Part 1 and 2 of this series are available here and here.
Your company creates a vast amount of data every day. Information about profit margins, business plans, and employees – you name it, it’s probably on your system. But if you are faced with a class action lawsuit, do you have a system in place to identify, locate and preserve relevant data?
Information governance? What’s that?
In ye olden days, decisions about what data to create or where to store it were often made at an individual level. However, during the advent of the digital age, most companies realized they needed more centralized methods to manage the ever-increasing volume of data. Organizations did that by creating plans to standardize everything from where data is stored to how long it is kept, and from what security protections are necessary to who is responsible for it. And that’s how the concept of information governance was born.
“Information governance” is a challenging concept to define. Gartner IT Glossary defines it as the “specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival and deletion of information. It includes the processes, roles, standards and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.”
The Information Governance Initiative defines it as “the activities and technologies that organizations employ to maximize the value of their information while minimizing associated risks and costs.”
For our purposes, let’s define information governance as the policies and procedures designed to manage and protect information. A good information governance plan is a melding of business needs, privacy and security interests, efficiency, and, yes, legal requirements, which is our primary focus.
The Legal Requirements
Every company has regulatory and recordkeeping obligations that will be implicated in creating a comprehensive information governance plan and which should not be ignored. But in the context of a federal class or collective action, Rule 26 of the Federal Rules of Civil Procedure is supreme. As we discussed in a prior article, this rule provides that parties may obtain discovery regarding any non-privileged matter that is relevant to any party’s claim or defense and proportional to the needs of the case, according to certain stated factors. In a class action, a vast amount of electronic data could be relevant and therefore may need to be preserved in order to comply with your company’s legal responsibilities and avoid the potentially devastating consequences that can be imposed by the court.
Thus, even before the threat of litigation arises, your company should consider whether it has a comprehensive information governance plan.
Developing policies for the digital workplace
A useful information governance program should be consistent with your company’s overall business strategies, address relevant compliance and record retention needs, create accountability, and be workable. Because every company is different, no two information governance schemes will be identical. But one thing every good program should have is a comprehensive litigation hold scheme.
A litigation hold scheme should guide you in identifying both the relevant records custodians and any potentially relevant records that are in the company’s possession, custody, or control. This duty can be remarkably broad. It can encompass everything from text messages to digital time punches, as well as both company and personal equipment since more employees than ever are using personal devices to work. Thus, a complete scheme needs to reflect the tools used by your workforce and all the places where data may be stored. Only then can you take appropriate steps to ensure its preservation. Even more specifically, a good litigation hold scheme should provide a way to track who may have relevant data and on what devices, inform all those employees of the need to retain and produce information and materials related to the case, and ensure that they don’t delete anything going forward. It should also take into account any auto-delete program and confirm it is suspended during litigation. Further, your litigation hold plan should ensure you revisit the issue on a regular basis throughout the litigation to remind everyone of the continuing obligation to preserve and produce information, which is particularly important in long-lasting class action cases.
Make it a team effort
Like almost any other digital quandary, implementing proactive policies and responding to active litigation should combine the professional expertise of your legal, technical and leadership teams. Whether to a greater or lesser extent, chances are there are silos of information within your company. A piece of datum will have importance and meaning of one kind to the person who created it, another kind to a member of your IT department, and possibly a completely different kind to your legal counsel. If you don’t break down those silos, then your lawyer can’t make an informed decision, your leadership can’t ensure the most effective policies are implemented, and you may not get the full benefit of the skills of your IT department.
Conclusion
Creating an information governance program that contains a comprehensive and proactive litigation scheme may be a daunting task, but when you’re facing a class or collective action, you’ll be glad that you made the investment.