Our webinar last week on information governance went well and generated some interesting questions. I didn’t get to answer all the questions on the call so I’ll take the opportunity to briefly answer some of them here, including some of the more interesting ones I did answer live. Most of these topics were covered in much more detail in our recently published report on information governance, which also spawned the webinar. The full recorded webinar is also available online as well.
Q: Can you talk to any trends you see in terms of who in an organization is purchasing governance/e-discovery tools?
This is something covered in some detail in the report itself. In general, there’s some difference in terms of purchasing between “governance” and “e-discovery.” If the use case being addressed in a particular procurement process is specifically for reactive e-discovery – meaning, the ability to respond to a specific legal discovery request – then the process is likely to have heavy involvement from the legal department if not full ownership by that team with IT involvement.
Governance is generally broader and is likely to involve more underlying pieces of technology (e.g., archiving, records management, indexing tools for distributed data and e-discovery / early case assessment). There’s certainly no single approach to governance and most organizations are in the earliest of stages in terms of putting in place some kind of broader governance strategy. Procurement is still likely to be tied to more tactical requirements and the specifics of those requirements will dictate who’s involved (e.g., e-discovery is more likely to be run by legal, as noted above, while an email archiving decision is more likely to be led by IT with legal involvement). Generally speaking, hashing out broader governance strategies may well involve IT (email management, storage, ECM and search folks), legal, compliance officers, records managers and security personnel, among others.
Q: What are your thoughts about how far right along EDRM the big ECM vendors will move?
So far, ECM vendors are focusing on the far left of the electronic discovery reference model (EDRM). This has expanded in the last twelve months or so from a far more limited focus solely on the “information management” process step to greater capabilities for data identification, collection, preservation, and some review and analysis. This is likely to continue, though I’d be surprised to see ECM vendors move beyond this. Identification, collection and preservation will be key areas in the short term (EMC’s recent Kazeon buy is a good example of how ECM vendors will look to better handle distributed data). Review and analysis capabilities are likely to remain in the area of early-case assessment, with the expectation that a winnowed-down set of data is still likely to be turned over to external counsel for further review and analysis. That’s likely to be where most ECM vendors stop, though not all; Autonomy, for example, plays specifically in the legal market as well with iManage and Discovery Mining.
Q: Can you explain a bit more what you mean by “litigation readiness”? What processes does this cover?
I guess this is a phrase I use a lot when talking about information governance and perhaps I didn’t explain it well enough on the webinar. Litigation readiness is really just one reason organizations are interested in information governance. Poor information governance makes it difficult to respond efficiently and cost effectively to e-discovery. There are a number of processes involved in better preparing for litigation, but ideally, organizations need to have some high-level understanding of what data exists, where it is and who has access to it. That’s a whole lot easier said than done of course, particularly when you need to include data on desktops, laptops, shared file drives and so forth. The processes generally need to encompass maintaining some kind of index of what resides on all those devices and how that data will be captured and secured if needed. That needs to be combined of course with more formalized management of data in archives and records management systems, with some consistency in terms of retention and disposition policies (that are standardized and enforced) across sources. Few organizations have a very good handle on this sort of thing across repositories and unmanaged devices today, but those that are more often involved in litigation are likely to be more litigation-ready.
Q: Is Information Governance of primary interest in the US or are companies in Europe also concerned? I.e. is there an opportunity for vendors beyond the US?
Information governance as it relates primarily to litigation readiness is of primary interest to those in the US and in parts of Europe that have similar discovery or disclosure requirements for electronic information. In geographies that don’t yet have as strict requirements for electronic discovery, governance may still be an interest but may be for different reasons. Compliance with specific regulations (e.g., privacy-related legislation) can be a concern, for example, as can IP protection or other types of security. So there is certainly opportunity for vendors in specific markets, such as archiving, but the drivers might be different.
That’s probably enough for one blog post. Again, those interested in the full webinar can find it here.