Disposing of information is dangerous if a firm does not implement solid information governance policies and procedures. In fact, by implementing a robust program, firms can dramatically increase transparency and simplify the regulatory compliance process. Even better, they can significantly reduce information technology (IT) costs and the risks associated with information security (IS) and privacy issues.
A belief that storing data is cheap and protects companies from compliance violations has fueled a “save everything” mentality. But storing data isn’t cheap. According to a 2010 Gartner report, IT shops already spend between 2 percent and 3 percent of revenues on data management, which can add up to millions or even hundreds of millions of dollars each year. Corporate data volume grew by about 50 percent in 2009, and research firm IDC predicts that data will grow by a factor of 44 in the next 10 years. Many firms have found that more than half of all the data currently being stored, archived, secured or otherwise managed has no legal, compliance or business value.
Keeping this data not only results in unnecessary costs related to data storage and management, but also makes it far more difficult to comply with regulations, respond to requests for legal holds and use high-value business information effectively. Determining what information can be disposed of may seem like an insurmountable challenge. Simply indexing and searching all this data won’t reveal what’s subject to regulatory obligation, what’s of business value or what may be subject to a legal hold.
Obligation and value must be determined by business people making systematic, informed decisions — the “governance” in “information governance.” Presenting them with an index of petabytes of data and asking them to make retrospective business decisions simply doesn’t work. However, provided you have an overall plan, a global program based on key building blocks can be implemented in stages based on the way your businesses are organized; the jurisdictions where they operate; the perceived business, legal or regulatory risk levels of the information; or where your firm has expertise.
The above quote is from an article titled Information Governance: A Practical Approach for the Dodd-Frank Era in Wall Street and Technology. For those in the financial sector I would recommend this read. In information governance there is a clear link between legal and IT and one of the things that I enjoyed about this article is that it showed how RIM should interface with them to achieve defensible dispotation. The article lists out four practical steps to achieve defensible disposition and they are:
- Systematically link the business processes in legal, record information management and IT to provide structural and automated collbaoration and transparency with systematic workflow.
- Modernize the records management program so it provides reliable, actionable information procedures to IT managers.
- Treat legal holds as an enterprise process rather than a legal department task
- Ensure IT can determile, using its terms and without interpreation, who and what is on hold, what is of value and what is subject to regulatory obligation