15-Aug-08 10:00 AM CST

What Every Lawyer Should Know About Data Governance, Compliance, and Collaboration

By Dena Rafte, President and CEO, Rafte & Company

According to figures recently released by IBM, worldwide file, database, and email archive capacity will each skyrocket at a compound annual growth rate of up to 73 percent, altogether totaling nearly two trillion full filing cabinets of information (IBM Press Release, May 21, 2008).

If your organization is like most, the daily accumulation of data is a fact of doing business: matter-related data is strewn across the organization in outdated paper filing systems, duplicate emails, and multiple databases.

Security and Compliance Concerns

In the past, the need to retain data was driven by business need; but today, government regulation is just as likely to play a key role. For many organizations, concerns about compliance with Sarbanes-Oxley (SOX) are driving new data governance initiatives. Among other regulatory requirements, SOX mandates that records be retained in a non-rewriteable, non-erasable format, requiring organizations to implement a robust data retention solution.

Of course, there are other drivers of data retention initiatives such as the “Model Corporate Record Retention Guidelines” of the Association of Corporate Counsel, which provides guidelines for establishing record retention programs and policies for matter-related documents normally handled by Corporate Counsel.

Corporate mergers and acquisitions, a global client-base, and a mobile workforce have also increased pressure on corporate legal departments to provide full visibility and control over matter-related content. Yet, the matter files in many organizations remain inaccessible remotely for collaborative purposes or are still paper-based.

Poor Data Quality is a Business, Legal, and Financial Risk

Lack of data, poor data quality, or incomplete records can carry legal, business, and financial risks when data required as part of a legal proceeding or regulatory requirement is missing. In one case involving the routine, scheduled deletion of email from a corporate database that occurred after a lawsuit was filed, the State District Court of New York ruled that even in the absence of bad faith, companies can receive court sanctions even if they are only following their normal data retention practices of deleting emails after a set period of time (MasterCard vs. Moulton, United States District Court for the Southern District of New York: June 22, 2004).

Beyond Compliance: Why Adopt a Data Governance Policy?

Besides addressing compliance requirements, there are many other reasons to adopt a rational data governance policy. For corporate legal counsel, it’s critically important to be able to share matter-related information securely between subsidiaries, geographically-dispersed workforces, partners, and affiliates.

Unfortunately, critical matter-related information is often tucked away in data silos across email inboxes/folders, multiple offices, subsidiaries, and regions. Having a central data repository enhances the ability to share matter-related information securely, while improving the organization’s knowledge management capabilities. The result is better consistency and confidence in decision-making.

Matter Centricity and Data Made Available Anytime, Anywhere

Increasingly, the data that is required during the legal discovery process is electronic, not written. Yet, it is important that both paper records and electronic matter are available centrally on-demand—anytime, anywhere. That means data must be accessible from a courtroom, airport, or home office—as well as from the traditional desktop. No longer is the laptop satisfying remote access to matter-related data. The smart phone, PDA, or BlackBerry is now an essential component of the legal professional’s technology infrastructure. So, any data governance solution must take these mobile devices into account, not just the desktop and laptop.

The objective of data governance for many organizations is to mitigate the risks associated with regulatory requirements and to implement business policies that provide an auditable framework—without disrupting the way the company does business. In today’s regulatory environment, a rational data governance policy is essential to ensure consistency, confidence, and compliance.

Lifecycle Management of Matter-Centric Data

To effectively manage matter-related content, data governance policies and processes must encompass the lifecycle of the entire project or matter, including both hard copy and electronic files and records. In addition, data archival and retrieval systems must provide multiple, convenient ways to file and profile email messages into the electronic matter file—with flexibility to meet the way that the business operates, and with full access to data through intranets and extranets.

The best data archival systems use metadata and heuristic analysis of message or document content to classify and categorize data into matter folders so that matter-related data is available in context. Without metadata capture features as part of an archival system capabilities, the organization is at risk for spoliation due to lost or modified metadata and content.

Work Style and Culture Are Important Considerations

The key to the success of any data governance policy is full and effective user adoption. During the initial discovery process, it is important to involve those who will be impacted by new data governance policies so that they are participants in the process, not simply bystanders reacting to new policies and processes as they are rolled out.

Understanding roles, responsibilities, work styles, and organizational culture is a critical part of successful data governance initiatives and effective case management. Just as important is ensuring that data governance policies and processes reflect the way the organization actually does business.

Good Data Governance: Using the Right People, Processes, and Technology

Many organizations believe they have handled the need for matter-on-demand with a document management system. In reality, there is far more integration required between people, processes, and technology to put an effective data governance system in place and do an adequate job of connecting the paper world with the electronic world.

Three Common Pitfalls You Should Avoid:

Don’t rely on file and database backups as a substitute for a reliable data governance solution. Backup copies are not in a format that can be queried. Furthermore, data integrity problems can result if the backup copy contains data that is in your current operational database, but in a different state.
Don’t leave archive data in your operational database. Queries against the operational database can negatively affect the performance of critical business applications.
Don’t rely on electronic imaging systems alone as the answer to data archiving and regulatory compliance. Many such systems promise electronic document management (mainly for filing purposes), but fail to provide an enterprise-wide solution that meets regulatory requirements.

Putting the Process Together

In successful data governance initiatives, the leader of the initiative is an executive level sponsor. The team includes project management, line-of-business managers, and data stewards who take an active role in data strategy development and delivery. Within that framework, critical data elements are identified and ownership, stewardship, and management of different kinds of information are assigned.

At Rafte and Company, we’ve simplified implementation of the data governance process into the following steps:

Once the value of proper data governance is understood and a commitment is made, the executive-level sponsor assigns a project team to examine data governance objectives and goals, review the range of possible solutions, recommend an approach and guide implementation.
In the due diligence phase, the project team meets with each line-of-business manager and data steward to understand how they work and examine the system used to organize physical files.
Working with a legal technology consultant, a concept is developed, demonstrated, and honed as necessary.
Once finalized, the team is trained in the non-disruptive activities that take place in the background—such as indexing, identifying, grabbing, and storing data in matter-related folders, and, if necessary, further refinement of the concept is completed.
With a successful implementation behind them, the data governance policy is complete. New initiatives are not deployed without considering their impact on existing databases and day-to-day business operations.

Conclusion: Better Compliance, Collaboration, and Security

While regulatory compliance may be a primary concern, it is not the only benefit that organizations can realize from implementing a data governance policy, processes, and technology. Data governance can dramatically improve the consistency and confidence of decision-making, data security, regulatory compliance, and the ability to share secure, reliable information throughout the organization.

By consolidating all of the matter-related content into one unified, secure, searchable location, the compliance needs of the organization can be met, while enhancing the ability to fully collaborate around matter-centric data across geographically dispersed locations—anywhere, anytime.

In the final analysis, the hallmark of a successful data governance solution is effective collaboration around matter-related information in all of its forms. Once the right technology, people, and processes are brought together, the true collaborative potential of matter on-demand can be unleashed.

Click a star to rate!

Rating: 0.00 / 5.00 - Not yet rated.
0 ratings