Records Management, Legal and IT: Can’t we all just get along?

In any organization, when the conversation turns toward electronically stored information (ESI), it almost always revolves around three core groups.  These individuals are the lucky few whose daily routines center on the management of that information and they include legal and/or compliance, records management and of course IT.   Despite the fact that they all, at some point, have responsibility for an important business function associated with this data, they are seldom on the same page.  This begs the question; how do we communicate and collaborate better to ensure we all get along when it comes to better information management and eDiscovery processes?

You may have already read Rick Wilson’s article Building a Collaborative eDiscovery Team.  If not, I definitely recommend checking it out.  The tips he provides are the basic cornerstones of building a collaborative eDiscovery team and come straight from our customer’s best practices.  I wanted to take a minute to reinforce the importance of his foundational message but also to see if we could expand the concept to improve communication and collaboration across the entire enterprise information management strategy.  Let’s start the discussion by looking at these groups of employees and their roles, responsibilities and the challenges they face for team collaboration.

Let’s start with records management or RIM, our data retention specialist.  Often, these individuals come from a background of managing paper records.  They sometimes aren’t familiar with the strategy for managing electronic data often because they weren’t involved, surprisingly enough, in the process for where it resides, how it got there and how best to access it when necessary.   Our IT team is more frequently involved but can be so involved they run into bandwidth issues.  They are focused on storage management, security, policy enforcement (hopefully), reporting and analytics, search and collection and trying to maintain a data inventory.  Likewise, legal has their core responsibility for lawsuits and litigation, internal investigations, legal holds and eDiscovery.  And if you have a compliance officer or team, they are involved with regulatory compliance, data leakage, internal policies and risk management.  As you can see, there are a lot of moving parts that overlap and don’t naturally integrate.  This is why communication and collaboration are so critical when it comes to the operational issues associated with ESI.

Over the past 14 years or more, we have been fortunate at Sherpa Software to work with many great individuals in each of these departments.  I will say that every organization is different and most have varying levels of integration within these teams.  On top of that, much of the landscape is shifting under their feet as ESI proliferates and as the emphasis on information governance continues to get traction.  You can start to see why there is a bit of disconnect when it comes to the data that is the backbone linking these individuals and groups together.  Why so many challenges?  Well think about it, these individuals have all the respective responsibilities I mentioned earlier, as well as their other diverse daily initiatives and responsive tasks that always arise.  On top of that you add preservation obligations, data destruction, departing employees, cyber security threats and updates, new technology, legacy repositories, data mapping and the list goes on and on.  So how do you deal with all these concerns and get these groups working together, with a corporate information governance program (CIGP).

Gartner defines IG as, “… the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.” Simply put, IG is a set of interdisciplinary policies and procedures used to regulate the electronic assets of an organization from creation to disposal. Think of it as the administration of the electronic information lifecycle.  The first step in creating a CIGP also happens to be the most critical in creating a collaborative environment amongst the teams we are discussing.

In order to be successful, an IG program should be viewed as an enterprise-wide initiative that is endorsed by senior management and supports the overall business objectives of the organization.  Since IG will ultimately touch every area of a business, it’s important to have an IG committee responsible for its implementation and ongoing management and auditing.  Rick Wilson, Sherpa Software’s VP of Strategy describes an ideal IG committee.  “IG committee members should represent a cross-section of the organization in order to bring diverse expertise and knowledge to the project. Typically, the committee will be represented by various departments that have direct knowledge of, and potential responsibility for, handling your organizations internal and external data requirements. This may also include regulatory requirements. Most IG committees have representation from the executive team, compliance, IT, HR, legal, records, and/or security. The IG committee members should know where the organization’s data is kept, what information needs stored, how long it should be stored, what information should be deleted, when it should be deleted and how information is accessed and moved within the organization. Treat your committee as a group of trusted advisors; they will have the knowledge to help you identify which areas of the business can benefit most from an information governance project, what the degree of difficulty will be to implement that initiative and how best to socialize the project within each segment of the business.”

Creating an IG strategy isn’t easy and neither is organizing a team of individuals this diverse across your organization.  But if you are able to build a consensus that information governance can successfully reduced risk while increasing the value of your electronic assets, you’ll be well on your way to integrating your teams and creating a collaborative environment in your organization.  An information governance committee, along with the overall strategy for handling electronic information that is inherently part of the IG process, will help records, legal and IT not only get along but prosper.

Leave a Reply

Your email address will not be published. Required fields are marked *