THE STATE OF INFORMATION GOVERNANCE IN CORPORATIONS

Similar documents
Breaking Down the Silos: A 21st Century Approach to Information Governance. May 2015

Achieving & Maintaining E-discovery Fitness

How the Information Governance Reference Model (IGRM) Complements ARMA International s Generally Accepted Recordkeeping Principles (GARP )

Information Governance. Prepared for

SAME PRINCIPLES APPLY, BUT NEW MANDATES FOR CHANGE

Become A Paperless Company In Less Than 90 Days

Information Governance 2.0 A DOCULABS WHITE PAPER

Real World Strategies for Migrating and Decommissioning Legacy Applications

Measuring the Impact of Volunteering

MOFAS Community Grants Program. Grantee Interview Report #1 (Phase 1)

Internal audit strategic planning Making internal audit s vision a reality during a period of rapid transformation

IT STARTS WITH CHANGE MANAGEMENT

WHITE PAPER CREATING A CUSTOMER-CENTRIC COMMUNICATIONS STRATEGY

6 Ways Social Collaboration Can Boost Employee Engagement

From Information Management to Information Governance: The New Paradigm

THE PATH PAPERLESS OFFICE

IT Governance In The Cloud: Building A Solution Using Salesforce.com

The Vital Asset for Today s Government

Waste or Win? The Case for Just-in-Time Marketing

Tactics v. Strategy: From Records & Information Management to Information Governance

Advice from Counsel: Best Practices on Controlling E-Discovery Costs

Records Management: Seven Best Practices for Staying Ahead of the Curve

Information Governance

Post-merger integration

Power your small business with cloud and mobile

Key Trends, Issues and Best Practices in Compliance 2014

Legal Services A Value-Based Approach to Strategic Sourcing

InfoGov: Not Just Another Pretty Buzzword

5 WAYS STRUCTURED ARCHIVING DELIVERS ENTERPRISE ADVANTAGE

Six Drivers For Cloud Business Growth Efficiency

13 Ways Your E-Discovery Manager Thinks You Can Reduce E-Discovery Spending

75% On the Record. Is Your Organization s Records Management Program Providing High Value or High Risk?

FFIEC Cybersecurity Assessment Tool

Building a Comprehensive Mobile Security Strategy

Building a Unique Total Rewards and HR System For A Unique Company At

archives: no longer fit for purpose?

Executive Summary of Mastering Business Growth & Change Made Easy

Information Security & the Business: Changing the Conversation

The AEC Professional s Guide to Outsourcing BIM Management

Citizen Engagement Platform

Ten Critical Steps. for Successful Project Portfolio Management. RG Perspective

Show your value, grow your business:

The modern marketer s guide to global content creation

DECISION MAKERS. Solving Internal Communication Struggles. Let s get Started

IBM Business Consulting Services. CRM done right. deeper. An IBM Institute for Business Value executive brief. ibm.com/bcs

Enabling Secure, Diverse Communications for B2B and B2C Organizations

The Purpose of PR 2016

The Marketer s Guide To Building Multi-Channel Campaigns

What sets breakthrough innovators apart PwC s Global Innovation Survey 2013: US Summary

Building HR Capabilities. Through the Employee Survey Process

FIVE STEPS TO MANAGE THE CUSTOMER JOURNEY FOR B2B SUCCESS. ebook

The State of SEO within Retail Ecommerce Research Report

Managing Your Career Tips and Tools for Self-Reflection

How to Build a Service Management Hub for Digital Service Innovation

Building a strategic talent management program

LMS Advisory Committee Recommendation

Fundamentals of Information Governance:

BUSINESS NETWORKING: A NECESSARY THIRD MILLENNIUM SKILL

structures stack up Tom McMullen

Information Governance in the Cloud

Agile Master Data Management A Better Approach than Trial and Error

JOB SEEKER S GUIDE TO CREATING A DAY PLAN

Successful Implementation of Enterprise-Wide Information Governance

Creating an effortless customer experience requires insider knowledge from three key stakeholders:

Business Process Management The Must Have Enterprise Solution for the New Century

Employer Brand Analytics

A Guide to Successfully Implementing the NIST Cybersecurity Framework. Jerry Beasley CISM and TraceSecurity Information Security Analyst

The Change Management Handbook

THE STATE OF SALES EXECUTION

How can Content Aware Identity and Access Management give me the control I need to confidently move my business forward?

MOVING THE MIDDLE. The Business Impact of Making Your Middle Sales Performers Better

CDW Video Conferencing Straw Poll Report

July New Entrants: Charting the Health Industry s Risk and Regulatory Landscape Where Risk Meets Opportunity

The Importance of Data Quality for Intelligent Data Analytics:

Drive Interactivity and Engagement in Your Webinars

Human Capital Advantage for Business What is the value of ADP ihcm for HR Directors?

Most community foundations operate a

Several recent surveys have shown that

Agile Master Data Management TM : Data Governance in Action. A whitepaper by First San Francisco Partners

Talent Management Leadership in Professional Services Firms

2016 Canadian Procurement Forecast

Prosci change management webinar

Successful Change Management Practices in the Public Sector. How governmental agencies implement organizational change management

FROM SERVICE TO SATISFACTION: WAYS MANUFACTURERS CAN ELEVATE THE CUSTOMER EXPERIENCE

State of Florida ELECTRONIC RECORDKEEPING STRATEGIC PLAN. January 2010 December 2012 DECEMBER 31, 2009

Test your talent How does your approach to talent strategy measure up?

The following is intended to outline our general product direction. It is intended for informational purposes only, and may not be incorporated into

Case Study. We are growing quickly, and Saba is key to that successful growth.

White paper. Integrated Marketing Management

STEP 5: Giving Feedback

Brochure HP Workflow Discovery for FSI

APPROACHES TO SPEND ANALYSIS AND SOURCING WITH IMMEDIATE ROI THAT NO ONE TOLD YOU ABOUT, UNTIL NOW

Sydney office Firm Profile. Sydney NSW Telephone: (02) Facsimile: (02)

Picture yourself in a meeting. Suppose there are a dozen people

Federation and a CMDB

ALIGNING DATA SCIENCE MAKING ORGANIZATIONAL STRUCTURE WORK

The Stacks Approach. Why It s Time to Start Thinking About Enterprise Technology in Stacks

The Transformation of Tax Something Big is Happening Here

How NAS Can Increase Reliability, Uptime & Data Loss Protection: An IT Executive s Story

Process Optimization - Automation The First Step

Transcription:

THE STATE OF INFORMATION GOVERNANCE IN CORPORATIONS Advice from Counsel is Sponsored by: 2016 FTI Consulting Inc. Advice from Counsel: The State of Information Governance in Corporations 1/16

INTRODUCTION HOW DO YOU DEFINE INFORMATION GOVERNANCE ( IG )? Is it a holistic policy document outlining an organization s approach to managing enterprise data? Is it a series of discrete projects that implement best practices in data security or storage optimization? Is it both of these, incorporating policy and tactical execution? Many organizations struggle with the definition of information governance for a variety of reasons. Some lack executive support for IG, while others feel hampered from executing on small, tactical projects due to their legal or regulatory profile. Yet some organizations have implemented IG projects and realized tangible benefits and real return on investment. For this Advice from Counsel study, we set out to better understand the health and success of information governance programs within corporations. In late 2015, we interviewed 25 in-house lawyers under conditions of anonymity. Most of these lawyers are from Fortune 1000 corporations and have responsibilities that include some aspects of e-discovery and information governance. As always, we ve anonymized the quotes and feedback and are grateful for the input from the Advice from Counsel community. We asked a wide range of questions to better understand how corporations are approaching information governance, key challenges, areas of success, and some of the basic mechanics they ve adopted to develop and implement their program. The results clearly show that with a few exceptions, most organizations are in the early stages of information governance adoption. Yet these executives have strong advice on how best to begin and implement an IG initiative. From these results, organizations can better understand how their peers are successfully keeping an eye on the big picture while executing quick wins that help build momentum for broader IG initiatives. 2/16 Advice from Counsel: The State of Information Governance in Corporations 2016 FTI Consulting Inc.

Top Area of Focus When asked whether their organization had an information governance program, 76 percent of corporate respondents said yes. While there was a great deal of overlap in answers, respondents listed more than 30 areas of focus for their program. These areas span teams and needs, well-summarized by the Information Governance Reference Model ( IGRM ) graphic below. To give you a sense of the diverse answers, we ve pulled out quotes and organized them by practice area and mission. Information Governance Reference Model (IGRM) Linking duty + value to information asset = efficient, effective management BUSINESS PRIVACY & SECURITY The company has historically had retail stores and then launched a completely separate retail website. It is now merging the two and integrating all of its information to create a single unified system. It is trying to get an omni-channel view on all of its business. Data analytics LEGAL Organizing data to manage litigation costs. Implementing an effective legal hold solution. LEGAL Risk DUTY Hold, Discover RIM Risk UNIFIED GOVERNANCE BUSINESS Profit POLICY INTEGRATION P VALUE Create, Use Retain Archive Dispose PROCESS TRANSPARENCY ASSET Store, Secure CY PRIVACY & SECURITY Risk IT Efficiency cy Ensuring that non-public information is not released outside of the company. Identifying which information needs the most protection and should not be on the network. IT Data accuracy and consistency in reporting from legacy systems. Optimization of resources, including staff and technology, to get better management data and understand the information environment. RIM Discarding paper and physical records that have exceeded their retention period. Implementing records retention schedules globally in all operating companies, including those they acquire. Duty: Legal obligation for specific information Value: Utility or business purpose of specific information Asset: Specific container of information Information Governance Reference Model / 2012 / v3.0 / edrm.net 2016 FTI Consulting Inc. Advice from Counsel: The State of Information Governance in Corporations 3/16

TOP AREA OF FOCUS Data Security Emerges as the Top Driver for Information Governance While respondents shared areas of concern across the IGRM spectrum, data security was the #1 recurring theme across responses. This encompassed a number of different initiatives, and respondents talked about data security in four key areas: Securing sensitive personally identifiable information for clients, patients and employees. Across all industries, respondents acknowledged a sense of responsibility for protecting the sensitive information of their customers and employees. Securing sensitive company intellectual property. Creating a tiered security network to protect against security breaches. Developing protocols and systems to ensure secure access to the network for partners and other approved third parties. The parsing of data security into four discrete buckets can help organizations undertake a large challenge: Protecting the organization s data from internal and external threats and channeling that information into initiatives that are smaller, more focused and easier to accomplish. Protecting customers credit card information, for example, may require different technology and processes than authenticating the identity of employees trying to access the company s crown jewels of intellectual property. 4/16 Advice from Counsel: The State of Information Governance in Corporations 2016 FTI Consulting Inc.

Top IG Challenges Respondents identified common roadblocks in developing and implementing an information governance program. They can be grouped into four key areas: Different Work Styles and New Technology Nearly a third of the survey respondents said that the main challenge was that employees are working and collaborating in new ways that are enabled by the proliferation of cloud-based applications. One respondent stated, With the additional collaborative tools and mobile devices, access and egress points for data, and lack of employee awareness to sensitive information, it is becoming more complicated to control who has access to certain types of data and how we are sharing that information and with whom. Some respondents focused on employee conduct and a need to develop processes and training that would help prevent employees from making poor information management decisions. Another commented on how the new technology produces a level of disorganized complexity that does not follow a logical or natural taxonomy. This can lead beyond the realm of the business, and employees then develop business records that the legal team is unfamiliar with and unable to easily locate. Where to Begin? Nearly a quarter of all respondents said that with information governance, the initial challenge often is deciding where to begin. Organizational structure was mentioned several times as a barrier because various parts of the company 2016 FTI Consulting Inc. Advice from Counsel: The State of Information Governance in Corporations 5/16

own different elements of information governance. As one respondent said, I have a perspective only from the legal view. It is hard to imagine all of the things we are supposed to imagine when we try to develop this. Others said it was daunting to prioritize when so many areas need attention. According to one respondent, If the scope of the project is too huge, it can almost fall under the weight of itself. Data, Data, Data Twenty-five percent of respondents cited technology, both old and new, as a major roadblock to implementing IG. On the old side, legacy data may still be relevant but hard to store and retrieve. As one respondent said, It is a challenge to adapt to 21st century systems from the 20th century world. Today, for example, we are dealing with litigation related to claims on life insurance policies that were written 50 years ago. For others, it s simply a matter of keeping up with increasing volumes across a global organization. One respondent said, There are so many software systems and so many needs for information stored in so many different places and ways. The challenge is always coming up with something cohesive. At the same time, organizations are trying to manage rapidly evolving data ecosystems that span personal computers, mobile devices, social media and a myriad of cloud-based collaboration tools. According to one respondent, 6/16 Advice from Counsel: The State of Information Governance in Corporations 2016 FTI Consulting Inc.

Information is not created in a pre-planned way, and with technology, new forms of information are organically being developed all the time. This produces a level of disorganized complexity that does not follow a logical or natural taxonomy. Respondents also expressed frustration about the headache posed by BYOD (bring your own device) work environments and especially social media. One respondent said, Social media creates confusion about how the social media companies are maintaining information. As a result, it causes confusion at the corporations. Sometimes I think that those social media companies don t have a clue about what they are doing with their information. For example, Snapchat does not always delete information even though it says it does. Resources Finding the appropriate IG resources was a key challenge for 25 percent of respondents. For some, it was a matter of mere numbers and having enough people to do what needs to get done. Many worried about how IG is an initiative that should include collaboration across teams within various functions, from information technology ( IT ) and records management to legal and the lines of business. The fact that different parts of the company own different elements of information governance, combined with bureaucracy and a failure to receive buy-in from key stakeholders, can hinder an IG initiative from the start. 2016 FTI Consulting Inc. Advice from Counsel: The State of Information Governance in Corporations 7/16

The Mechanics When asked for specifics on staffing, costs and other details, respondents gave a wide range of answers, reinforcing the varying degrees of maturation across organizations. STAFF Do you have in-house staff dedicated solely to information governance? For companies with resources solely dedicated to IG, the average number of staff is four. It should be noted that the majority of companies said they have at least one in-house person handling information governance, but this individual typically spans a few other areas, particularly IT, records management, e-discovery, and risk and compliance. 56% No 44% Yes DEPARTMENTS INVOLVED Which departments are involved in your information governance program? Please select all that apply. 45% 55% 73% 95% 95% IT Legal Compliance Line of Business Leadership Information Security Records Management Beyond these top groups, respondents also mentioned involvement from finance, human resources, operations and even the board of directors. 8/16 Advice from Counsel: The State of Information Governance in Corporations 2016 FTI Consulting Inc.

Records Management 5% Information Security Which department is leading your information governance program? Please select one. 18% IT 13% 23% Compliance 44% Legal Can you quantify how much you spend on information governance per year? As respondents noted, this is an intricate calculation to make across teams and geographies. For those who were able to give an amount, the numbers spanned from $200,000 up to as high as $20 million per year. 72% No 28% Yes Can you quantify any savings as a result of information governance policies or practices? 12% Yes Interestingly, respondents made it clear in their comments that they believe their company has realized benefits, including cost savings, but that it was hard for them to quantify. Several cited the dispersed nature of the initiative as a major roadblock for calculating savings but indicated that establishing a return on investment is a goal for the program in future years. 88% No 2016 FTI Consulting Inc. Advice from Counsel: The State of Information Governance in Corporations 9/16

Areas of Success Can you quantify any additional tangible benefits from your information governance program? While many participants described their IG programs as nascent, with broad policies still in the works, most were able to see benefits from some focused, tactical IG initiatives. The top four benefits provided by respondents are: 24% No 76% Yes 1 Reduced storage costs. As one respondent stated, If you are able to maintain good document destruction practices, you will be saving on office space and storage costs, both on-site and off-site. 2 Improved e-discovery processes, including legal holds, information retrieval and fewer documents sent to outside counsel for review. Multiple respondents made comments about experiencing more efficiency. One respondent said, We have greater efficiency in legal operations due to being able to find information more easily. 10/16 Advice from Counsel: The State of Information Governance in Corporations 2016 FTI Consulting Inc.

3 Lower risk of a security breach. Several individuals spoke of reducing the dataset to proactively protect against a breach. According to one respondent, The reputational savings are not quantifiable because you cannot measure the reputational costs of doing it wrong. As a result, that would be a savings. We are getting it right so that our reputation is not tarnished. 4 Improved internal awareness of data security and information governance goals. A common refrain was, Employees now understand what is involved in information governance and the nature of their responsibilities. In addition to the above four benefits, respondents provided a few additional comments that should be noted: The ability to execute contracts more consistently is a great benefit. Streamlined communication is a real benefit. Decluttering information projects and making the data cleaner [is a benefit]. For a large company, making sure everyone is relying on the same data source is critical. 2016 FTI Consulting Inc. Advice from Counsel: The State of Information Governance in Corporations 11/16

Advice from Counsel In total, information governance still is a relatively new initiative, and, while it poses a number of challenges spanning technology, processes and culture it is providing early adopters with some key advantages. For those just beginning to develop their own IG program, the Advice from Counsel community offers the following tips: Secure executive buy-in. A program of this kind takes time and money so you need someone at the top level of management who gets it. Develop cross-functional teams. To avoid duplication and wasted time or money, You need to get everyone talking with one another about what they are doing and what needs to get done. Secure your sensitive data. Invest in people who know how to protect data and how to use it effectively. Generating data is not very good unless you are ready to use it and can protect it. Don t forget about data privacy regulations. Beware of all the international data privacy regulations and their amendments. You must understand that transferring data across borders is a very sensitive issue even when the company has operations abroad. Get outside help. For those in highly regulated industries, this was a recurring theme: Work with professionals. Hire outside counsel and others who have been there before. Make sure they understand your business to ensure that what advice they give you is not off the shelf but suited to your situation Each company s facts and circumstances are different so take the time to work with someone who knows your business. 12/16 Advice from Counsel: The State of Information Governance in Corporations 2016 FTI Consulting Inc.

Think about your end user. Give people tools so they are not taking shortcuts that bypass your protocols. Make it easy to access information so people are not enticed to make poor judgments about protection of information, whereby you could have a breach. Don t let perfect be the enemy of good. Several respondents discussed the importance of simplicity and basics: Keep it as simple as you can. Base your program on business requirements as much as possible. Another added, Developing a complete map of what you have and where it is can be extremely time-consuming. We have incrementally become more aware of information that isn t governed as much as we thought because it exists in siloes around the company. We didn t realize that at the outset. I view e-discovery as finding answers to targeted/narrow questions my obligation as in-house counsel is to focus on specific content. On the other hand, information governance leaders are looking at e-discovery from a big picture standpoint. They answer the broad questions. Working together, we try to draw some conclusions. 2016 FTI Consulting Inc. Advice from Counsel: The State of Information Governance in Corporations 13/16

Appendix Ari Kaplan Advisors personally interviewed 25 in-house lawyers with responsibilities that include some aspects of e-discovery and information governance. Most participants are from Fortune 1000 corporations, and all spoke by telephone, under condition of anonymity, during October 2015. Of this year s participants, 84 percent develop and implement e-discovery tools and vendors; 76 percent select or implement information governance tools and vendors; 72 percent manage e-discovery software and service providers; 52 percent manage information governance software and service providers; 76 percent develop and implement e-discovery processes; and 96 percent develop and implement information governance processes. Forty-four percent of participating organizations had total annual revenues of $10 billion or greater, and 60 percent had 10,000 or more employees. In terms of litigation events over the past 12 months, 36 percent reported managing 100 to 499 litigation events, and 16 percent reported managing 500 or more litigation events. By industry: 36% Financial Services including banking and credit institutions, as well as insurance companies 24% Energy & Utilities 4% Transportation 4% Real Estate 4% Media 8% Retail 16% Manufacturing 4% Education 14/16 Advice from Counsel: The State of Information Governance in Corporations 2016 FTI Consulting Inc.

2014 revenues: Number of employees: Below $1 Billion 20% 24% Between $5 Billion and $9.9 Billion 12% 1 000 to 4 999 44% $10 Billion or Greater 500 to 999 8% 8% 20% 5 000 to 9 999 4% Fewer than 500 Employees 60% 10,000 or More Between $1 Billion and $4.9 Billion Number of litigation events in the past 12 months: 1 000 or More 4% Between 500 and 999 4% Unknown 12% 36% Between 100 and 499 44% Fewer than 100 2016 FTI Consulting Inc. Advice from Counsel: The State of Information Governance in Corporations 15/16

About Advice from Counsel Through in-person events, virtual meetings, webcasts, surveys and reports, Advice from Counsel helps e-discovery leaders share ideas and advice with peers in an open and collaborative forum. Begun in 2008 as an annual survey and report on top e-discovery trends, Advice from Counsel has evolved into an interactive community of e-discovery professionals working to strengthen the people, process and technology at the core of e-discovery. Advice from Counsel is sponsored by FTI Technology. 16/16 Advice from Counsel: The State of Information Governance in Corporations 2016 FTI Consulting Inc.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information