Published on Feb 22, 2016 Not far from my hometown of Mountain View, California, the annual Titans of Mavericks surfing competition took place last week. Outside of Waimea Bay, Mavericks is perhaps the most thrilling professional surf competition in the world. Competitors attempted to catch enormous waves, all while trying to avoid being thrashed on the rocky beach, drowned in frigid waters, and eaten by Great White Sharks.
As I caught the competition’s highlights from my current home along the Wasatch Front, it struck me how the challenges facing the surfers at Mavericks were analogous to those confronting organizations that are trying to catch the Information Governance (IG) wave. Like Mavericks, there are any number of treacherous difficulties – including growing data stockpiles, technological traps, and rogue employees – that can overwhelm organizations before they can ride the IG wave. They are not, however, insurmountable. Enterprises can surf the IG wave by addressing these difficulties one issue at a time.
This notion was the dominant theme at the Legal Tech conference that took place in New York earlier this month. There were any number of sessions that covered the data and technological based problems companies must now handle and the role that IG can play in this regard. One IG session – Information Governance in the Age of Proportionality – that was particularly instructive on the issues featured four United States magistrate judges: Judge James Francis, Judge Elizabeth Laporte, Judge Frank Maas, and Judge Andrew Peck.
While judges may not work with internal stakeholders in legal and IT to address governance problems, they regularly observe the effectiveness of IG programs in the reactive, downstream environment of litigation. With the benefit of that perspective, the instant panel of judges offered key insights into how organizations can better tailor their proactive, upstream IG programs.
With respect to information retention, the judges observed generally that organizations could implement reasonable policies to reduce massive troves of data. The new emphasis on proportionality in the context of both preservation and production, together with the recent changes to Federal Rule of Civil Procedure 37(e), suggest that a proactive approach toward data remediation should be acceptable in reactive litigation. The judges did caution against adopting overly aggressive data culling programs based on notions of proportionality. Remediation programs designed to get the client “battle ready” for litigation under the guise of proportionality would likely be met with skepticism and court sanctions.
One of the more difficult challenges to a successful IG program in 2016 is the phenomenon of shadow IT. This trend typically involves employees who use personal cloud applications, smartphones, and other mobile devices in connection with their work duties and unbeknownst to the company. Given the data security, litigation readiness, and cybersecurity challenges that shadow IT poses, the judges reflected on the importance of designing actionable policies to address unsanctioned use of personal clouds and smartphones.
While use policies and employee education efforts are important first steps, the judges reasoned that they would likely be ineffective – particularly in stemming data security and cybersecurity issues – without corresponding enforcement measures. For many organizations, such a step might be difficult since it generally requires allocation of funds for personnel and technology to monitor and block improper usage of clouds and smartphones. Despite budget challenges, the judges explained that the failure to enforce or arbitrary enforcement of those policies would likely do a company greater harm in litigation than having no policy at all.
Despite the obvious difficulties with implementation, the overall consensus among the judges was that organizations generally derive great benefit from having an IG program. From reduced data stores and better litigation preparedness to decreased cybersecurity and information security risks, enterprises that ride the IG wave can eliminate certain problems, mitigate the harm from others, and better realize the value of their information.
