- SOLUTIONS & SERVICES
Legal holds are by no means a new concept. However, with the ever expanding amount of data that businesses are producing, it is becoming a much bigger challenge.
In fact, organizations are having such difficulty with it that sanctions for the destruction of Electronically Stored Information (ESI) have increased by 271% since 2005. This data comes from a recent white paper from Code42 entitled "Protecting data in the age of employee churn".
An excerpt from this white paper states the case for legal hold software well.
Courts increasingly require that companies document the steps taken to prevent negligent or intentional destruction of evidence. Technology that automates and tracks legal holds:
Demonstrates the organization has an established process and enables identification, storage and maintenance of relevant data without increasing IT headcount.
Reduces risk and increases defensibility.
Guarantees that holds are issued in a timely fashion and contain all necessary information.
Enables data set selection.
But legal holds are only one piece to the larger information governance puzzle. Below we explore 10 questions to ask about your organization's information governance program.
Managing information thoroughly seems so logical, but it is one of the most commonly overlooked aspects of information governance or records management. Below are three primary approaches that organizations take:
A is an appealing approach because it is extremely flexible and can fit into nearly all future environments, systems and upgrades. Plus, it often is associated with higher user adoption because users continue with their current processes and retention/disposition is automated behind the scenes.
B often requires significant design, implementation and cost. Similarly, it often leaves information that resides outside the central repository unmanaged.
C is a similar approach to B, but it can potentially leverage current technology. Still, it has the shortcomings of requiring storage in specific locations and leaves other information unmanaged.
It is important to understand what is required in terms of moving information from one location to another. The migration process can consume extensive time, cost and risk.
Further, when a system is upgraded, some software vendors need to adjust the file plan accordingly so it can be applied to records.
Clearly, there needs to be a mechanism to place information on hold. However, once the initial hold is created, it is vital that the solution automatically adds newly created information to an existing hold(s).
An information governance program is only as good as the adoption rate. End user adoption is directly affected by system changes, cumbersome processes and confusing instructions. Fully understand the process end users will need to adopt. New technology and/or processes may be needed. Yet, the new technology should not drive the new process. The new technology should complement the process.
Increasingly important is the ability to govern access to sensitive information. Your IG program should be able to regulate access, identify locations, automatically protect and dispose of sensitive information appropriately.
Some records should be kept unchanged during their lifecycle. Understand if this functionality exists and if information needs to be moved to a specific location to accomplish this goal.
Obviously the information governance program has to fit into budgets. Take the time to understand the total cost. The total cost of ownership (TCO) could include software, hardware, third party systems, services (installation, configuration, assessments and migrations). When comparing multiple solutions, TCO can be tough to compare. Dig into the vendors for true and total cost of their information governance solution.
Don’t ignore your other systems when designing your information governance practice. Each of these systems is not only a potential location for redundant, obsolete and trivial information (ROT), they could also be the key to triggering the right actions to determine security, privacy or retention policies.
The time spent on designing, implementing and maintaining an information governance program is time away from other areas. With that in mind, fully understand how a new program impacts time commitment.
Time is money. Not only does the time commitment equal opportunity cost, it can equal actual hard, quantifiable dollars when being charged by a vendor. Know what to expect before committing to an overly complicated project.
Regulations may alter the way you want to track or execute records management and disposition. If called into question, the assurance of sound documentation outlining the retention/disposition process can be critical.