The quarterly publication of the International Legal Technology Association
Issue link: https://epubs.iltanet.org/i/411912
WWW.ILTANET.ORG 47 A UNIFIED APPROACH Typically, the management and control of an organization's information fall under the responsibilities of the following business functions, often operating in a very siloed manner: • The records and information management department defines policies and procedures used to manage an organization's records and information. They identify regulatory retention requirements for records. • The legal department's oversight and management of litigation, claims, government investigations and other legal actions and disputes heighten its concern related to e-discovery and the ability to find responsive information in a timely manner, and to preserve related data. • The information security department within the CIO's organization protects the confidentiality, integrity and availability of information, ensuring access to systems only by authorized persons. • The privacy office is charged with responding to privacy-related issues and investigates privacy breaches and complaints involving unauthorized access or disclosure of personally identifiable information. These distinct organizational functions focus on specific aspects of information management and protection, typically with limited interaction. Many organizations are coming to understand that a comprehensive and unified approach to managing information across the enterprise can only be realized through a coordinated interdisciplinary approach. Such an approach aims not only to manage the risks of inadequate information management and protection, but also to optimize information value as an asset. Establishing an information governance steering committee, with executive sponsorship at the highest level, provides a top-down framework for the strategic governance of an organization's information assets that considers and accounts for all interests. The most successful committees are those that comprise not only representation by the legal, privacy, IT and records and information management departments, but representation by key business stakeholders as well. THE IMPORTANCE OF AN INFORMATION MAP Each of the traditional disciplines has a distinct view into the organization's information: • Often, the legal department will develop a data map as its view into those systems most commonly relevant to discovery requests, legal holds and/ or needed for meet and confers. • Records and information management focuses on the defensible disposition of records as defined by their regulatory, legal and operational value, depicted by a records retention schedule. • Information technology could maintain an application profile that shows the overall infrastructure of systems under the management of the central technology group. • The privacy office's view of information within the organization is often limited to lists of systems that contain personally identifiable information or other sensitive data. Although each of these tools serves a key purpose, none alone provides a comprehensive view of an organization's information landscape. Without this unified view, an organization's governance strategy is likely to have gaps and disparities. One of the first mandates of the information governance steering committee should be the development of an all-inclusive information map that serves as a starting point in assessing whether comprehensive information governance requirements are being met. The organization's records retention schedule might be a starting point since it should already identify what the organization considers "records" and related retention requirements. To evolve the retention schedule into an information map, remember that most retention schedules are adept at addressing the world of physical paper records, but About the Author Laurie Fischer, Managing Director at Huron Consulting Group Inc., has more than 23 years of experience in the design, development and implementation of records and information management programs for organizations of all types and sizes, including large, complex, highly-regulated companies. As a Certified Records Manager (CRM), her engagements have included the development of RIM policies and procedures, legally-compliant retention schedules, electronic records and information management programs, audits and assessments, vital records programs, and RIM training and education. One of the first mandates of the information governance steering committee should be the development of an all- inclusive information map.