The relationship between eDiscovery and Information Governance (IG) is one of shifting perspectives and is often defined differently by diverse experts. Are they two different words for the same thing, can they be used interchangeably and why does it matter?
One opinion seems to be that eDiscovery is based upon or synonymous with Information Governance, while another strong belief is that eDiscovery is, or should be, a subset of a full IG strategy. This distinction tends to be dependent on viewpoints – authors immersed in the world of eDiscovery tend to focus on that process as the mover and shaker of the connection. Stakeholders in other fields tend to take the view that eDiscovery should be a by-product of a stable IG system, not its core.
Dealing with organizations in all stages of IG deployment, it becomes clear that an eDiscovery focus is the reality for many organizations, while the other is the ideal that they strive to achieve. It can’t be ignored that eDiscovery is, as the Sedona Conference mentioned, – ‘the tail that wags the information management dog’. A recent blog post noted, “… for many organizations, critical policies and procedures are implemented as a reaction to the threat of litigation, rather than with an eye to furthering the goals of the business, agency or nonprofit that is tasked with creating them.” This view can also be seen with the EDRM reference model which includes IG as a component and a tieback because ‘no e-discovery process is fully completed – no matter at what stage it stops – until it has been looped back to IG’.
Good eDiscovery policy should include defensible deletion, litigation hold notices and good communication between stakeholders. This significantly reduces risk in the face of litigation. But if these eDiscovery steps are the only component of a corporate IG strategy, other problems can arise due to the lack of true data management processes. Suggested approaches from ARMA’s GARP, AIIM, Sherpa and others all stress the importance of an overall strategy to handle as Gartner states: “the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information…” Any organization approaching IG with a narrow view of policy may deploy eDiscovery plans to cover urgent requirements. However, if these strategies were put in place without accommodating overall business needs, the corporation will run the risk of missing warning signs of critical issues including:
- Non-compliance for many industry regulations
- Loss of critical information assets due to lack of oversight and policy
- Security failures including data breaches or introduction of malware
- Unmanaged content creation leading to bloated, redundant systems
- Legacy data with no support
- Lack of insight into corporate information assets
- Unofficial use of company resources
An effective eDiscovery policy place to start is to establish an IG framework. It helps avoid adverse judgment, fines, spoliation of data, stress, time and money. But it is only half of the picture. No matter what the perception, calling it tomato or tomahto, the true goal should be a complete and comprehensive strategy that covers all aspects of managing the information lifecycle.