One Governance Structure to Rule Them All

Do companies have different governance or oversight committees for the different parts of the Electronic Discovery Reference Model (the EDRM)? The obvious answer is yes: most companies do not look at the EDRM as a continuum for managing records and information throughout its lifecycle, but rather as a series of different and distinct functions within a company. This perspective creates a problem that results in organizations having two (or more) different governance committees: one for the Records and Information Management (RIM) Program and one for e-discovery functions. These two committees are managed differently and their areas of oversight are limited to subsections of the continuum of information management, causing overlapping or contradictory decision-making.

Companies do not need two governance committees. They need one committee with a broader view of the information issues that span the entire spectrum of an organization’s electronic document and records management infrastructure. Each EDRM stage depends on the accuracy and efficiency of the prior stage. The first stage of the EDRM is “Information Management.” It is here, at the beginning, that we find companies often have the most neglect. When companies neglect to create and follow accurate and compliant processes at this first phase, there is a snowball effect that affects every other stage in the EDRM that is dependent on information management being completed well and done right. Successfully moving through e-discovery stages depends on information being well-managed and employees being compliant with the rules, controls, and requirements of the company’s RIM Program. This is often not the case. Even though 75% of the respondents to the 2009 Electronic Records Management Survey by Cohasset Associates have included electronic records and information on the records retention schedule, most RIM Programs remain ignored, underfunded, absent from e-discovery efforts, and/or lack strategic direction. Because of the lack of support or strategy, many RIM Programs do not address important operational risks that impact organizations, and thus, increase the risks associated with e-discovery.

These risks are significant. If a company puts little-to-no value on managing its information assets during normal, routine business operations—at the front end of the EDRM—then employees often lack the training to know what is expected of them or how to properly manage the information asset. Without an emphasis put on the “Information Management” stage of the EDRM, employees will not know what is expected of them, they will not be held accountable for complying with those requirements and they will most likely keep more information than is needed, generating an “infoglut” of paper and electronic information that will be sitting on company systems when e-discovery starts. What was the governance committee doing up to this point to prevent this problem from occurring?

Most information-management-governance committees do not see the urgency in developing, approving, or applying the requirements that would minimize this risk. RIM is seen as one more thing to do, but not as important as the mission of the company that produces income. The problem with this attitude is reflected directly when e-discovery starts: the costs are staggering. How could such high costs be prevented? By seeing the forest through the trees! Looking at the whole EDRM picture and putting equal value on the front end—preventatively managing and reducing the volume of information before e-discovery begins—as well as the middle and end stages of the EDRM.

The committee that governs e-discovery should be the same one that governs the first stage of the EDRM, Information Management. The committee must take a broad look at the organization as a whole and determine what can be done to better manage records and information during operations, before discovery starts. Risks and increased costs result from lack of attention to the operational side of managing information. Rules are not created or enforced and often employees are not even trained on how to comply. Records and information are then left unmanaged and sit on servers or in storage facilities when those records and information should have followed routine disposition. The governance committee’s understanding of the impact of infoglut should foster a sense of urgency to comply with the records requirements and controls put into place by a good Records and Information Management Program. Risks can be proactively managed and drastically reduce cost. The emphasis should be in preventing infoglut in the first place. Technological systems or applications should not be creating records and information without the ability to remove and/or delete obsolete information. Data that should have been deleted in compliance with a records retention schedule, but was not because the company did not make it a priority, can and will be collected, processed, analyzed and reviewed and all for a significant price.

Companies should require compliance at the beginning stage of the EDRM under the leadership and oversight of a single committee to save costs. Companies should make it a priority. A single governance committee should take a broad view of the organization, understand the challenges of e-discovery in the context of its operations, and be able to create a strategy for proactively managing information from the beginning of its lifecycle, through to the end.

Helen Streck serves as records management consultant in Shook, Hardy & Bacon’s Tort Section.  Her expertise in records and information management has its foundation in real-world experiences forged from a career in the business that spans over 25 years.  She has consulted on all aspects of records and information management, including the development and implementation of litigation hold protocols, electronic discovery response plans, and data privacy initiatives.