Without a comprehensive information governance framework, an organization is flying blind. A lack of coherent rules and guidelines for how to manage information within a company is a recipe for disaster should the firm become embroiled in litigation, an investigation, or a simple employment dispute. The absence of a framework also guarantees that an organization will be unable to fully take advantage of the information it has at its fingertips.
But just what is information governance? And how does one implement a framework in an already existing or new firm? Continue reading below to find out.
The American Health Information Management Association defines information governance as “an organization wide framework for managing information throughout its lifecycle and for supporting the organization’s strategy, operations, regulatory, legal, risk, and environmental requirements.”
Note the components of the definition. Information governance:
– is organization-wide
– involves information throughout its entire lifecycle
– supports the organization’s strategies and operations
– addresses the risks the organization faces
– satisfies the legal and regulatory burdens imposed by law on the organization
The image found above displays the information governance portion of the Electronic Discovery Reference Model diagram. You should note a few things about the diagram.
Speaking generally, your organization will face several balancing exercises when implementing an information governance framework. There are tensions between concepts like efficiency and security, and discoverability and privacy. You will need to resolve these tensions based on the likely needs and present and future risks faced by your firm.
When I was working as a litigator for a prosecution service that shall go unnamed, I got a first-hand view of antiquated information governance approaches.
In our roles as prosecutors, my colleagues and I were required to disclose all relevant information to defense counsel as soon as possible. This is a requirement imposed by Canadian criminal law. However, despite being required to disclose that information, different sections of government managed information using different, unconnected systems. Probations, Victim Services, Prosecutions, and Corrections all managed different systems containing valuable data about the defendant, the complainant, and the offense.
To make matters worse, discovery was handed over in the form of paper documents. These papers were, at best, an incomplete snapshot of some of the databases containing relevant information at a particular point in time. If that data were to change (say, for example, the complainant on an assault told Victim Services that the offense did not happen the way he initially claimed), defense counsel would not automatically be informed.
These policies were not, in my opinion, in line with the risks facing our organization. Improper or incomplete disclosure to defense counsel could result in the Canadian equivalent of a Brady violation and the judicial termination of prosecution. They also created risks for the defendant, who might not get access to information tending to support his innocence until very late in the prosecution, if at all.
Information governance requires end-to-end buy-in from all members and parts of your organization. A failure to properly plan, organize, and implement an optimal solution can put your firm and other stakeholders at risk. A properly implemented system, however, can pay dividends in the form of increased efficiency, organization, and profitability.