By Robert Kirtley on 7/27/20 9:00 AM
The need for most organizations to transition to remote almost overnight has presented them with incredible challenges to their information governance programs. Information governance (“IG”) is the strategic approach to how organizations manage and control the information created and managed by them, with an eye on risk, compliance and legal requirements.
An effective IG program balances business requirements, infrastructure costs and legal/compliance risks to manage every aspect of information creation, use and the ultimate disposition of information. Good programs focused on ensuring that risks and training employees, but there was almost no opportunity to train employees for the new world of working at home.
Employees that have never worked remotely are suddenly thrust into an environment where they are figuring out to get their work done, but often in a way that potentially compromises the security and integrity of firm information. For example, we have clients whose children must now attend school virtually and the only computer available for them is the company computer. Or their company computer can’t print to their home network computer so they put sensitive documents on a USB drive or email those documents to their Gmail account. They may even be working on a shared family computer that wouldn’t meet organization security requirements, jeopardizing the confidentiality of firm or client information.
In an ideal world, organizations would have had time to take the appropriate precautions, provision the required equipment and deliver the necessary training. That’s not what happened. Given that, there are a number of steps organizations should begin to undertake.
First, organizations should work with their HR and Legal teams to review and update their policies to adapt them to the reality of how employees work today. Those policies should specifically acceptable use and should reflect the current state (not necessarily the desired state) in a way that continues to enable employees to do their jobs.
Next, security, data protection and access management issues need to be addressed. While it is critical that employees continue to be able to work, it is equally important to ensure that appropriate controls are in place to limit access on a least privileged basis – employees should only be able to access the information that they need to access in order to perform their job duties.
Finally, it is vital to ensure that the processes and procedures are in place to ensure that essential business information can be retained and identified if necessary for legal or regulatory reasons. Plaintiffs counsel and regulatory agencies are not going to give organizations a break because of coronavirus. Whether it is being prepared to deal with discovery requests or a regulatory review, it is imperative that organizations have a plan.
iDiscovery Solutions, Inc. (iDS) is an award-winning, global, and expert services firm that delivers customized, innovative solutions for legal and corporate clients’ complex challenges. iDS’ subject matter experts testify and consult in connection with electronic discovery (eDiscovery), digital forensics, data analytics, and cybersecurity/information governance.