By Nick Inglis
I’m still elated to see the return to in-person events – there is so much to share now that we’re getting back together. Earlier this month, I returned to the stage at Legalweek to share ideas with the brilliant Linn Freedman (Chair, Privacy & Cybersecurity at Robinson + Cole; Adjunct Professor, Brown University & Roger Williams Law School).
Our discussion noted that as new privacy and security regulations come to the fore at the same time as an increase in cybersecurity and privacy incidents, it combines complexity with risk, creating fear among information professionals.
As fear increases, all information disciplines want a more generous connection to (and frankly, the greater liability coverage provided by) legal departments. Now, this fear response is overwhelming legal professionals. So, it makes sense that a new layer is growing in the enterprise: Information Governance or coordinated information strategy.
This new layer of strategy isn’t the same as the strategic direction provided by CIOs or CTOs (or even CISOs or CSOs), who often are focused on software and systems. These are professionals looking at the contents of the software and systems: the information. These strategic professionals focused on information are now leveraging modern tools and technology to protect and increase the value of information assets.
Information Governance professionals exist to move our work out of information silos like document management, ECM, and knowledge management. We need our information to be working collaboratively, so we must shift our work outside of our vacuums (we talked at Legalweek about how feathers and bowling balls dropped at the same rate inside a vacuum chamber).
The connection between legal and information governance is vital right now. With new privacy and information security requirements emerging every day(congratulations, Utah!), we need to understand all legal ramifications to inform our Information Governance decisions.
Information Governance and intelligent information management are essential – but these efforts are most successful when connected to the company through corporate governance. I use this graphic in my latest book to explain how information governance fits within organizations.
I could have made the arrows connected to the diamond “support provided” bi-directional, but I love how this works.
Everyone has some type of Information Governance
One of the significant points that Linn and I wanted to drive through to attendees was that everyone has Information Governance. That seems counterintuitive to some folks, but every decision you make about your organizational information is your Information Governance.
Information Governance can happen organically and haphazardly, putting your organization at risk, or you can plan information governance and understand your risk profile. Either way, you’ve got Information Governance – “yours just might not be that good.”
Flipping the Funnel in eDiscovery
One of the concepts I talk about in Advancing from eDiscovery to preDiscovery is “Relevance First” approaches to eDiscovery. During our preparations for Legalweek, Linn and I stumbled on many process commonalities in many of our investigative disciplines: audits; DSARs; FOIA, FOIP, ATIP, and other ‘Sunshine’ laws; investigations, incident response, AML/KYC processes, and more.
In those disciplines, they start by looking for relevance.
These processes stand in stark difference to eDiscovery. eDiscovery starts collecting and hoarding information to cull through to get to relevance. Both Linn and I shared our thoughts on how we believe eDiscovery must move more in line with other investigatory disciplines as shown in the below graphic.
Expertise & Building Bridges
We must become better at understanding the expertise that the various information disciplines bring to our organizations. Further, still, each practitioner brings a unique set of skills. Unlocking those skills within and building bridges between our various information-related disciplines will be our path to overall success.
No one discipline can lead this charge. We highlighted a trend that both Linn and I have noted: Information Governance is more frequently becoming a non-legal team operating within a legal department. Information Governance can be led outside of legal but must be deeply informed by legal. That’s how we build IG success.
Building IG Success with Tools in Hand
Information Governance was born at the intersection of technology and information management. Unfortunately, many disciplines along the technology and information management axis have narrow mandates and a limited organizational reach. However, when Information Governance connects to and through legal, it rides alongside a broad organizational mandate and can have considerable organizational reach as shown in this next graphic.
This strategy is successful when you enact it with the right toolset – a broad set of tools that will help you achieve a connected Information Governance program in your organization. In most situations, those needs match up quite nicely with the toolset that IPRO.
So, I end this piece in the same manner that we finished our session at this year’s Legalweek:
“Go build bridges.”