Blogs

I was recently discussing with a friend the steps to implement an information governance program.  Unfortunately creating an information governance program is not a cut and dry formulaic process.  Information governance is not just about records, but it is about information and the relationship between information and ROI.  ROI is a double-edged sword, with one edge being maximizing Return on Investment and the other edge being reducing the Risk of Indictment.

Information can be an organization’s most valuable asset and one of its deadliest.  For this reason, it must be managed with the same diligence that an organization treats its technology and finances.  Because of this, the advice that I gave to my friend is that the first task in starting an information governance program is to assess two areas 1)Where can value be gained from information and 2)What information management areas are posing a risk in an instance of e-discovery or litigation.

Gaining value from information is more than just making sure people in your organization can find records in a timely manner.  This is a broad concept with so many different possibilities, such as forms management and performing OCR on forms, using digitial signature to reduce the number of documents needed to be printed and the effect on approval time, and using cloud technology to save on storage cost.  The best means to know what return on investment you can get on information for your organization is to know how organization flows within your organization and what bottlenecks there may be, gaps in information processing and usage and who is using what information in case there is overlap in information collection and use. 

Information may be cheap to store, but if it is mismanaged it can cause financial headaches down the road due to litigation costs and e-discovery.  Reducing the risk involved with information involves being proactive with governance and not just reacting to legal holds and e-discovery.  This is one of those crucial areas where the scope of your information governance needs to go past records management.  If a record is destroyed, but that information is still documented in an attachment on someone’s e-mail or floating around somewhere in your organization then that is still eligible for discovery.  Risk management in information governance means looking at e-mail management, social media policies and BYOD policies since these are all areas information can reside that has potential to harm your organization in court.