Who's NOW In Charge of Information?
Jay Leib is nothing if not pragmatic. He jumped in: "The very implication of e-discovery and investigation means it's a downstream, reactive scenario. That's what the industry has been catching up to: an event happened, now we need tools. But the general counsel's office doesn't have any budget! They are a cost center. The GC office doesn't have the money to spend on the necessary tools. So they are required to partner with IT to pay for it," he explained.
"What the more sophisticated companies are realizing is that they're spending money through the nose on reactive scenarios. They know they have to get out in front of these e-discoveries and investigations, and they are now considering it a business issue," insists Jay.
"That stems from a variety of reasons: the amount of data, first. Then the retention policies, the applications we use and the freedom we allow employees. So how do we include in-house counsel, outside counsel, IT and business to have a risk profile that makes sense?" he asked somewhat rhetorically. "Well, it can take many forms: You can have internal review that takes into account everything from the email down to the review system, or you can outsource everything and focus on selling widgets. The new difference is that they're now looking upstream, and trying to figure out how to reduce costs. How do we get this legal and litigation spend lower?" said Jay. The answer, I think, seems to be bring it in-house, and use automation tools to cover the difference.
Who's In Charge of Costs?
I asked about the cost-avoidance issue: To what degree are companies avoiding/underplaying information governance in response to current economic conditions? Or, is it the other way around...are your customers seeking out information governance as a cost-saving measure?
"IT has been wanting to get more involved and add more value for years," added Tim. "But legal would push back and say, ‘You just do the collection; we'll take care of the rest.' And the way they did that was to outsource it. IT would say, ‘Wait we can do more. Just give us the chance!' What's happening now is that IT is proving that they CAN do more, and that legal is sitting there with tons of egg on their face because of the costs. IT can now say, ‘Remember those guys you were spending $30 million for no value? Watch me press this one button and do the same thing.' IT has become such a powerful player as a result that it is really difficult for legal to say ‘Just be quiet.'"
Jay wanted in: "IT has become MUCH more business savvy. And much more strategic. They're connecting the dots between different groups. They are the connection between strategic groups, information governance groups, compliance officers, regulatory concerns... that is absolutely what has changed. It is no longer about throwing more horsepower and renting rack space..." It's not just the plumbing anymore.
Is information governance something that can be taught as an employee policy? Or, because of its importance and potential risk, something that needs to be imposed as a system or technology effort? Or is it a combination?
"Governance and information management has largely been a failure," said Jay, somewhat surprisingly. But he had a point. "90% of the world's information has been created within the past two years. No matter what policies you have in place, it's like Jurassic Park... employees will figure out a way around it.
"Technology solutions to this point have not been designed with the workforce in mind," said Jay. "But now we're in the golden age of collaboration. Coming out of this financial crisis, business leaders are starting to say: ‘Communicate more. Collaborate with your colleagues. Tweet.' But the policies have not caught up yet," he said.
"What we need is the right technology in place to find the important data, no matter where it is," added Tim. "And eliminate irrelevant data. But data storage policies have been a failure to this point."
"Having a policy that is published and distributed in a three-ring binder is good, but it doesn't mean you're not hosed," said Tim. "Maybe the CEO doesn't go to jail, and that's a good thing, but the larger repository technologies just aren't working. I just don't think the technologies are on the market to do what the market wants."
"The problem with policy," Jay said, "is that it usually sits on a shelf. But policy is fluid and organic. Who anticipated DropBox three years ago? The issue is that there are so many versions of information, saved and kept and generated... that's what's changed. It's just harder to find the substantive documents."
Please read on for more insight into discovery, and governance and the role that various corporate departments play in the mitigation of risk and the enhancement of control in the corporate information universe.