Published on Jan 21, 2019 It is easy to mistake the term Information Governance as some newfangled business-speak for combining the business functions of Legal & Regulatory Compliance with Records & Information Management (“RIM” or “RM”). Or maybe it’s combining RIM and Legal? Or maybe it’s IT, RIM, Compliance and Legal — including eDiscovery?
Information Governance includes all those elements, and so much more.
Defining Information Governance
So what is Information Governance (a/k/a “InfoGov” or “IG”)?
The Sedona Conference Working Group 1 (WG1)[1] defines Information Governance as “an organization’s coordinated, inter-disciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value.”[2]
Similarly, the Information Governance Initiative (“IGI”)[3] defines Information Governance as “the activities and technologies that people employ to maximize the value of their information while minimizing associated risks and costs.”[4]
These two leading definitions[5] confirm that Information Governance consists of the following four components:
At its essence, Information Governance is about taking a holistic view of information as being both a potential liability and a potential asset. Organizations that do so then establish systems for dealing with the resulting issues, be it a “coordinated, cross-disciplinary approach” or a series of “activities and technologies.”
Why Information Governance?
Many enterprises face competing and often conflicting demands from a wide variety of stakeholders over the same information.
For example, within most enterprises, there are numerous stakeholders who have an obligation to reduce or to mitigate the risks and costs of retaining information. From their general standpoint, every piece of paper and every byte of data should be tightly regimented and then destroyed at the earliest possible moment.
In contrast, there are other stakeholders who recognize the potential value in information and who have an obligation to extract as much value as possible from that data. They perceive that data should be readily available 24/7/365 for an infinite duration.
As discussed below, a well-designed and implemented InfoGov program can bring together stakeholders from across the enterprise for the common purpose of establishing and executing a unified approach to governing information that addresses and balances all concerns. But the challenge of bringing together and harmonizing the myriad of viewpoints can be significant.
The larger the enterprise, the greater the number and diversity of stakeholders who are impacted by choices made on how information should be governed. This is reflected in the following graphic published by the IGI based on a survey taken of InfoGov professionals. Respondents listed over 20 other “facets” (i.e., stakeholder groups) with interests that need to be represented in the formation and operation of an InfoGov program.
Building an Information Governance Program
An entire book can be written covering the complexities and variations attendant to forming and then running an integrated InfoGov program. But the following are some common elements that can be found in successful programs:
Bottom Line
More companies are finding success at building out an InfoGov program. However, as the saying goes, “Rome was not built in a day,” and building a full-fledged InfoGov program may not be in the works for every organization. That should not dissuade enterprises that wish to begin decreasing risks or obtaining value from their information. An InfoGov program can start small, with simple projects designed to manage immediate information risks while considering the usage of data by the business. Common examples include establishing a data map or inventory (sometimes referred to as “file analysis”), clearing out redundant, outdated or trivial (“R.O.T.”) data from enterprise systems, updating the enterprise records retention schedule or file plan, or building a discovery playbook. Starting small is often the best way to address these issues and surely better than waiting out the ever-increasing challenge of “too much data.”
[1] The Sedona Conference is a 501(c)(3) non-profit “think-tank,” and the mission of Working Group 1 is “to develop principles, guidance and best practice recommendations for information governance and electronic discovery in the context of litigation, dispute resolution and investigations.” For more information on The Sedona Conference and The Sedona Conference Working Group Series, please see www.thesedonaconference.org. For purposes of disclosure, the author is an active member of Sedona WG1, WG6 and WG11, and previously served on the Steering Committee of WG1.
[2] The Sedona Conference Commentary on Information Governance, Second Edition (Public Comment Version – October 2018), The Sedona Conference, available at: https://thesedonaconference.org/publication/Commentary_on_Information_Governance (Reg. Req.).
[3] The Information Governance Initiative is a think tank and community dedicated to advancing the adoption of Information Governance (IG) practices and technologies through research, events, advocacy and peer-to-peer networking. See more at www.iginitiative.com.
[4] IGI State of the Industry Report, Volume III (May 2018), Information Governance Initiative, available at https://iginitiative.com/resources/the-state-of-information-governance-report-volume-iii/“.
[5] Note: ARMA International, originally known as “Association of Records Managers and Administrators,” provides an alternative definition of information governance as “a strategic, cross-disciplinary framework composed of standards, processes, roles, and metrics that hold organizations and individuals accountable for the proper handling of information assets.” While ARMA’s definition does recognize that information is an asset, it does not incorporate the offsetting business demands of managing costs and risks while extracting value from those assets.
