doubles every 1.2 years. Other studies have estimated that data past its retention period, or is otherwise redundant, obsolete, or trivial (ROT), accounts for 50-70 percent of the data the average organization stores.
Essentially, most companies are paying to store large amounts of data they could (and should) actually delete. A one-time deletion of 25 percent of an organization’s data could result in savings of $30,000 to $150,000 over five years for a medium-sized company. In addition to reducing storage costs, decreasing the volume of outdated records and data can mitigate legal risk and the costs associated with ediscovery during litigation.
A study by the Minnesota Journal of Law, Science and Technology noted that ediscovery costs range from $5,000 to $30,000 per gigabyte. By properly disposing of data before a legal hold occurs, a company can reduce its review and production costs and, potentially, avoid having to explain misleading and/or poorly written documents during litigation or audits.
Implementation from a business perspective
An important quote from our own Mike Alsup from his recent CMSwire article on transparent systems helps to frame this post:
Legal, HR and Business Departments will collectively decide what content needs to be governed from a privacy, access and retention perspective and will transparently enforce these rules at a content/tag level. Containers and templates will automatically (and transparently) apply governance policy.
Keep in mind that, as we move forward, ECM solutions are no longer simply IT solutions. These systems and the processes around them affect the entire business. As we have mentioned in previous blog posts, it is crucial to define and gather stakeholders, lay out the broad requirements, and determine the priorities.
The tried and true people, process, and technology trifecta has become a solid foundation on which to build the base of the information governance program within your organization.