Five steps in-house counsel should take to mitigate information risk.

• Author: Snyder, H. Kirke

In-house counsel need to collaborate with key information governance stakeholders to help resolve their sometimes-conflicting information management goals and ensure that the IG program has the executive support and resources needed for the organization to achieve its core mission while preventing or mitigating risks.

Because of the risks associated with electronically stored information (ESI), organizations need a strategic information governance (IG) framework that addresses records and information management (RIM), data privacy and security, and e-discovery. If senior management fails to provide the framework, each department's perspectives will drive its data management goals. Their differing perspectives, though, can drive conflicting data management goals and can complicate or circumvent the organization's ability to govern its information effectively.

Perspectives That Produce Conflicting Goals

For example, the RIM perspective is driven by the records retention schedule, so one of its data management goals is to ensure that information is kept as long as--but no longer than--needed to meet legal/regulatory, fiscal, historical, and operational requirements. But, IT's perspective is driven by the need to manage storage costs, so it may establish e-mail account volume limitations that lead to e-mail records being disposed of before their retention requirements have been met, in conflict with RIM's goals.

[ILLUSTRATION OMITTED]

The legal department perspective is driven by the need to avoid judicial sanctions for spoliation, so it may issue broad legal holds that cause information that is not relevant to litigation or regulatory actions to be retained longer than it should be, in conflict with both RIM and IT's goals.

Finally, business units, which are focused on data accessibility and convenience, may utilize third-party cloud data storage applications that put the organization's information outside of the organization's control, where it may not be secure and cannot be managed properly--in direct conflict with RIM, legal, and IT goals.

This is why effective IG requires senior management to collaborate with key stakeholders, hear all perspectives, gain an understanding of how the organization should best manage its information to achieve its core mission while preventing or mitigating risks, and to enlist executive support for appropriate people and financial resources.

The chief legal counsel has a critical role to play in this. Because the American Bar Association's Model Rule 1.1 requires lawyers to provide "competent" representation to clients--in this case their employing organization--in-house counsel can't afford to assume that IT and RIM personnel will get all the legal intricacies right, given the potential legal and financial risks of unmanaged information. The insights and practical advice offered below could help legal counsel save their organizations millions in fees and expenses.

Trends That Stem from Flawed IG

Flawed IG is causing three disturbing trends that carry significant legal and financial risk to corporate America, and in-house lawyers should not be sitting on the sidelines waiting for their number to be called.

Growing Number of Data Breaches

The first trend is the theft of ESI. Data breaches occur virtually every day (e.g., Sony, Target Corp., Home Depot, JPMorgan Chase), with significant reputational and financial costs for organizations. According to the 2015 "Cost of Data Breach Study: Global Analysis" conducted by Ponemon Institute and commissioned by IBM, the average cost of a data breach incident was $3.8 million.

Rising Cost of...