Forum magazine for legal professionals spoke with Jason R. Baron, of counsel to Drinker Biddle’s Information Governance and eDiscovery Practice and co-chair of the Information Governance Initiative, about the future of information governance and the key roles played by legal professionals.
DAVID CURLE: Tell us about the Information Governance Initiative (IGI) and its mission.
JASON R. BARON: The IGI is a vendor-neutral consortium and think tank. Barclay Blair and Bennett Borden founded the IGI with the belief that we should have a smart conversation involving both corporations and the public sector about Information Governance, and about how information can be better managed.
We’re living in a world of exponential data growth, with data doubling every year. Organizations of every size face challenges on how to manage that information. We face a range of issues: security, privacy, litigation, compliance, record keeping, access. Then there are all sorts of new tools and techniques, including analytics, that can be used to manage and understand information increasingly in the form of Big Data.
So Information Governance is an umbrella term that unifies the conversation – and at the IGI we wish to advance the practice of IG, be a clearinghouse and a platform for products and services that can help organizations manage their information, and, in part, to help make a market out of IG.
The main focus of the IGI for 2015 has been to support the notion of a Chief Information Governance Officer (CIGO). We had a summit around that theme in Chicago in May, and the results of our second IGI annual benchmarking survey also evidence growing support for the concept. Our view is that, given the complexity of the field, Information Governance in organizations needs more than an ad hoc structure; it needs an IG champion. Whether or not that person has a business card with the title Chief Information Governance Officer, something like that role will be a value to organizations. At the summit we had about 60 people in the room with titles on their business cards saying “global head of information governance” or something similar – they were de facto CIGOs. That was kind of neat! And we will also be publishing a CIGO playbook which summarizes the discussions we had at the summit.
CURLE: What’s the main driver of IG? Is it risk avoidance, or is there a revenue-enhancing side of it?
BARON: I’m glad you asked. Our definition of information governance (there are many) is “the activities and technologies that organizations employ to maximize the value of their information while minimizing associated risks and costs.”
Those of us who have labored in the e-discovery trenches have spent a lot of time trying to scare executives into putting their information management and governance house in order. That’s been successful only in a very spotty way. For litigation-heavy organizations, that hits home. But some companies practice what I call a “black swan” philosophy – which is that while they may believe there is a disaster out there waiting to happen, it will happen somewhere else, and they’ll take the risk.
This isn’t to say that risk equations aren’t important – we of course shouldn’t forget about the downsides of fines or publicity related to breaches or failures. But the flip side is that we really do believe that information can be repurposed within an organization. It can be transformative for an organization to understand what it knows, and there is an ROI for doing a better job at understanding what data is held inside an organization. If you do a better job at analytics you have visibility into the data. Everyone is starting to see the value of analytics on the consumer side in understanding the client or customer base. Now we can achieve more analytics on the data created by a company’s own employees.
CURLE: How do legal professionals fit in with all this? What’s the role of the in-house legal general counsel, and what, if any, is the role for outside counsel?
BARON: There is an important role for outside counsel to come in and provide validation of best practices. Assuming they have expertise in analytics, Big Data, record keeping, information management, etc., I believe in outside counsel coming in to evaluate, validate, and test long-held assumptions.
With regard to in-house counsel – those departments are growing for a variety of reasons. One reason is that corporations are beefing up for purposes of compliance and litigation. In-house counsel are expected to be competent in all aspects of the technology platforms that the company runs on.
I think the days are gone when lawyers were siloed, and were essentially passive entities that sat at their desks and waited for problems with legal implications to be presented to them. That may have been how it was done in the past, but in my experience that’s not how it’s working today.
The best practices now are to include lawyers early in tag teams, swat teams and leadership councils. Lawyers will be talking to people in business units to lend expertise about what’s needed to fulfill compliance requirements. This is especially important in the cloud environment. Far too often a CIO might push hard for a large deployment to the cloud, but may not be asking all of the right questions. There are obvious policy issues to resolve beyond simply migrating data, such as how the data will be accessed for e-discovery purposes; issues around privacy, public use and how the data will be preserved, monitored, archived and locked down.
I have seen this in the government sector, where the Obama administration has pushed to get many public systems into the cloud, without agencies acting to bake in measures to comply with the various regulatory requirements of many different federal laws, including regarding record-keeping acts. In the private sector as well, there are pressure points to do the right thing in terms of compliance with a wide variety of laws and regulations. For example, in the SEC/FINRA world, there are very serious and detailed requirements putting constraints on how data is to be archived and monitored.
Lawyers add value. They are trained to spot issues in the specific legal environment, and they shouldn’t be siloed any more – they should be active participants from day one, as active participants in procurement matters, and in any matters that involve strategic thinking about data being preserved by a corporation.
CURLE: What are some of the concrete steps that legal professionals can take to move IG forward in their organizations?
BARON: First, you need to understand you do have a problem, that there is ROI to be gained.
Second is to put together a structure, with an IG council and a champion.
Third, you need to just get started, with some practical projects that can be tackled.
The easiest starting points are simply updating policies about information retention and the like, or designing and implementing a corporate IG policy. Those are quick and easy wins. Next, you could discuss defensible deletion policies; defining what constitutes the information life cycle; implementing a legal hold tracking system, putting in place data loss prevention measures; or executing a Big Data analytics project. These are all practical things that one can do. There are other types of IG-related matters, for example, just figuring out what platforms and processes to rationalize, such as by implementing scanning and eliminating paper.
With any aspect of the business that deals with networks and repositories, there should be a conversation – don’t just rely on CIOs, but bring in others to see what efficiencies can be found.