There’s nothing quite like an unexpected year-long period of remote work to highlight gaps and inefficiencies in an organization’s information governance (IG) strategies. Thanks to the events of 2020, there was an explosion of data sources across most organizations—from team collaboration platforms (Slack, MS Teams, etc.) and video conferencing tools (Zoom, Google Meet, Cisco Webex), to mobile text messages, company websites, and social media accounts—and many companies recognized the fact that more mature IG strategies were needed to successfully manage this data and reduce risk.
In short, many legal and compliance teams quickly found that they weren’t sure what data sources existed, what information was being collected, and where it was all being stored. And even when they did manage to track down a data source, they found that accessing, searching, exporting, and producing this data was rarely easy.
For an example, just look at Slack conversations scattered across public channels, private channels, and direct conversations. How are legal and compliance teams supposed to find, collect, export, and produce data from this platform? The usual tools and strategies—the ones that work for PDFs and emails—don’t work for modern data sources like Slack, WhatsApp, and Zoom.
Collecting Online Data for eDiscovery & Litigation Readiness Report
With the above in mind, Pagefreezer partnered with the Association of Corporate Counsel (ACC) to create a report that examines how in-house legal teams are dealing with modern data sources.
The report, called the Collecting Online Data for eDiscovery & Litigation Readiness Report, surveyed 211 in-house counsels across 23 industries and 22 countries. The results are fascinating and reveal important quantitative insights into the current maturity level of IG programs, as well as the extent to which legal departments are prepared for the eDiscovery processes involved in potential litigation.
As part of the report we also asked respondents two open-ended questions:
- What discovery readiness and information governance improvements are most important to you right now?
- Based on your experience, what is one piece of advice you would give to other in-house legal professionals looking to streamline and improve their data preservation strategies?
Many of the responses were incredibly insightful and offered fantastic advice for those looking to improve their own information governance systems and processes. We’ve extracted five of the numerous suggestions below. To download the entire report, simply visit this page.
1. Act Quickly and Be Proactive
Regardless of your current level of IG maturity, it’s important to address any issues before they escalate. Many of our respondents mentioned the importance of resisting the temptation to simply ignore IG challenges until a large-scale event forces you to deal with it. Below are some of the responses we received:
- “Do it before you MUST do it.”
- “Do it now. You don’t know when that next discovery cycle is going to require your organization to be ready!”
- “Don’t wait until a disaster happens to organize data. It is very resource intensive to have to extract all relevant data from all sources in the organization when the time comes.”
- “Start early before you have a lot of data, and build consideration of searching and data retention into every new technological tool that is brought into the company.”
- “Start yesterday and have a good document retention policy in place that is followed by the company.”
2. Create a Data Map (Data Inventory)
As the number of data sources within an organization proliferates, data mapping becomes absolutely crucial. A data map (sometimes also called a data inventory) is simply a single source of truth—with relevant metadata—that provides instant insight into all sources of data a company has, what information these sources collect, where this data is stored, and what ultimately happens to it.
With data hiding across so many applications and platforms, a data map is one of the best solutions for keeping track of all the information a company generates. “At a minimum, data inventory is important because knowing what data your business collects leads to improved efficiency and increased accountability for everyone in the organization. The results from data inventory can also lead to better overall reporting, decision-making and operational performance optimization,” says Steve Boston, Director of Information Technology Services at consulting firm GBQ. “Without an accurate inventory, it is far more challenging to assess any underlying risk, which can further make it difficult to identify the controls that your organization needs to protect your valuable information assets.”
3. Refine Your Records Retention Policy
As data sources and volumes increase, it’s important to consider what the implications of your organization’s records retention policies are. One survey respondent emphasized the importance of “implementing a consistent and adequate records retention policy and ensuring that it is communicated effectively throughout the business.” At the same time, however, it’s also important to realize that a retention policy that works well for one department and one data source won’t necessarily suit the needs of another. So teams need to find a way to create some form of consistency within the organization, while also addressing the specific challenges of each data source. “Don’t make policies so complicated that they cannot be followed. Better to have a limited policy that is followed than a massive, ambitious policy that everybody ignores,” advised one responded. “Get ahead of the curve. Centralize and look to cloud-based solutions,” said another.
Another challenge that was highlighted in the report was “ensuring relevant custodians are following document retention policies and not just saving everything.” As data sources increase in number and complexity, there is an understandable tendency to simply retain everything in an attempt to reduce the risk of losing crucial data. But this approach simply kicks the can down the road and creates immense challenges for legal and compliance teams who need to sift through all this data in order to find relevant records.
4. Reduce Reliance on IT
The IT department has a lot to take care of at the best of times, so when an event like the COVID-19 pandemic takes place and everyone suddenly has to work remotely, it’s virtually guaranteed to be overwhelmed with support tickets. Because of this, it’s imperative that companies put solutions in place that allow records managers, legal teams, and compliance professionals to find and export data without the help of IT. For example, instead of relying on IT to produce Slack data relevant to a legal matter, organizations can make use of a solution like Pagefreezer for Slack, which empowers the departments mentioned above to easily access data on their own through an intuitive dashboard.
Of course, it’s unrealistic to think that IT will never be involved, which is why it’s also important to cultivate relationships and work closely with IT professionals. Below are some of the suggestions our respondents provided:
- “Develop a close relationship with IT and ensure that they understand eDiscovery needs.”
- “Find a trusted IT representative who is willing and able to spend the time to educate the legal team.”
- “Understand and be involved with IT regarding your data systems architecture.”
- “Work closely with IT and information security teams and have a data mapping of key data repositories.”
5. Get Buy-In from the Top
As is often the case, it’s hard to get the support and budget necessary to bring about real change if there’s little buy-in from the leadership team. But how do you get buy-in from the top?
Several of our respondents suggested making use of a case study or specific example that illustrates the value of good information governance. “Get C-suite support, and use examples (e.g. expensive or complicated discovery issues and risk-avoidance issues),” said one. “Educate senior executives on importance and ramifications for not identifying and implementing effective measures,” said another.
The fact of the matter is, the value of investment in IG is clearer than ever. In an era of increased litigation and a greater focus on data privacy, the compliance risks and eDiscovery costs of ineffective information governance is simply too great to ignore. And as our report shows, in the majority of organizations there are plenty of opportunities to reduce cost and improve inefficiencies—especially when it comes to new data sources.
Our entire report is free and available for download. Simply click the button below to get more insights, and to see how your IG practices compare to that of other organizations.