Today, we celebrate Global Information Governance Day, established in 2013 as an international celebration of information governance, which is the practice of putting in place the people, processes, and technologies that allow entities to maximize the value of their information, while minimizing business and legal risks and costs. In honor of this fourth annual Global Information Governance Day, we are providing four steps that you and your organization should take when building an information governance program:
- Obtain Executive and Employee Buy-In
A successful information governance program requires enterprise-wide buy-in of executives and employees. To obtain enterprise-wide buy-in, you should:
- Know Your Audience. To effectively make the case to your organization, you should first understand how information governance can support the organization’s strategic initiatives. Look at your organization’s current strategic initiatives and recent marketing campaigns for clues on how to state your case for information governance.
- Involve Stakeholders. The information governance program should bring together leadership throughout the organization—including legal, IT, and the business units. Provide employees throughout the enterprise with communication channels to raise their opinions, questions and concerns relating to information governance policies.
- Demonstrate Results. It is important to establish metrics early on that can be used to measure progress against the organization’s objectives. Demonstrated results help sustain executive buy-in.
- Implement Specially Tailored Information Governance Policies and Procedures and an Actionable Records Retention Schedule
Records and information management, legal hold, and data privacy and security policies, along with an actionable Records Retention Schedule (“RRS”), form the foundation for a successful information governance program. When building this foundation, you should:
- Tailor Policies and Procedures to Organization Specifications. Customize policies and procedures to address your organization’s unique information governance challenges.
- Develop an “Actionable” RRS. An “actionable” RRS is concise, user-friendly, and organized by business unit. It provides official record location information, and incorporates legal and regulatory retention requirements, as well as privacy considerations (e.g., prompt disposal of unneeded personal information) and business requirements.
- Train Employees. Not every employee will share our fascination with information governance. Organizations should help engage employees through training programs that emphasize how good information governance practices can benefit employees throughout the organization, drive the business forward, and reduce legal and business risks and costs. Organizations also should develop organization-specific scenarios to illustrate policy mandates in practice.
- Implement Defensible Disposition Processes
Defensible disposition processes help an organization reduce its costs and legal risks by disposing of information that has no business or legal value. When implementing a defensible disposition process (e.g., Employee Information Disposition Events, Automatic Deletion and Legacy Information Review and Remediation (“LIR”)), organizations should:
- Start with Low-Hanging Fruit. Tackling “easier” projects first (e.g., a review of decades-old information) should help demonstrate results to executives and build momentum for future projects.
- Plan for Change. A defensible disposition plan should take into account the possibility that legal or regulatory retention requirements may change during the process. For example, a LIR plan should include a process for incorporating new legal holds issued after the LIR project has begun but before information has been disposed of.
- Secure Disposition. Organizations should ensure compliance with all applicable secure disposal laws and regulations where the information disposed of may include confidential information, including Protected Health Information and other Personally Identifiable Information. For larger paper disposal projects, extra secure shred bins may need to be arranged weeks in advance.
- Select and Implement Right-Sized Technology Solutions
Technology solutions can help automate the implementation of information governance, which in turn enables employees to focus more on their primary business responsibilities. But before purchasing a technology solution for information governance, organizations should:
- Focus First on Good Information Governance. A technology solution is only as good as the policies, procedures, and processes that it implements. Focus first on getting your organization’s information governance house in order before purchasing a technology solution.
- Identify Priorities. There are many good options available under the category of “enterprise content management,” which encompasses electronic document management, electronic records management, document imaging, forms processing, and web content management. But the right tool depends on your organization’s priorities, which should take into account budget, user expectations, and current information technology infrastructure.
- Ask Vendors to Show, Not Just Tell. When comparing vendors, organizations should, of course, require vendors to submit responses to their Request for Proposal that will help confirm whether each vendor solution can meet the organizations’ identified legal, business, and technical requirements. But, in addition, organizations should require finalists to demonstrate, in person, how their technology solution will meet the requirements.
* * *
Global Information Governance Day only happens once per year, but a successful information governance program is not built overnight. In honor of the fourth annual Global Information Governance Day, we have provided four key steps in building a successful program, but each organization has unique information governance challenges to consider. This blog post is not intended to provide legal advice, but if you are interested in learning more about how Fey LLC can help your organization build a successful information governance program, please reach out to Laura Fey at firstname.lastname@example.org or (913)948-6301.