Governance bites for Global 1000

A survey of information governance practices and challenges in Global 1000 companies has found that defensible disposal is turning out to be a key objective.

Organisations are reacting to the fact that rising ediscovery costs are coupled with the fact that they spend an average of 3.5% of revenues on data management -- much of which has no legal, regulatory, or business value.

The survey, Benchmark Report on Information Governance in Global 1000 Companies, was conducted in collaboration with the Information Management Reference Model (IMRM) project within Electronic Discovery Reference Model (EDRM).

Information governance is the discipline of managing information according to its legal obligations and its business value, which enables defensible disposal of data and lowers the cost of legal compliance.

The study underscores the challenge in connecting the value of information and the associated legal or regulatory obligations with information assets being managed by the IT team -- virtually all material information in enterprises today.

"This Benchmark Report and the survey results it contains are important tools for legal, records and IT executives who want to improve their information management practices. From our EDRM work, we know that much of the cost, complexity, and volume in litigation are a function of companies' practices and habits in information governance," said George Socha, co-founder, EDRM and president of Socha Consulting.

“While I'm not surprised by the findings that data disposal is still out of reach for many companies and that significant organizational challenges exist, they do highlight the important work still to be done to establish rigorous discovery processes that also enable defensible disposal."

The companies surveyed had annual revenue ranging from $US5 billion to more than $US150 billion from a variety of industries including energy, consumer goods, financial services, healthcare, life sciences, and insurance.

The study highlights the structural, process, and organizational challenges which undermine compliance and disposal efforts. For example:
* 75% cited inability to defensibly dispose of data as the greatest challenge and many highlighted massive legacy data as a financial drag on the business and a compliance hazard;
IT, legal, and records disagree on which organization has information management and disposal responsibility;
While 57% of participating organizations have governance committees in place, fewer than 17% believe the right stakeholders are involved;
98% of companies believe defensible disposal is a key governance objective yet only 22% can defensibly dispose of information today;
70% still use 'liaisons and people glue' to link discovery and regulatory obligations to information assets and virtually all respondents enforce quotas on information, leaving them exposed to significant spoliation risk;
85% cited the need for a new approach with new processes and consistent collaboration across legal, records and IT as the critical success factor; and
The gaps between retention schedule development, legal hold communication and actual information management are wide, suggesting the form of schedule has little relevance in today's information environment -- 77% said their schedules were not actionable on electronic information or applicable only to paper.

"Today, virtually all corporate information is managed by IT in its original form and its many duplicates, yet the survey showed that legal holds and retention management practices still function as if information is simply physical records managed by records personnel and general employees," said Deidre Paknad, founder of CGOC, the Compliance, Governance and Oversight Council.

"The survey also showed that while legal executives are well aware of the risks, they have yet to bring the CIO to the table. As data volume continues to rise, so does cost and risk -- it's imperative that CIOs and GCs recognise that they share responsibility and invest together in modernizing their information governance practices to enable rigorous compliance and defensible disposal."

The CGOC Benchmark Report on Information Governance in Global 1000 Companies is available at