Information governance (IG) is is the antidote to ESI, as recently prescribed in The Sedona Conference Principles on Information Governance (SCPIG).
The SCPIG defines information governance “as an organization’s coordinated interdisciplinary approach to satisfying information compliance requirements and managing information risks while optimizing information value.”[i] We should all question the value of the information that we create before we create it.
Like “think before you print” messages on the bottom of emails, people should begin digital transactions with a “think before” mentality as to whether the data, communication or document they are producing actually needs to exist.
For example, the act of creating an electronic record may carry very low benefit while including the negative value of having to store and search through it in the future. Even worse, the creation of it may come back to bite the author and/or their company.
E-mail composers should ask themselves, “do I really need to create this document, or could I communicate verbally?” If the conversation involves potentially sensitive information, sometimes it may be better to have a face-to-face conversation instead of creating a record.
Especially in BYOD environments, employers need to have well-written, continually updated policies in order to shield their companies from becoming responsible for storing, searching through, and in some extreme cases, subpoenaing from third parties employee’s personal information. Employers should try to decrease employees’ generation of potentially sensitive information by reminding employees that the information kept on their devices may be available to the company, and most likely, third parties. At a minimum, having such policies should cause employees to question whether they are comfortable with the potential disclosure of the information to an employer or third party before downloading sensitive apps and creating personal data within them.
While many employers have come to recognize the need for information governance policies that address retention and deletion, it is also prudent to recognize information creation policies; Employers need to include reminders to employees about the positive and negative value of data they create and to think before they create it.
[i] Italics added for emphasis.