Exterro's Legal GRC Breakdown

Get your daily dose of news, best practices, and technology from Exterro's e-discovery, privacy, and digital forensics experts here.


Live Blogging at Georgetown's Advanced E-Discovery Institute: Information Governance

Created on December 6, 2012

Date/Time: 2:15 - 2:45pm (EST), Thursday, December 6, 2012
Participants: Moderator -- Jonathan M. Redgrave; Panelists -- Jason R. Baron, Tanya L. Forsheit, Sarina Lozano, Scott Whipps
Session Description: Information Governance

Information governance, when competently managed, can greatly streamline e-discovery processes. This panel discussion addressed the business aspects of information governance, presented a model for lawyers in information governance and described the contributions lawyers can make to improve their organization's capabilities to preserve and manage electronically stored information as evidence.


The first step of information governance is developing an information retention policy that includes requirements addressing security protocols, cloud issues (redundancy of data, etc.).

Organizations need to know who is driving enforcement of the  information governance policy (CIO, records management, legal, compliance, administration, etc.).

Information Governance must encompass several different areas:

  • Records
  • E-Discovery
  • Data Privacy
  • Data Security
  • Legacy Data

It helps to have a committee in place to help decide which parts of info governance to tackle first.

Over retention and over compliance creates as much or more risk and cost than under retention and under compliance.

Defensible disposal is usually the biggest benefit of information governance because it help to make fining data quicker and less costly (less data to search and better categorization).

To get executive buy in, organizations must be able to quantify the risks involved to show that it's a worthy investment. For instance, one panelist surmised that every data security breach results in $194 in costs to the organization per record breached, which takes into account legal costs, pr costs, etc.

The C-Level suite doesn't necessarily know that information is a big issue. It is important to educate executives about the dangers associated with so much data.

Questions to consider when establishing an information governance program:

  • Do I know where my information is stored?
  • Do I know for how long I can access the information?
  • How long will the information will accessible?
  • How do I identify and protect personal information from unauthorized disclosure -now and in the future?
  • How do I know what I need to delete?
  • How do I know what I can delete?
  • Can I assure compliance with statutes and regulatory matters?
E-Discovery Beat's Key Takeaway

With so much data being created on a year over year basis, organizations can no longer afford to treat e-discovery and information governance as two separate entities. Forward thinking companies are assessing their e-discovery and regulatory requirements and establishing information governance policies that support those processes. It's a huge mistake for organizations to ignore the data they are creating. Instead, the goal should be to evaluate each data source, assess the benefits and risks of each one and govern each source accordingly. Emerging predictive technologies represent an exciting information governance advancement because they allow users to quickly go through large volumes of data and categorize it proactively.