5 key players you need on your information governance team
Companies that have effective information governance programs always have what I call the committee: a cross functional team from different departments working together.
March 07, 2012 at 04:00 AM
7 minute read
The original version of this story was published on Law.com
This article is the part two of a seven part series on successful information governance programs. Read part one.
Companies that have effective information governance programs always have what I call “the committee:” a cross functional team from different departments working together. This is counterintuitive, as one would believe that more people with different agendas would tend to slow down a records management, litigation readiness or data privacy project. Why become encumbered by a cross-functional committee with different agendas? Isn't a smaller, more focused group better and faster at tackling these projects?
Actually, no. While getting a project started with a committee can be harder, in my own experiences in working with hundreds of companies, those that have a committee with the “right” members drive their information governances programs faster, develop better senior management support and succeed much more often than those whose programs that are run by only one group such as legal or IT.
Your information governance committee should include the following:
- Legal: The legal department, along with IT, is often one of the key stakeholders in these projects. Legal is often driven by policy issues such as compliance and privacy as well as reducing costs and risks for e-discovery. Typical participants might include AGCs, litigators, paralegals and others concerned with effective legal holds and defensible deletion.
- Records/Compliance/Audit: The records management function, whether reporting to the legal group or operations, care about records compliance, document workflow and archiving strategies, and ensuring these policies are followed enterprisewide. Internal audit also is concerned about information governance, especially around controlling sensitive information.
- IT: Sometimes a willing participant, and in other cases reluctant, IT is a key stakeholder, as more than 90 percent of an organization's records are electronic. IT has a vested interest that the policies developed can be realistically executed. IT also wants to reduce the burden of e-discovery, as well as drive defensible data deletion. Include key stakeholders such as the CIO or director of storage or messaging infrastructure from the beginning. Don't create a policy independently to be handed off after the fact to IT.
- Information Security: A relatively new member of the committee, increasingly we are seeing the information security function being addressed, or at least in sync, with information governance programs. Information security managers are concerned that sensitive data is being held in secure repositories, and this data does not “leak” to unsecure areas.
- Business units: Key yet often overlooked committee members are business units, including finance, HR and engineering. Some fear including these business units, believing they will only advocate a “save everything forever” policy. Rather, we have seen that when the business units are brought into the discussion early and become familiar with e-discovery and other issues that shape policy, they are not only reasonable, but can become the biggest supporters of information governance policy. Really. On the other hand, when excluded from the policy development process, business units do a pretty good job of slowing or halting programs.
Many companies create a “working committee” with these players, which reports up to an executive steering committee that includes the GC, CIO, CFO, etc.
Larger organizations face a contradiction: With higher litigation profiles and greater visibility for compliance, they have more need for effective information governance. Yet the larger the organization, the more likely that legal, IT and other groups are “siloed” and find it difficult to work on joint initiatives.
Usually during the first meeting with clients I can determine those companies whose information program are likely to be on time, within budget and effective. I only need to look across the table and see who is on the committee.
The next article in the series will discuss which group should own information governance, legal or IT.
This article is the part two of a seven part series on successful information governance programs. Read part one.
Companies that have effective information governance programs always have what I call “the committee:” a cross functional team from different departments working together. This is counterintuitive, as one would believe that more people with different agendas would tend to slow down a records management, litigation readiness or data privacy project. Why become encumbered by a cross-functional committee with different agendas? Isn't a smaller, more focused group better and faster at tackling these projects?
Actually, no. While getting a project started with a committee can be harder, in my own experiences in working with hundreds of companies, those that have a committee with the “right” members drive their information governances programs faster, develop better senior management support and succeed much more often than those whose programs that are run by only one group such as legal or IT.
Your information governance committee should include the following:
- Legal: The legal department, along with IT, is often one of the key stakeholders in these projects. Legal is often driven by policy issues such as compliance and privacy as well as reducing costs and risks for e-discovery. Typical participants might include AGCs, litigators, paralegals and others concerned with effective legal holds and defensible deletion.
- Records/Compliance/Audit: The records management function, whether reporting to the legal group or operations, care about records compliance, document workflow and archiving strategies, and ensuring these policies are followed enterprisewide. Internal audit also is concerned about information governance, especially around controlling sensitive information.
- IT: Sometimes a willing participant, and in other cases reluctant, IT is a key stakeholder, as more than 90 percent of an organization's records are electronic. IT has a vested interest that the policies developed can be realistically executed. IT also wants to reduce the burden of e-discovery, as well as drive defensible data deletion. Include key stakeholders such as the CIO or director of storage or messaging infrastructure from the beginning. Don't create a policy independently to be handed off after the fact to IT.
- Information Security: A relatively new member of the committee, increasingly we are seeing the information security function being addressed, or at least in sync, with information governance programs. Information security managers are concerned that sensitive data is being held in secure repositories, and this data does not “leak” to unsecure areas.
- Business units: Key yet often overlooked committee members are business units, including finance, HR and engineering. Some fear including these business units, believing they will only advocate a “save everything forever” policy. Rather, we have seen that when the business units are brought into the discussion early and become familiar with e-discovery and other issues that shape policy, they are not only reasonable, but can become the biggest supporters of information governance policy. Really. On the other hand, when excluded from the policy development process, business units do a pretty good job of slowing or halting programs.
Many companies create a “working committee” with these players, which reports up to an executive steering committee that includes the GC, CIO, CFO, etc.
Larger organizations face a contradiction: With higher litigation profiles and greater visibility for compliance, they have more need for effective information governance. Yet the larger the organization, the more likely that legal, IT and other groups are “siloed” and find it difficult to work on joint initiatives.
Usually during the first meeting with clients I can determine those companies whose information program are likely to be on time, within budget and effective. I only need to look across the table and see who is on the committee.
The next article in the series will discuss which group should own information governance, legal or IT.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View All
Lawyers Drowning in Cases Are Embracing AI Fastest—and Say It's Yielding Better Outcomes for Clients
GC Conference Takeaways: Picking AI Vendors 'a Bit of a Crap Shoot,' Beware of Internal Investigation 'Scope Creep'
8 minute read
Why ACLU's New Legal Director Says It's a 'Good Time to Take the Reins'
Trending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250
