Information Governance Challenges in the Life Sciences, and Financial Services Industries

While many of the high-level principles of Information Governance (IG) and the technologies supporting their implementation are almost universally applicable, each industry sector presents different challenges – one-size solution does not fit all. For example, unregulated privately held technology start-ups that are experiencing rapid growth may not have any retention / destruction policies in place; they will expand their IT storage until they crash into a big event, such as litigation, an IPO, or a merger. At that point they might require a top to bottom reconstruction – akin to an emergency room visit after a car crash. Other organizations already function within the constraints of a regulatory regime such as life sciences or financial services. Especially in publicly traded companies, regulated industries are further along the continuum in almost all of the metrics associated with IG principles such as: existence of a RIM program; adoption of a retention schedule; legal hold procedures; and protection of sensitive information. Unlike the emergency room metaphor above, the relative maturity of IG initiatives in these organizations requires more of a performance coach than an emergency room doctor to improve their well-being. Organizations also differ greatly in the need for dispersal of their information …

Read more

Legally Defensible Data Remediation

A document retention policy is in reality a document destruction policy.  Therefore, a key reason for an organization to adopt a document retention policy is to establish a program for the deletion/destruction of information that is not required for business, regulatory and other needs.  This reality is made necessary by the fact that digital information is growing at an unprecedented rate and that much of it is contained in “unstructured” storage such as email, SharePoint and shared network drives.  Data hoarding not only increases direct information technology costs but it presents other substantial risks and costs to an organization ranging from discovery of “smoking gun” documents during investigation, litigation or audit; to reputational damage from information security breaches (hacking). Document retention/destruction policies have long been recognized as a good business practice.  Inherent in the practice is the notion that information has a life cycle and that there are valid reasons to protect that information from competitors, thieves, snoops and even government investigators.  In the context of an appeal of an obstruction of justice conviction against Arthur Andersen LLP, this practice was blessed by the U.S. Supreme Court.  Chief Justice William Rehnquist delivered the opinion of the Court: ‘Document Retention Policies,’ …

Read more

Legal Hold 101 – Data Retention and Destruction

Every gambler knows That the secret to survivin’ Is knowin’ what to throw away And knowin’ what to keep ‘Cause every hand’s a winner And every hand’s a loser And the best that you can hope for is to die In your sleep The Gambler lyrics © Sony/ATV Music Publishing LLC Some of the more frequent questions asked of eDiscovery attorneys when teaming with IT professionals on archiving and other retention policy projects, relate to the timing, scope and especially the release of legal holds.  Misconceptions about “Legal Hold” abound, many of them (unfortunately) coming from litigation attorneys stuck in the paper document past or those who do not understand data systems architecture.  One common source of over-broad Legal Hold retention is the misapprehension of the risk of severe judicial sanctions for the destruction (aka spoliation) of evidence.  Too many attorneys take what they consider to be the safe route and continue to advise enterprises to keep too much for too long.  As Kenny Rogers’ Grammy award-winning song reminds us, risk can cut both ways.  Not only does an overbroad legal hold increase the cost of maintenance and infrastructure, it increases the cost of legal review of held documents, and …

Read more

Information Governance – A Principled Framework

Gartner defines Information Governance as an accountability framework that includes the processes, roles, standards, and metrics that ensure the effective and efficient use of information in enabling an organization to reach its goals.  One of the core requirements of a legally defensible Information Governance program is a reasonable and consistently applied records & information management (RIM) system.  Accountability and defensibility hinge on the ability of an organization to govern its information in all formats and on all media, and to ensure or prove that it is compliant with all legal requirements. Building an information governance framework is by necessity a cross-disciplinary effort.  In a world where virtually all information is created in digital form, IT departments are commonly given the lead.  However, even the most advanced and elegant technical solutions must be guided by at least two other disciplines: legal, and records management.  Especially in the wake of hacking scandals like Sony Pictures, the importance of Information Governance is increasingly recognized as a board level and C-Level concern.  Information is an asset and a source of risk, it must be treated with great care. Information is an asset and a source of risk, it must be treated with great care. …

Read more

Cloudy Laws I – Cloud Computing Security and Legal Challenges

Supercell clouds over Nebraska

Cloud computing presents innumerable opportunities and brings with it enormous security and legal challenges.  While there is no single accepted definition of the “cloud,” the National Institute of Standards and Technology created a reference model in 2011.  NIST defined cloud computing by describing its five essential characteristics, three service models, and four deployment models. (NIST Special Publication 800-145): Cloud computing is a model for enabling convenient, on-demand network access to a shared pool of configurable computing resources (e.g., networks, servers, storage, applications, and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. Essential …

Read more

LocationGate – Where in the World Was Waldo?

Just look at his iPhone data Apparently I am not the only person troubled by the 2011 revelation that Google and Apple collect location data from smart phones.  Mike Elgan wrote a thoughtful piece for Computerworld. Who owns your location? – Computerworld The idea of tracking files existing on phones and on the computers used to synch data raises eDiscovery issues as well as obvious privacy and data security concerns.  Will employers be tempted to look at the data collected by company issued phones to see if their sales team or delivery drivers were on task?  Employers defending discrimination cases are …

Read more