All posts in Information Management

A Closer Look: Government Investigations

What’s the first thing you think about when you hear about a government investigation? Personal harm? Social impact? The 24-hour news cycle? Political impact? Penalties? “What can the data tell us?” is one of the first questions I’m always asking when I hear the government is knocking. During the Government Investigations and Civil Litigation Institute’s (GICLI) third annual meeting, I found every prevalent theme aligned with the types of data-driven concerns I have in mind.

GICLI 2017

The 2017 GICLI conference, which aims to provide in-depth education regarding the dramatic surge in regulatory enforcement activities and related civil litigation that burdens the corporate legal department, was held October 9-11 in Dove Mountain, Arizona.

Throughout my one-and-a-half days at GICLI, I enjoyed the privilege and intellectual rigor of attending nine out of 13 panels collectively available during plenary and breakout sessions. The agenda was loaded with highly relevant, informative and meaningful content presented by and for an exceptionally sophisticated, collaborative and down-to-earth group of more than 120 practitioners from leading law firms, corporations and government agencies. Reflecting on all the great information, I walked away wishing that I had access to this type of forum 15 years ago and certain that not only would I come back, but also encourage others to participate in the GICLI community, come to next year’s meeting, continue learning and exchange insights. With that inspiration in hand, I’m happy to share some of the highlights that left a lasting impression with me, along with the data-driven implications you should be considering.

First and foremost, who cares?

Every industry should care, but especially highly-regulated, publicly-held organizations. Further, international organizations, public or private, need to focus on potential regulatory risks and underlying data-driven concerns. Putting aside some of the most exceptional fines and disgorgements that cost international corporations billions of dollars, dozens of new FCPA investigations are opened each year and the average case lasts four years. The U.S. government and its counterparts worldwide have established agencies to oversee most aspects of our lives. Today, consumer protection authorities are increasingly concerned with products that collect, compile and rely on data. Dolls, watches, vehicles and thermostats are among the myriad of products that are connected to the internet and streaming or storing information somewhere. Of course, the more obvious and traditionally heavily-regulated arenas like finance, healthcare, automotive and energy sectors need to recognize that the FBI and SEC are leading authorities with increasing ability to conduct sophisticated data analysis on grand scales. Further, there is significant international cooperation among regulators and sophisticated surveillance, with agents embedded in other countries. Consider what your organization is doing: what else can you do to more proactively monitor, detect and prevent issues in-house?

Everyone likes a diagram

To navigate the complexities of a government investigation, a common operating framework is particularly helpful. Many organizations that face regulatory inquires never have before but are then likely to face them again and certainly need specialized, experienced support and representation. Hats off to Patrick Oot, David Greenwald and Ashish Prasad for releasing version 1.0 of the Government Investigations Reference Model (GIRM) during GICLI’s 2017 annual meeting. The model provides an exceptionally helpful diagram to align the many activities and stakeholders that come into play throughout the lifecycle of a matter, from the time it emerges to the time it’s resolved. This will undoubtedly be in broad circulation soon and go through healthy community feedback and iterative enhancement. Other models that have emerged over the years, such as the Electronic Discovery Reference Model (EDRM) and the Information Governance Model (IGRM) effectively prove the utility of a common frame of reference. This new model is complimentary and can nearly be used in parallel to the EDRM as a substantive legal framework. Considering the two models together is important to enable practitioners to consider how, where and when they can identify, contain, interrogate and disclose potentially relevant data for optimal representation through the course of any investigation. Further, many of the reactive elements of the GIRM will serve to inform the types of proactive measures emphasized at GICLI, which could be incorporated into the model, as well.

Diametrical challenges

There are inherent tensions between cooperation with authorities, credit for cooperation, disclosure of privileged information, company representation, impacts associated with downstream civil litigation and over retention of electronic data. The fallout from an investigation and the high likelihood of spin off litigation is costly and time consuming. The answers for many (if not most or all) of the questions that arise through the course of an investigation can be answered through the absence or presence of electronic evidence. Early and constant case assessment was a prevalent theme among panelists at the GICLI meeting. While there are many work streams running hot during the course of these projects, building fact patterns and disclosing findings based on actual, underlying data is sensible, especially when coupled with findings from witness interviews and sound strategy. Meanwhile, it can take time to put the relevant information together and additional findings tend to emerge later, thus enhancing the tensions. Even in these urgent circumstances, counsel needs to pause and carefully consider the best search, retrieval and analytics strategies to identify and triage factually relevant data, data sets that need to be compiled to prove the negative (i.e., when there’s no real infraction) and potentially privileged information. Of course, this further illustrates the logic in carefully examining potentially relevant data. Much can be accomplished through holistic, high-level and mid-level data analysis. Early data analysis often reveals key players, timelines and tranches of useful or irrelevant data.

As the tentacles of an investigation spawn and the scope of potential civil actions are defined, so too should the scope of legal holds and data preservation. Some of the basics and details of these often-mentioned issues go unattended at a surprising rate. It is also apparent from GICLI meeting attendees that an equal amount of consternation can be attributed to over-retention of data. Precise, content retention and disposition appears to remain elusive to many organizations, even with comprehensive policies in place. The large “data lakes” that spring up are especially challenging. Pools of legacy data that remain unmanaged on file servers or under the custody of outside counsel occasionally become the vehicle for cases to proceed simply because data was still available, despite expiration of retention and legal hold obligations.

Keeping up the momentum

These were just a few of the big themes and underlying issues that were covered in depth at GICLI 2017. I’m optimistic that future meetings will prove to be as informative. So, I look forward to the fourth annual GICLI meeting in Ft. Lauderdale, Florida on October 8-10, 2018 and hope to see many new and familiar faces.

One of my goals is to keep the conversations started at GICLI going over the next 12 months. If you have any ideas or questions about the prominent role of data in government investigations, please don’t hesitate to reach out.

Inspiration & Innovation from ING3NIOUS: 3 Takeaways from NorCal 2017

Last week, I enjoyed the privilege of speaking on a panel with distinguished colleagues at the ING3NIOUS 2017 NorCal Information Governance Retreat in Carmel Valley, Calif. Our panel was appointed to discuss TAR and what we, as an industry, have learned about using it in legal matters. This session was one among a series of insightful discussions about the needs, direction, impact and practicality of technology in information governance, data security and electronic discovery. Overall, this retreat inspired, challenged and informed everyone in attendance. The scale and setting is more intimate than some other events, which resulted in a healthy exchange of ideas and challenges from experts and innovators in technology and law. Amongst the many great stories and lessons learned, I walked away from the retreat with three major observations.

#1 There’s more work to do with Technology Assisted Review.

As mentioned in my prior blog post, predictive coding and Technology Assisted Review are commonly accepted at this point. Nevertheless, stakeholders continue to evaluate, and have a healthy debate about, the conflicts and merits of related topics such as the appropriate level of disclosure and incorporation of traditional keyword search. Meanwhile, most of the technology itself has had only one major revolution in its 10 years of use. Namely, the ascent from Simple Active Learning (i.e., the first generation of predictive coding) to Continuous Active Learning. Of course, I am honored to be part of a respected and select field of leaders and innovators in predictive coding solutions to deliver these types of enhancements and much more. After synthesizing the discussion from a few of the panels at the NorCal Retreat, it is apparent that while the sufficiency of productions resulting from predictive coding endeavors remain largely unchallenged, there are a number of opportunities for on-going development and enhancement of predictive analytics, which will require a critical focus on both operability and underlying technology to maintain defensibility and enable counsel to focus on the most important content.

#2 Business processes conflict with situational nuances.

Corporate data has tremendous value to be protected and yet to be derived. In fact, there might even be an opportunity cost to not measuring and assigning an intrinsic value to the data itself. For example, consider valuation of data protected from or subject to a breach. Imagine the insurability of data itself under a commonly accepted valuation model. Meanwhile, a practical path to this idea seems as elusive as substantial application of retention policies to electronically stored information. In fact, trends and sentiments continue to suggest that information retrieval and classification are superseding data destruction priorities as search and analytics technology becomes more precise and computing capacity continues to expand. Many reasonably contend that there is risk in letting old data pile up and rightfully cite the fact that 85 percent of corporate data could be redundant, obsolete or trivial. Others contend volume should not dictate value because losing one good item amongst 20 records matters to some. All of these points demonstrate the natural and on-going tension between the demands of disputes and investigations amidst corporate governance in the information age. While information governance professionals, corporate electronic discovery managers, in-house legal operations and technology companies increasingly strive to manage legal matters and electronic discovery in a manner similar to other business processes, outside counsel cautiously, and almost unilaterally, operate around the variables and nuances of different cases and situations, strongly advocating for approaches that are tuned to the situation.

#3 We all hope and need to unify and streamline.

Despite the complications mentioned above, everyone’s strong conviction is that a more effective and consistent set of solutions can be realized. The give-and-take between customized solutions, new technology, preferred providers and pre-defined solutions means there is still a lot of opportunity along with the challenges. Each organization is aiming to adopt and provide unified processes and innovative technology with practical capabilities across the spectrum of information management, data security, case administration, project management and electronic discovery. For every firm or corporation that selects a solution, there are still others with strong preferences and compelling features and value propositions. There is a lot of room, and perhaps even an acute need, to coalesce around a more concise, stable and sustainable portfolio of technology-enabled solutions. This need will continue to ignite outstanding conferences and working groups like Ing3nious (and Sedona, ILTA, EDI, ERDM, ACEDS, IGI, WiE, etc.), where legal and technology professionals can propel the conversations and initiatives associated with these opportunities in our industry.

Manage Unstructured Data with Unified Archiving: A Case Study

As data volumes grow in today’s digital workplace, so do costs and risks associated with storing large amounts of data for litigation, investigations, regulatory requests, compliance and other requirements. To address these costs and risks, organizations need one technology system to seamlessly address information management, bringing together data from disparate systems while eliminating duplicate data sets. The compliance and ediscovery challenges of one organization are documented in a recent case study, developed by ZL Technologies and KrolLDiscovery.

An Archiving Case Study

A large, international bank, based in Switzerland, operated two instances of a compliance technology solution. These compliance tools were incompatible and incapable of merging, thereby creating an unnecessarily complex compliance process. Also, the bank sought a platform that would facilitate searching for documents across the enterprise to aid in collecting and producing documents in legal discovery matters.

The bank understood that while compliance and ediscovery are often treated as separate functions, the two are closely interrelated and use much of the same data. This relationship led the bank to look for a solution that could offer a single repository for both systems in order to streamline compliance and ediscovery processes. The bank turned to KrolLDiscovery and its partner ZL Technologies to assist in implementing such a solution. Combining KrolLDiscovery’s experts in data management with ZL Technologies’ dynamic information governance platform, enables enterprises to better understand what data they have and where it resides.

The ZL solution was initially deployed in the bank’s Americas region, specifically in the United States and Canada. Once proven successful in these locales, the bank decided to launch the solution in other international locations, deploying it in its Bahamas, Europe and Asia offices. Beyond standardizing on a unified, global compliance and ediscovery technology platform, the bank also established its governance and data management principles as well as compliance and ediscovery workflows, critical goals for the global enterprise.

ZL and KrolLDiscovery: A 10+ Year Partnership

With the ZL Unified Archive platform, KrolLDiscovery helps to eliminate common business problems that go along with the unrelenting growth of data. Recently, KrolLDiscovery and ZL celebrated more than 10 years of partnership helping organizations manage unstructured data for ediscovery, compliance, records management and knowledge management.

An Ediscovery Attorney and a Healthcare Security Manager Walk into a Webinar


What do an ediscovery attorney, a forensics investigator and a healthcare security manager have in common? In today’s digital age – everything. 


Kroll Ontrack’s most recent webinar, How To Develop a Data Preservation & Collection Plan in Preparation for Litigation, hosted by Healthcare Informatics, gave attendees a hard look into the challenges healthcare organizations face when a government investigation or civil litigation arises.

Kroll Ontrack SVP of consulting Cathleen Peterson and healthcare security manager Brian Abel put their own professional experiences on display as they navigated this challenging intersection between healthcare, law and technology.


Truth is, an ediscovery attorney, a forensics investigator and a healthcare security manager have a lot in common. Today’s healthcare organizations are traversing a new information technology terrain. Growing data volumes, increased information security threats, vast data collection efforts and computer forensics investigations require a higher level of comprehension from all experts.

As Brian and Cathleen discussed via a real-world case study, legal, regulatory and compliance requirements are requiring hospitals and healthcare organizations to properly handle electronically stored information (ESI), or face severe consequences. At the end of the day, this new territory is where technologists meet attorneys and data managers meet security professionals.  If your job involves any of these important roles, you will benefit from spending 60 minutes with this new webinar recording.

Top Considerations When Building BYOD Policies


Vikas_PallIn a recent article, my Kroll Ontrack colleague Vikas Pall wrote about the growing concerns over bring your own device (BYOD) policies. Today’s employees integrate their personal and professional lives, and the use of personal devices for day-to-day employment duties has become ubiquitous. The days of doubling up on devices—one personal, one professional—are over, with BYOD policies emerging as the most enticing option for employees and companies.


While there are many advantages to BYOD, taking on the ambiguities and complications that can come with having employees bring their own devices to work can be a risky move if an organization fails to put a well-planned policy in place. In his article in ILTA’s Peer to Peer magazine, Vikas outlines the top things to consider when building a BYOD policy.

#1: Assess

Crafting a well thought out BYOD policy is the key to fully utilizing its benefits, but a perfectly planned policy does not appear overnight. A policy must be effective, relatively simple and easy to follow for end users and the IT department. Communication across departments is the best way to make sure all bases are covered.

#2: Plan

Once the broad framework is in place, it is time to finalize the details of the policy. From Android to Apple phones to tablets and wearables, defining exactly what is meant by “bring your own device” is critical. Companies should be device-specific, or limit the devices, and establish a clear service policy for the list of approved BYOD devices. In the midst of planning the functional aspects of a policy, it is equally important to address employee exit strategies. BYOD policies should reference the company’s separated employee process and vice versa.

#3: Implement

To prevent data breaches or corporate hacks, specify what kinds of corporate data may be accessed on which devices and implement mobile device, data and app security measures in your BYOD policy to protect company data and confidentiality. BYOD policies should also touch on preservation and discovery in litigation. Companies can get ahead of failed preservation efforts by adding BYOD data to their ESI data maps and issuing legal hold notices to address what content must be preserved.

#4: Iterate

Companies should regularly audit the effectiveness of their BYOD policy. Look at what new technologies are available and whether they should be supported. Review the current policy points to see if anything wasn’t adopted or could be improved. BYOD polices will continue to evolve with technology and the workforce.

Be sure to read the full article, From Blurred to Secured: Four Steps to a Better BYOD Policy, for a more in-depth analysis of best practices for bring your own device policies.

Guest Blog: Turning on the Lights in a Dark (Data) Room

This is a guest blog written by Tom Barce.

t_barce2015Tom Barce ( is the VP of Thought Leadership at KrolLDiscovery. Mr. Barce brings over 18 years of experience in directing information management, electronic discovery and litigation support initiatives. He is accustomed to delivering strategic vision, consultative services and project management expertise. He has extensive experience in responding to complex electronic discovery demands in numerous litigation and regulatory matters. Through his experience and vision, he strives to continually elevate our community to higher state of “information intelligence.”

Tom recently spoke on the topic of dark data at the monthly meeting of the ARMA Metro NYC Chapter.

Turning on the Lights in a Dark (Data) Room

At breakneck speed, businesses and individuals are amassing huge volumes of disparate and obsolete data—data that has long gone “dark” within an organization.

Dark data is the neglected data accumulated by an organization during regular business activities—the aging information, untouched archives, ancient web log files, old records of email correspondence. This data is intermingled with highly valuable and sometimes sensitive business information, too.  It usually holds little value on its own and for many organizations it is too costly for an organization to access, compile, analyze and manage the data’s retention. For many organizations, it seems easiest to allow the data to amass in the shadowy corner of their IT infrastructure. However, when corporations shine a light on the dark data abyss, unused data can be very illuminating.

Double Check and Utilize Dark Data to Your Advantage

At its core, dark data can present significant risk. Most legal professionals who have responded to a legal or regulatory action have succumbed to the costly pains of trudging through small percentages of antiquated data amongst huge data stores. Notwithstanding such significant risks, dark data presents noteworthy opportunity costs for organizations. For example, reports run from accounting systems about company transactions alone may seem like benign business activity. But what if those reports were emailed to a Gmail account, downloaded to a USB drive or uploaded to a website?  When sources of transactional data like file names, network activity, local computer access, or web history are cross referenced, powerful corollaries can be derived to protect your organization.  While this type of intelligence might not lead to an earth shattering money laundering investigation, it does not hurt to double check activity that might seem questionable. Recognizing how to utilize dark data can allow an organization to prevent, detect and defend against internal and external threats, from spotting internal fraud to harnessing information and gaining an advantage in the market.

Growing contingents of businesses are leveraging great information for marketing and sales. But how many are using data to mitigate or detect risk?  While some organizations are letting their data gather dust in the dark, others have focused an information governance spotlight on their once-dark data to extrapolate value from overlooked data and uncovering substantial intelligence. For example, by monitoring file downloads to USB connected devices, an organization can prevent losing sensitive data. Conversely, corporations that forgo tapping into unused data may be sacrificing value and risk becoming less efficient and relevant than their competitors.

First Steps to Shining the Light on Dark Data

Unfortunately, shining the light on dark data is not as simple as flipping a switch. A few steps are essential to capitalizing on dark data. First, begin by prioritizing business concerns and risks to establish a starting point for the projects to follow. Next, aim for one project per period (quarterly, semi-annually or yearly) to focus on your concerns and the data you can use to manage them. Leverage people, processes and technology, and understand how to profile the data that is usable to create actionable business and legal intelligence.  Identify easy wins when possible, especially if low cost solutions can securely advance high risk objectives.  Of course, document the process should litigation ever loom on the horizon.

There isn’t a single existing technology solution today that can thoroughly illuminate all the dark data and automatically harvest its value.  That said, with careful forethought and perseverance, corporations can make unwieldy dark data far more comprehendible, less risky and just a little brighter.

Information Governance – It’s a Jungle Out There!

Building information governance (IG) protocols from scratch can feel like getting lost in a jungle. Often it is difficult to know which direction to go to get started on your journey, especially with a thick forest of documents standing in your way. But orienting yourself in the IG jungle is essential to avoid the possibility of leopards attacking you, birds swooping down on you, or those sneaky critters that might come back to bite you. Luckily, we’ve created a handy IG Guide to help you navigate through the underbrush and into the clear!

The guide includes critical information on IG, such as how to amplify the value of enterprise information, manage data and control ediscovery, as well as how to reduce data governance risks and costs. Also included is a look into how a hypothetical company, Healthy Nuts, found their way through the IG jungle. Find out more about their story and information governance here.

Choose Your Own Adventure: Mastering Information Governance in the Workplace

Choice A or Choice B? Choice C or Choice D? There’s nothing quite like the mystery and thrill of the Choose Your Own Adventure (CYOA) novel, where the reader gets to direct and navigate the story of their choice.

Similarly, when it comes to Information Governance (IG) programs, corporate counsel and the IG team get to create their own old school CYOA storyline by defining the processes and implementation of the multi-disciplinary structures, policies and programs necessary to control and organize data. Kroll Ontrack’s Tom Barce recently wrote an article, Information Governance: Be Prepared for a Data Disaster, discussing the importance of IG programs and what corporations should be aware of in regards to what an IG program can do.

To showcase the advantages of IG programs, let’s consider the following scenario for Health Nuts (HN), a large (fictional) multi-national company in the nutritional supplements industry:

The company has hundreds of employees and millions of records containing private and personal data. Over the past decade, the company has grown rapidly through acquisition. HN recently expanded into Brazil, however, very little has been done to integrate the various data management policies and procedures from the newly acquired companies. Some divisions of HN are highly technical, with employees leveraging modern communication devices and forums, as well as using personal devices for work communications.

Do you:

Choice A: continue as is and allow various data management policies to continue


Choice B: re-evaluate the complexities and dangers of rapid growth and insufficient data policies and consider incorporating an IG program

For inside counsel and IG teams, the above hypothetical should raise blaring issues of security, management and data protection. Unfortunately, with corporations now fully entrenched in the digital age, counsel are playing a catch-up game with how fast data is created and where the data goes, and many do not recognize the need for a robust IG program. When utilized properly, IG programs can control a corporation’s data and maximize its value, but only if the information at hand is under control. So what happens if the information is not under control and a corporation chooses Choice A? Let’s return to aforementioned Heath Nuts Corporation:

The nature of the organization’s data management and decentralized IT systems left it ripe for attack. Three months ago, the company suffered a data breach and is still trying to determine the scope of the attack across its divisions. Due to this, customers have experienced identity theft and fraud. Compounded with the fact that state and federal agencies are investigating the nature of the breach, a lawsuit is clearly imminent.

Do you:

Choice C: Await litigation


Choice D: Go back to the initial set-up and implement an IG program

For Health Nuts and for most corporations, the above situation is not too far from the norm if corporations choose Choice A over Choice B. Fortunately, steps can be taken to mitigate this hair-raising data disaster by choosing Choice D and following these initial steps:

Be Aware of Your Data and Know How to Leverage People, Processes and Technology

Before making any decisions about a company’s data, counsel needs to understand what, and where, data is stored and what the current policies regarding data retention and destruction are. Counsel needs to be especially concerned with the nature, location, security and maintenance of personally identifiable information (PII) as well as “dark data,” or data that is created, processed, and stored in the regular course of business and is not currently in use. Once a corporation’s data is located and secured, the next step would be to leverage current employees in the IT and Information Security departments to ensure the appropriate emphasis is placed on training them and the organization-at-large about the policies and definitions of the IG program. In addition, data categorization, auto-classification, and predictive coding solutions may be utilized as part of your IG strategy to reduce costs while organizing data for future use. Furthermore, counsel must consider data that has been placed on legal hold and held in a legal hold repository. This data and the associated obligations are the burdensome, but necessary, exceptions to effective IG that can lead so many corporations to complacency.

De-Cluttering Company Data…

The success of IG programs depends on a number of factors, including the increased business utility of the data under management, storage savings, impact on ediscovery and company productivity. In today’s modern age, data tends to accumulate exponentially. To prevent the hoarding of extraneous data, corporations must learn to dispose of unnecessary information and learn to sift through the types of data that will have a great effect on protecting company, employee and consumer data while streamlining ediscovery responses by eliminating irrelevant documents. In addition, de-cluttering company data can increase the value and efficiency of an IG program, thus allowing for more effective analytics.

…But Keeping the Necessary Documentation

Through the process of streamlining the IG program, organizations must ensure that they effectively document their processes. This includes clarifying IG program goals, definitions, policies and procedures, as well as employee training, enforcement actions, audit practices and program evaluations. Corporations should document these processes in anticipation of dealing with legal or regulatory actions, as well as help in the overall evaluation of the IG program. Successful documentation can lead to increased visibility and better opportunities for corporations to address and fix problems.

If corporations wish to avoid a data disaster, the choice is clear. By utilizing an effective IG program to locate, secure, and document their information retention and destruction processes, corporations may avoid or, at a minimum, mitigate the risks and damages that result from data breaches and/or regulatory and litigation events. For more information, check out Information Governance: Be Prepared for a Data Disaster today!

Information Governance: Points from the Professionals

Information governance (IG) is becoming more and more critical to any organization’s success in controlling the sheer mass of data generated in the ordinary course of business.  However, determining the best ways to get information under control has many organizations at a standstill, with too many organizations only enacting IG practices after disaster strikes.

To highlight the importance of developing effective IG programs, the Information Governance Initiative (IGI) interviewed a number of IG practitioners in differing industries and recently published two reports.  Stories in Information Governance: The IGI 2015 Benchmarking Report and the accompanying document, Information Governance: Tips from the Trenches, compile valuable expert insight and practitioner tips to help any organization evaluate and cultivate an IG program. Across both resources, a couple central themes emerged:

Secure Support for Information Governance

Selling a program meant to protect against a vague, future threat is undoubtedly a challenge, but securing executive support and funding is essential for success. Using mock scenarios to test your program’s strengths and weaknesses, calculating the costs of inaction and consulting an outside expert can help win over a tough crowd and jumpstart an IG program or revive an old one.

Integrate Information Governance into the Entire Organization, not just a Single Department

By coordinating IG throughout the whole organization, end users will learn to think of information as belonging to the organization as whole, not just one department’s problem. For example, creating a senior IG role and developing an IG council of interdepartmental players can optimize the effectiveness of a program.  Further, exploring technology options that can automate as many processes as possible and eliminate end-user variability can make for a streamlined, cost-effective integration of IG policies and procedures into your organization.

Look for Smart Solutions to Challenging Information Governance Problems

Encountering roadblocks while starting and running an IG program is par for the course; don’t shy away from creative solutions. Proactive and creative planning gives you the chance to highlight the value of a strong IG program and garner support from key stakeholders. For example, leveraging versatile technology used to address one problem for other purposes can help stretch a limited budget. Rather than fixating on short-term hang ups, utilizing resources and finding a balance between completing current projects and achieving long-term goals will create a strong IG core at the heart of every project.

Webinar On-Demand: Applying Technology to Information Governance

Information Governance

Within an enterprise, the importance of information governance (IG) is greater than ever as we soar towards a global economy equipped with rapidly evolving technology. Understanding how modern technologies and ediscovery practices apply to IG is integral.

Kroll Ontrack recently presented a webinar, Applying Technology to Information Governance, addressing just this. Panelists included:

Together, these two experts discussed the complexities of IG, along with how to develop and implement successful programs.

Defining Information Governance

The best place to start the conversation around information governance is to understand what it is and how it differs from information management.

  • Information Management: HOW information flows through an enterprise. Activities include collection and distribution of information in an organization.
  • Information Governance: WHY an organization has information in the first place. Activities involving information governance run the gamut from ediscovery and privacy to business intelligence and analytics.

Developing Information Governance Programs

There are multitudes of IG programs that a company could develop. What an organization chooses depends on its business needs and available resources. A successful program will leverage these key tenets, starting small and building momentum:

  • Define organizational objectives
  • Determine the information needed
  • Organize the information
  • Ascertain the value
  • Dispose of the information when it is no longer valuable

Common IG projects companies are undertaking today include:

  • Updating policies and procedures
  • Data consolidation and cleanup
  • Defensible data remediation
  • Intelligent migration
  • Legal hold

Information Governance Resources

Looking to learn more about what information governance (IG) is, how to develop IG programs, and what IG projects companies are undertaking today? Download this Kroll Ontrack webinar on-demand.

Further, don’t miss this new IG resource from the Information Governance Institute (IGI): Information Governance in 2020.