Putting the “Govern” Into Information Governance

Putting the “Govern” Into Information Governance
Written by Doug Austin, Editor of eDiscovery Today

Last year, I published a six-part series associated with EDRM’s Information Governance Reference Model (IGRM) on the IPRO blog. I discussed the five stakeholder groups as a whole here, plus I discussed each of the stakeholder groups (Legal, Records & Information Management (RIM), Information Technology (IT), Privacy/Security and Business Stakeholders) individually. See what I did there? I just gave you six more posts to check out for additional information! You’re welcome!

Seriously, though, each group has different goals and considerations for information within the IGRM model that differ from each of the other groups. When we talk about organizations that need to consider information governance and how their InfoGov program works, we’re often talking about corporations. But there’s an entirely different type of organization that also has InfoGov (and eDiscovery) needs – government agencies. They typically have the same stakeholder groups and many of the same challenges that corporations do, and some additional challenges as well.

The types of government agencies that are out there are practically as diverse as the types of corporations – they range from Federal government agencies like the Department of Justice (DOJ), Federal Trade Commission (FTC) and Securities and Exchange Commission (SEC) to State and Province agencies (i.e., including the US and Canada) to City and County agencies. And that doesn’t even include Education related agencies like colleges and universities. It’s pretty typical to think of the needs of government agencies along the lines of Federal agencies, but there are a large number of other government agencies that also have potential InfoGov and eDiscovery needs.

Many government agencies have historically used software to support InfoGov and eDiscovery functions that has been “on-prem” (i.e., contained within the government agency firewall) for security reasons. However, the use of cloud-based platforms is rising, as Jim Gill just noted in this IPRO blog post here, even for government agencies (in certain cases, at least).

Federal Government Agencies

There are at least two unique considerations that have made unique InfoGov and eDiscovery challenges for Federal government agencies: FOIA and FedRAMP:

FOIA: The Freedom of Information Act (FOIA) is a federal freedom of information law that requires the full or partial disclosure of previously unreleased information and documents controlled by the United States government upon request. The act defines agency records subject to disclosure, outlines mandatory disclosure procedures, and defines nine exemptions to the statute. FOIA was moved from its original home in Section 3 of the Administrative Procedure Act (APA). Section 3 of the APA, as enacted in 1946, gave agencies broad discretion concerning the publication of governmental records. Following concerns that the provision had become more of a withholding than a disclosure mechanism, Congress amended the section in 1966 as a standalone act to implement “a general philosophy of full agency disclosure.”

Needless to say, FOIA requests are a huge burden for Federal agencies. The Associated Press reported three years ago that government agencies “turned over everything requested in roughly one of every five FOIA requests” which amounts to receiving either censored files or nothing in 78 percent of 823,222 requests back then (a record over the previous decade). So, FOIA requests are a BIG challenge for Federal government agencies, one with which they have not coped well recently.

FedRAMP: The Federal Risk and Authorization Management Program (FedRAMP) is a government-wide program that provides a standardized approach to security assessment, authorization, and continuous monitoring for cloud products and services. FedRAMP empowers agencies to use modern cloud technologies, with emphasis on security and protection of federal information, and helps accelerate the adoption of secure, cloud solutions. So, for government agencies considering cloud-based solutions for InfoGov and eDiscovery, that means they can consider use of those solutions – assuming they are FedRAMP authorized. FedRAMP authorization typically takes time – at least 213 days from the start of the approval process to FedRAMP approval.

Other Governmental Agencies

State (and province), county, city and other types of governmental agencies don’t have FOIA and FedRAMP to deal with, but they do have other considerations that can be equally challenging. Many state and local jurisdictions may be involved in multi-state or multi-district litigation cases (MSLs or MDLs) against corporations over health issues related to substances such as tobacco (in years past) or opioids (today) which can be a lot of work that may or may not pay off. And there are numerous cases at the state and local level that these agencies may need to be prepared to address. Want a recent example? Take a look at all of the litigation already arising from the power grid failure in Texas just two weeks ago (don’t get me started). For these government entities, InfoGov needs and eDiscovery requirements are comparable to any organization, but budgets are tight and cost predictability is paramount.

So, when we think of organizations with InfoGov and eDiscovery needs, don’t forget the government agencies – they literally put the “Govern” into Information Governance!

Speaking of government agencies, IPRO is currently conducting a Government survey to provide useful information on current InfoGov and eDiscovery challenges for government agencies. If you work for a government agency and are involved in InfoGov or eDiscovery activities, please take the survey here – it’s a simple 10 question, multiple choice survey that literally takes a couple of minutes. When the results are complete, IPRO will compile them into shareable infographics and videos to give government agencies a benchmark for assessing their current legal processes. Don’t miss this chance to share your knowledge and help your peers!

For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between IPRO and eDiscovery Today, he’ll be here in the IPRO Newsroom next week with more educational content!