Information Governance: Managing Digital Debris
The ever-increasing growth of data content combined with complex legal and regulatory obligations makes information governance a critical business issue for organizations. In fact, nearly 70% of data generated by a company has no legal or business value, according to a report published by Electronic Discovery Reference Model (EDRM), an organization dedicated to improving the electronic discovery process. To help organizations determine how to dispose of digital debris, EDRM has developed an Information Governance Reference Model (IGRM).
Defining and Identifying Digital Debris. Before implementing data-governance policies, organizations need to understand what data needs to be kept and what data has no legal or business value. The default method of keeping all data forever may ensure that an organization has all data required by various regulations. However, this method is expensive and unwieldy, particularly as data continues to proliferate at stunning rates. For example, the same email can typically be found in multiple places, such as on email servers, local and networked archives, on smartphones, in the cloud, and on disaster recovery tapes and drives. Other files—such as temporary work files duplicated in multiple locations, data stored on outdated technology and litigation copies—can slow system performance, increase litigation costs, and increase the risk of loss, theft, or breach of sensitive information.
The Information Governance Reference Model. The IGRM was developed to help organizations define an effective information governance strategy. At its core, the IGRM links the legal obligations and business utility of specific data to the stakeholders who create, consume, and manage that data. IGRM recognizes that information management should not be relegated only to IT teams. All creators and consumers of information in an organization must work together. To effectively implement IGRM and create a defensible data-disposal program, an organization must have effective leadership responsible for information governance, must implement policies and processes that link information to relevant stakeholders and must provide stakeholders with the technology and tools to implement the organization’s information governance policies and procedures.
Implementing the Information Governance Reference Model. A critical step in implementing an effective IGRM is assessing an organization’s existing information governance process. This assessment will help an organization identify weaknesses in its existing data management strategies. Based on the organization’s assessment, the responsibilities of information management can be divided among three key groups: business users; legal, risk, and regulatory departments; and IT organizations.
Designing and implementing an effective information governance program can result in a significant payoff by reducing an organization’s risks and costs relating to the storage and management of data.