This insight is courtesy of Katey Wood, Forensic Technologist at KPMG, a participant at the CIGO Summit held in Chicago, IL on May 20-21, 2015.
For technologists, it’s humbling to hear overwhelmingly that technology is not only not the silver bullet to better information governance. It is not nearly the most important part of information governance. In many cases it can be a limitation, as it is significantly limits the ability to impose new workflow onto existing processes.
There is not a clear end-to-end leader in this field from a technology standpoint. Many contribute significantly at a tactical level. Overall, given the heterogeneous nature of enterprise IT, it’s still “one size fits nobody.”
Many contribute significantly to identify and remediate data, for example EMC Kazeon, Nuix, IBM Stored IQ, Symantec, and a bevy of consultants. ECM systems from Open Text, EMC Documentum, ZyLAB, and increasingly “casual content management” through SharePoint, address records management. IBM Atlas and Exterro work to integrate the often siloed inter-departmental functions around legal hold, retention and deletion. E-discovery vendors of various functions have been moving steadily in-house as well, including Symantec Clearwell, Nuix, Relativity, ZyLAB, Recommind, Guidance Software, EMC SourceOne, HP Autonomy, Lexis-Nexis and Ipro.
Instead, the key, or potentially the lock, involves good old people and process.
The theme of the 2015 CIGO Summit was knowing the value to the enterprise, and elevating the position and initiative accordingly.
Once the executive buy in is achieved, once the line-of-business leaders are satisfied with assuming their roles (without catching the “hot potato” of operational execution), there is still the “keep or toss” decision. While the eDiscovery burden was an early indicator of the problem, it could well be global compliance and privacy that raises its profile, and it’s stakes.
Neuralytix managing director, Ben Woo advocated for the “keep everything” philosophy, while the broader legal/compliance contingent argued that data retention has risk attached. In other cases, we’ve seen enterprise general conusels (GCs) refuse to destroy data. When and if the need is recognized, they may also be unable to lift multiple overlapping legal holds within the enterprise. The most aggressive destruction guideline discussed at the CIGO Summit (outside of records for retention) was 27 days; however this was by far the exception.
With more global business, retention and destruction policy are no longer a ” nice to have.” The challenge is understanding and defining retention needs based on a panoply of factors. It cannot be done by creating mini “US outposts” around the world, as each country has its own regulations. Legal does not want the operational responsibility, nor does compliance. IT doesn’t have the ability to identify what should be retained and why. Yet they are all vital to execution.
The problem may even go deeper into the fundamental corporate structure, if internal “clients” are not charged back for usage of storage. With no sting attached, there may be no incentive to adopt.
The answer, as the CIGO Summit exposed, is to establish that Information Governance is not “somebody else’s problem” but a major internal priority, by elevating it and its leaders accordingly.
We joke that information management is the first step in the electronic discovery reference model because, as in a twelve step program, you must first admit you have a problem. But this ignores the rocky road ahead for anyone undertaking the organizational transformation necessary. Perhaps the most important takeaway from the CIGO Summit is that the first step to realizing true information governance may be giving it a voice, an ear, and some teeth.