The Fog of Information Governance

Organizations want to leverage the value of their critical assets, preserve and possibly enhance the value of these assets for future use, and comply with the ever-expanding legal and regulatory obligations they have toward these assets. They want also to do this in times of financial constraints.

Despite the wide availability of content management and electronic discovery solutions, organizations continue to experience significant challenges when it comes to thegovernance of their information assets and records:

• The inconsistent application of retention policies invariably leads to over-retention of records and/or premature destruction of records—both of which lead to increased risks;
• The inability to meet electronic  discovery obligations may lead to expensive sanctions and reputational risks; and
• Leaks of private data can also lead to significant sanctions and reputational risks.

Corporate leaders are reminded of these challenges every time their organization faces a litigation, compliance audit or internal investigation; and every time a new market or industry event¹ leads to a new law or regulation, or to the tightening of existing ones.

The chief compliance officer of a major telecom company summed this up very nicely recently when he said that the way he measures his job performance is by how well he can identify, analyze and develop (month after month) strategies to mitigate the top 10 risks that prevent his CEO from sleeping.

What organizations need to do in order to mitigate these risks is not rocket science:

• Define governance policies that apply to corporate information;
• Publish the policies corporate-wide;
• Enforce the application of these policies throughout the organization;
• Implement powerful discovery tools;
• Report about the above activities; and
• Do the above in a systematic manner.

That’s easier said than done, because:

• The volume of information continues to grow at a frightening pace;
• The forms of information covered by governance requirements keep expanding—a little over a decade ago, organizations were mainly concerned about paper records, now it is ESI—electronically stored information... which includes potentially anything and everything²;
• Governance policies apply throughout the full lifecycle of information and cover retention and disposition, data privacy, electronic discovery, content storage lifecycle, metadata lifecycle, digital rights lifecycle, etc.; and
• Governance requirements continue to increase in complexity—variations due to jurisdiction add to the complexity.

The challenge of “information governance” is quite daunting indeed. The challenge is especially acute in large organizations due to the high volume of information, the scattering of this information in multiple geographies, multiple jurisdictions, multiple strategic repositories and multiple platforms.

The Urgency of Information Governance
The “information governance” challenge is urgent. The strategy of doing the minimum just to get by is becoming less and less effective at mitigating corporate risks. The current financial crisis will most likely yield more laws and more regulations; hence the “minimalist” strategy will become even less attractive in the future.

The evolution of electronic discovery rules has also contributed to this sense of urgency. The FRCP amendments of 2006 established the notion that all ESI is discoverable, provided it is reasonably accessible. Newer and newer technology will keep pushing the “reasonably accessible” threshold down, exposing more organizations who adopted the “minimalist” strategy.

This also means that organizations must now expand the scope of their governance efforts beyond physical and electronic documents. Structured information produced by high-volume corporate business application reports (for example, customer statements in a telco) must also be managed and made discoverable. So are the massive amounts of data records located inside the corporate data warehouses.

One can almost hear the cry: “Brace for impact!”

One more challenge organizations need to address is that their information governance program must be economical to implement and operate. A solution that requires all information to be content-indexed will be too expensive to operate at the enterprise level. The content index, which can occupy a 50% overhead on top of the content itself, must be stored on expensive tier 1 storage throughout the lifecycle of the information. This content index cannot be migrated to less costly storage.

Imagine a Fortune 500 corporation with multiple petabytes of information wanting to implement such a solution. With the loaded cost of managing just a terabyte of content on tier 1 storage nowadays exceeding the $50k/yr range³, the overall cost of this solution will be prohibitive (and it will make your storage vendor very happy).

Information governance policies MUST take into consideration the cost implications of the solutions on the infrastructure and operation.

Current Solutions
Organizations seeking solutions for their information governance problems are inundated with a barrage of products:

• Records management (RM) and enterprise content management (ECM);
• Electronic discovery solutions with advanced content search and analytics; and
• Legal case management.

These solutions work as advertised, mostly, but they deal with part of the problem only. Certain solutions are focused on particular aspects of the information governance challenge⁴ while others (namely records management) were designed for an older mission that has since then changed and evolved over time⁵. Some solutions rely almost exclusively on content search technology, making them difficult and expensive to scale.