Driven, Inc. Acquires Omnivere
January 14, 2019
Lessons Learned for 2019: Spotlighting the Top eDiscovery Cases from 2018
Lessons Learned for 2019: Spotlighting the Top eDiscovery Cases from 2018
January 31, 2019

Information Governance is Not Records Management Repackaged

InfoGovl is not records management

It is easy to mistake the term Information Governance as some newfangled business-speak for combining the business functions of Legal & Regulatory Compliance with Records & Information Management (“RIM” or “RM”).  Or maybe it’s combining RIM and Legal?  Or maybe it’s IT, RIM, Compliance and Legal -- including eDiscovery? 

Information Governance includes all those elements, and so much more.

Defining Information Governance

So what is Information Governance (a/k/a “InfoGov” or “IG”)?

The Sedona Conference Working Group 1 (WG1)[1] defines Information Governance as “an organization’s coordinated, inter-disciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value.”[2]

Similarly, the Information Governance Initiative (“IGI”)[3] defines Information Governance as “the activities and technologies that people employ to maximize the value of their information while minimizing associated risks and costs.”[4]

These two leading definitions[5] confirm that Information Governance consists of the following four components:

  1. WHO: “an organization” or “people”
  2. IS DOING WHAT: conducting a “coordinated, inter-disciplinary approach” or “activities and technology”
  3. FOR PURPOSE 1: “satisfying information compliance requirements and managing information risks” or “minimizing associated [information] risks and costs”
  4. COMBINED WITH PURPOSE 2: “optimizing information value” or “maximiz[ing] the value of their information”

At its essence, Information Governance is about taking a holistic view of information as being both a potential liability and a potential asset. Organizations that do so then establish systems for dealing with the resulting issues, be it a “coordinated, cross-disciplinary approach” or a series of “activities and technologies.”

Why Information Governance? 

Many enterprises face competing and often conflicting demands from a wide variety of stakeholders over the same information. 

For example, within most enterprises, there are numerous stakeholders who have an obligation to reduce or to mitigate the risks and costs of retaining information. From their general standpoint, every piece of paper and every byte of data should be tightly regimented and then destroyed at the earliest possible moment.

In contrast, there are other stakeholders who recognize the potential value in information and who have an obligation to extract as much value as possible from that data. They perceive that data should be readily available 24/7/365 for an infinite duration.

As discussed below, a well-designed and implemented InfoGov program can bring together stakeholders from across the enterprise for the common purpose of establishing and executing a unified approach to governing information that addresses and balances all concerns.  But the challenge of bringing together and harmonizing the myriad of viewpoints can be significant.

The larger the enterprise, the greater the number and diversity of stakeholders who are impacted by choices made on how information should be governed.  This is reflected in the following graphic published by the IGI based on a survey taken of InfoGov professionals.  Respondents listed over 20 other “facets” (i.e., stakeholder groups) with interests that need to be represented in the formation and operation of an InfoGov program. 

The facets of IG

Building an Information Governance Program

An entire book can be written covering the complexities and variations attendant to forming and then running an integrated InfoGov program.  But the following are some common elements that can be found in successful programs:

  • A governance board or steering committee of leaders representing the various stakeholder groups.
  • Lines of reporting between functional areas (or in IGI terms “facets”) and the governance board / steering committee, and from the governing group into enterprise executive management.
  • The establishment of governance documentation reflecting harmonized policies and procedures for the enterprise related to information usage and risk management.
  • Procedures for establishing and maintaining an ongoing program roadmap that deconflicts inter-departmental priorities and budgeting for cross-enterprise information-related projects.
  • A routine of timely, successful execution of each project in the program roadmap.
  • Procedures for ongoing assessment, auditing, and renewal for the program roadmap, governance documentation, and management.

Bottom Line

More companies are finding success at building out an InfoGov program.  However, as the saying goes, “Rome was not built in a day,” and building a full-fledged InfoGov program may not be in the works for every organization.  That should not dissuade enterprises that wish to begin decreasing risks or obtaining value from their information. An InfoGov program can start small, with simple projects designed to manage immediate information risks while considering the usage of data by the business. Common examples include establishing a data map or inventory (sometimes referred to as “file analysis”), clearing out redundant, outdated or trivial (“R.O.T.”) data from enterprise systems, updating the enterprise records retention schedule or file plan, or building a discovery playbook.  Starting small is often the best way to address these issues and surely better than waiting out the ever-increasing challenge of “too much data.” 


[1] The Sedona Conference is a 501(c)(3) non-profit “think-tank,” and the mission of Working Group 1 is “to develop principles, guidance and best practice recommendations for information governance and electronic discovery in the context of litigation, dispute resolution and investigations.” For more information on The Sedona Conference and The Sedona Conference Working Group Series, please see www.thesedonaconference.org.  For purposes of disclosure, the author is an active member of Sedona WG1, WG6 and WG11, and previously served on the Steering Committee of WG1. 

[2] The Sedona Conference Commentary on Information Governance, Second Edition (Public Comment Version - October 2018), The Sedona Conference, available athttps://thesedonaconference.org/publication/Commentary_on_Information_Governance (Reg. Req.).

[3] The Information Governance Initiative is a think tank and community dedicated to advancing the adoption of Information Governance (IG) practices and technologies through research, events, advocacy and peer-to-peer networking.  See more at www.iginitiative.com.

[4] IGI State of the Industry Report, Volume III (May 2018), Information Governance Initiative, available at https://iginitiative.com/resources/the-state-of-information-governance-report-volume-iii/".

[5] Note: ARMA International, originally known as “Association of Records Managers and Administrators,” provides an alternative definition of information governance as “a strategic, cross-disciplinary framework composed of standards, processes, roles, and metrics that hold organizations and individuals accountable for the proper handling of information assets.” While ARMA’s definition does recognize that information is an asset, it does not incorporate the offsetting business demands of managing costs and risks while extracting value from those assets.

Eric P. Mandel
Eric P. Mandel
Eric is an attorney, legal technologist, and privacy professional who has spent the past 13 years focused on solving complex problems at the intersection of law and technology. He has served in senior leadership roles in several U.S.-based trade associations, including The Sedona Conference, the EDRM Institute, the Legal Technology Professionals Institute, and the Association of Certified E-Discovery Specialists, and is a frequent speaker on a broad range of topics relating to electronic discovery, information governance, data regulatory compliance, and data privacy and data protection. Additionally, Eric has worked on numerous leading publications, including The Sedona Principles, Third Edition.
X