There’s nothing quite like a global shift to remote and hybrid work to highlight gaps and inefficiencies in an organization’s information governance (IG) strategies.
In the last 5 years, there has been an explosion of data sources across organizations — from team collaboration platforms (Slack, MS Teams, etc.) and video conferencing tools (Zoom, Google Meet, Cisco Webex), to mobile messaging apps, company websites, and social media accounts.
The Problem of Information Governance for Unruly New Data Sources
These new technologies are overflowing with important, unstructured and unruly data that needs to be managed and protected. However, most organizations are struggling to develop strong information governance strategies to successfully manage this data and reduce risk.
Many legal and compliance teams may not be aware of what data sources exist in their organization, what information is being collected, and where it is being stored. And even when they do manage to track down a data source, they find that accessing, searching, exporting, and producing this data is rarely straightforward.
Slack is a great example of this disconnect. Slack messages are scattered across public channels, private channels, and direct conversations. How are legal and compliance teams supposed to find, collect, export, and produce data from this platform?
The usual tools and strategies for information governance — the ones that work for PDFs and emails — don’t work for these modern data sources like Slack, WhatsApp, and Zoom.
The State of Information Governance Revealed
The ESI Risk Management & Litigation Readiness Report is based on a survey of 200+ in-house legal professionals about how they are navigating the challenges of managing these complex data sources. (Download the report here.)
Respondent demographics from the 2024 ESI Risk Management & Litigation Readiness Report.
The results reveal important quantitative insights into the widespread immaturity of corporate information governance programs, as well as the extent to which legal departments are prepared for the eDiscovery processes involved in potential litigation.
Data retention abilities by data source from the 2024 ESI Risk Management & Litigation Readiness Report.
Turns out, most organizations don’t have mature data retention and preservation policies.
Fewer than half of respondents report their organization having a mature (i.e., enterprise-wide and consistently enforced) data retention policy for any data source (30-45%, depending on the data source).
Lack of information governance policies and procedures is the most common barrier (53%) cited by respondents as impacting mature data retention and preservation processes. Lack of cooperation between departments is a close second (52%), and lack of technology also plays a role (36%).
Reported barriers to achieving more mature retention and preservation processes from the 2024 ESI Risk Management & Litigation Readiness Report.
5 Steps to Improving Information Governance
We also asked respondents a few open-ended questions:
- What information governance improvements are most important to you right now?
- What is one piece of advice you would give to organizations looking to streamline and improve their data preservation strategies?
Here we've summarized their insightful answers into 5 simple steps to improve information governance in your organization:
1. Act Quickly and Be Proactive
Regardless of your current level of information governance maturity, our respondents agreed that it’s important to address any issues before they escalate. Many of our respondents mentioned the importance of resisting the temptation to simply ignore info governance challenges until a large-scale event forces you to deal with it.
“Do it before you MUST do it.”
“Don’t wait until a disaster happens to organize data. It is very resource intensive to have to extract all relevant data from all sources in the organization when the time comes.”
“Start early before you have a lot of data, and build consideration of searching and data retention into every new technological tool that is brought into the company.”
“Start yesterday and have a good document retention policy in place that is followed by the company.”
2. Create a Data Map (Data Inventory)
As the number of data sources within an organization proliferates, data mapping becomes absolutely crucial. A data map (sometimes also called a data inventory) is simply a single source of truth, with relevant metadata, that provides instant insight into all sources of data a company has, what information these sources collect, where this data is stored, and what ultimately happens to it.
With data hidden across so many applications and platforms, a data map is one of the best solutions for keeping track of all the information a company generates.
“At a minimum, data inventory is important because knowing what data your business collects leads to improved efficiency and increased accountability for everyone in the organization. The results from data inventory can also lead to better overall reporting, decision-making and operational performance optimization,” says Steve Boston, Director of Information Technology Services at consulting firm GBQ. “Without an accurate inventory, it is far more challenging to assess any underlying risk, which can further make it difficult to identify the controls that your organization needs to protect your valuable information assets.”
3. Refine Your Records Retention Policy
As data sources and volumes increase, it’s important to consider what the implications of your organization’s records retention policies are.
One survey respondent emphasized the importance of “implementing a consistent and adequate records retention policy and ensuring that it is communicated effectively throughout the business.”
At the same time, however, it’s also important to realize that a retention policy that works well for one department and one data source won’t necessarily suit the needs of another department. So teams need to find a way to create some form of consistency within the organization, while also addressing the specific challenges of each data source.
“Don’t make policies so complicated that they cannot be followed. Better to have a limited policy that is followed than a massive, ambitious policy that everybody ignores,” advised one respondent. “Get ahead of the curve. Centralize and look to cloud-based solutions,” said another.
Another challenge that was highlighted in the report was ensuring relevant custodians are following document retention policies and not just saving everything. As data sources increase in number and complexity, there is an understandable tendency to simply retain everything in an attempt to reduce the risk of losing crucial data.
But this approach simply kicks the can down the road and creates immense challenges for legal and compliance teams who need to sift through all this data in order to find relevant records.
4. Reduce Reliance on IT
The IT department has a lot to take care of at the best of times, so when organizations shift to remote or hybrid work, it’s virtually guaranteed they are going to be overwhelmed with support tickets. Because of this, it’s imperative that companies put solutions in place that allow records managers, legal teams, and compliance professionals to find and export data without the help of IT.
For example, instead of relying on IT to produce Slack data relevant to a legal matter, organizations can make use of a solution like Pagefreezer for Slack, which empowers users to easily access data on their own through an intuitive dashboard.
Of course, it’s unrealistic to think that IT will never be involved, which is why it’s also important to cultivate relationships and work closely with IT professionals.
“Develop a close relationship with IT and ensure that they understand eDiscovery needs.”
“Find a trusted IT representative who is willing and able to spend time to educate the legal team.”
“Understand and be involved with IT regarding your data systems architecture.”
“Work closely with IT and information security teams and have a data mapping of key data repositories.”
5. Get Buy-In from the Top
As is often the case, it’s hard to get the support and budget necessary to bring about real change if there’s little buy-in from the leadership team. But how do you get buy-in from the top?
Several of our respondents suggested making use of a case study or specific example that illustrates the value of good information governance.
“Get C-suite support, and use examples (e.g. expensive or complicated discovery issues and risk-avoidance issues),” advised one respondent. “Educate senior executives on importance and ramifications for not identifying and implementing effective measures,” said another.
The Value of Investing in Improving Information Governance
The fact of the matter is that the value of investment in IG is clearer than ever.
In an era of increased litigation and a greater focus on data privacy, the compliance risks and eDiscovery costs of ineffective information governance is simply too great to ignore. And as our report shows, in the majority of organizations there are plenty of opportunities to reduce cost and improve inefficiencies—especially when it comes to new data sources.
The ESI Risk Management & Litigation Readiness Report is free and available for download. Simply click the link below to get access to more insights and see how your info gov practices measure up to your peers.
