Information Governance Challenges in the Life Sciences, and Financial Services Industries

While many of the high-level principles of Information Governance (IG) and the technologies supporting their implementation are almost universally applicable, each industry sector presents different challenges – one-size solution does not fit all. For example, unregulated privately held technology start-ups that are experiencing rapid growth may not have any retention / destruction policies in place; they will expand their IT storage until they crash into a big event, such as litigation, an IPO, or a merger. At that point they might require a top to bottom reconstruction – akin to an emergency room visit after a car crash.

Other organizations already function within the constraints of a regulatory regime such as life sciences or financial services. Especially in publicly traded companies, regulated industries are further along the continuum in almost all of the metrics associated with IG principles such as: existence of a RIM program; adoption of a retention schedule; legal hold procedures; and protection of sensitive information. Unlike the emergency room metaphor above, the relative maturity of IG initiatives in these organizations requires more of a performance coach than an emergency room doctor to improve their well-being.

Organizations also differ greatly in the need for dispersal of their information assets. Most organizations have adopted IT systems to allow employees to work remotely for convenience and productivity. The adoption of Bring Your Own Device (BYOD / BYOT) policies is the logical extension of this trend. The pace and extent of this trend are unevenly distributed depending on industry. For example, Forrester Research published a 2012 report comparing the pace (intensity) of adoption of BYOD / BYOT with the need for mobility among various industries.[1] The report found that 64% of respondents considered BYOD / BYOT support to be a high or critical strategic priority over the next 12 months.

The life sciences industry was slightly below the mean for the pace of adoption but ranked the highest for the need for mobility. An example of the drivers at work might be where life sciences organizations equip the outside sales team with iPads to control the risk of off-label sales pitches in violation of FDA regulations. By contrast, the financial services industry was described as more of a “fortress” industry with similar adoption of BYOD / BYOT but much less mobility.

The adoption of BYOD / BYOT policies is only one example of how productivity and technological enhancements insidiously expand the quantity and types of information assets that an organization must manage. There is ample evidence that IG policies for electronic information assets are often afterthoughts to the adoption of new workflow technology. Even content and document management systems are implemented without automated procedures for eventual deletion of unneeded information.

The unabated and expanding growth of information assets presents challenges in all organizations, including sophisticated companies in the regulated life sciences and financial services industries. Business leaders must recognize that the solutions to these challenges are cross-disciplinary, requiring understanding and cooperation among technical, legal, records management, information security and line of business stakeholders.

LIFE SCIENCES IG CHALLENGES

According to a prominent 2014 benchmarking survey of information practices in the life sciences industry, effective IG is increasingly recognized as an imperative for corporate compliance and risk mitigation.[2]  Some of the most interesting findings and recommendations of the survey demonstrate that the life sciences industry, while further along than others, still needs significant improvement:

  • 76% report that over-retention of information occurs due to how legal holds are written or applied
  • Nearly 80% report that they would prefer a retention schedule with fewer categories (“bigger buckets”)
  • Only 41% have a comprehensive records & information (RIM) strategy in place
  • Only 7% report a mature use of metrics to guide records management program assessment
  • 55% report automated deletion of email, IM and other electronic communications
  • Only 6% report that content/document management solutions fully automate the deletion / destruction process
  • New media formats and data locations are largely neglected (e.g., BYOD/BYOT, social media, collaborative tools)
  • Only 13% report that cloud services solutions automate the deletion / destruction process (5% fully and 8% partially)

FINANCIAL SERVICE IG CHALLENGES

A companion survey of the financial services industry showed that while these highly regulated organizations have made substantial progress in managing information assets, many similar challenges remain:

  • Compared to 70% of all surveyed industry groups, 77% of financial services organizations report that over-retention of information occurs due to how legal holds are written or applied
  • 76% report that they would prefer a retention schedule with “bigger buckets” (from 25 to 249 retention categories)
  • Only 46% have a comprehensive records & information (RIM) strategy in place
  • A paltry 3% report a mature use of metrics to guide records management program assessment
  • Compared to 45% of all surveyed industry groups, 55% report automated deletion of email, IM and other electronic communications
  • Only 9% report that content/document management solutions fully automate the deletion / destruction process
  • New media formats and data locations are largely neglected (e.g., BYOD/BYOT, social media, collaborative tools), only 1% report fully automated deletion of social media content at the end of its information lifecycle
  • Only 15% report that cloud services solutions automate the deletion / destruction process (2% fully and 13% partially) [3]

These recent surveys of Information Governance practices demonstrate that the “data explosion” threatens to outpace the implementation of management and technical solutions. Information Governance principles and best practices should be applied as an integrated part of every technology solution, so that “day forward” retention solutions automate the deletion of data in a legally defensible manner – but subject to legal holds.

Ironically, over-retention of information due to legal holds is an ad hoc risk management strategy that needlessly increases costs and may create its own set of legal risks. Current technologies exist to defensibly implement, modify and release legal holds on electronically stored information (ESI). Sound policies and procedures together with electronic document retention schedules should be developed in conjunction with the implementation of such technologies. Both the life sciences and financial services industries lag in fully automating the deletion of records at the end of the information lifecycle. This is no longer a question of rocket science. The surveys emphasize that automated solutions are ready for prime time:

Content analytics tools have matured and are now accepted as a defensible and practical method for applying lifecycle controls to large volumes of eligible information. These tools enable organizations to classify information, separate high-value information and delete unneeded information, mitigating the cost and risk associated with over-retention.[4]

In addition, pending changes to the ESI discovery rules in the Federal Rules of Civil Procedure should provide greater certainty and reduce the likelihood of the imposition of severe sanctions in litigation. As with the 2006 FRCP changes, the changes at the federal level will guide the development of law in state courts. My recent white paper, The C-Level Guide to Covering Your Information Governance Assets, addresses these important changes and provides a practical and attainable approach to a complex set of challenges that can begin immediately.

[1] Connie Moore and Jamie Warner, Industry Contexts and Constraints Diversify Approaches to Bring-Your-Own- Technology (Cambridge, MA: Forrester Research, Inc., 2012)

[2] 2013 – 2014 Information Governance Benchmarking Survey for Life Sciences(Minneapolis, MN: Cohasset Associates, ARMA International, AIIM, 2014). (“Cohasset Life Sciences Survey”).

[3] 2013 – 2014 Information Governance Benchmarking Survey for Financial Services and Insurance (Minneapolis, MN: Cohasset Associates, ARMA International, AIIM, 2014). (“Cohasset Financial Services Survey”)

[4] See, e.g., Cohasset Financial Services Survey, Section 4.2.