For information governance (IG) professionals, reacting to and protecting an organization is nothing new as information is a critical asset of any organization, but they can also help ensure the organization has a defensible plan in place in the event of litigation in an era of increasingly higher levels of regulatory compliance standards, and risk of spoliation for destruction of data. Below are the five things organizations can do to improve the legal defensibility of your organization.

Involve Legal

Whether it’s in-house counsel or outside counsel, they ultimately defend the preservation of documents and respond to a regulatory inquiry.  Some organizations may be averse to contacting their lawyers due to expense. However, the cost of not contacting them can be detrimental to your case.  The cost of preservation in organizations was spelled out by William Hubbard in his study on the cost of preservation, the cost for an ad hoc program far outweighs maximizing efficiency and being prepared.  Preserving evidence, determining if laws have been broken, and determining your legal response to an inquiry is important, and you should not do so without legal counsel. You may also have in-house counsel you can contact for assistance.  

Research

With changing regulations remember, it’s no longer about best universal practices, it is becoming an environment of “what legal regulations apply in the location of my data.”  What legal and regulatory obligations does your organization have? There are many resources for that including legal and compliance. Join an association that regulates privacy, spend your time on bulletin boards such as information from all aspects of information governance that include regulatory, privacy, security, risk, compliance.  Keep in touch with peers and colleagues in the industry. Attend association events. There is a myriad of ways to collect information and research what your organization may be required to keep and respond to issues or concerns.

Compliance

Take steps to become more proactive vs. reactive. Gaining and maintaining compliance is critical, but it is also important to document why decisions were made.  These decisions can help a lawyer, judge, and possibly a jury understand why and how an organization chose to respond or react to legal and regulatory matters.  There are many legal matters that need to be considered, and working with compliance can help an IG professional prioritize and recommend an action plan, or, more importantly, a prevention plan.  Suggest that you form a litigation or compliance response team and plan how you will manage and set your response in action doing simulations of actual events.

Holds

How an organization preserves information and assets associated with legal action is crucial to a defensible position.  IG experts recommend ensuring a holds process is in place, and that would also include part of your litigation or regulatory response team planning.  Identifying trigger events, defining the scope of legal action, implementing the hold, who receives notices, enforcement, and preserving the information is all part of a solid process.  It is also important to understand that legal understands and endorses the process. Make sure you have the right time in place, including in-house or outside counsel, IT, Risk Management and of course information.  Failure to manage legal holds can lead to spoliation or adverse instructions (Zubulake).

Technical Stakeholders

Identifying technical stakeholders to create a defensible position is crucial to defending against litigation.  IT departments and IG professionals typically have the knowledge and access to all relevant information inside the organization.  Further, if data is stored outside of the network, understanding how information is accessed and stored is crucial. Vendors may be able to assist with the legal hold process, so ensuring their capabilities and confidentiality are understood is important.

Litigation is typically something that is not planned, so preparing yourself for the event before the notification is considered a best practice.  There is a saying, defense wins championships, and that saying applies to organizations when preparing for litigation. Having a good defense in place and a plan before the game starts should help your defensible position.

For more information, check out our educational webinar: Creating A Defensible Disposition within your RIM Program

 

Robin Athlyn Thompson is a double lifetime-achievement award winner for her subject matter expertise in information as an asset, including Cyber Security, eDiscovery, Information Governance, and corporate buying teams.  She is a leading industry micro-influencer and was the recipient of the first ACEDS lifetime achievement award for her groundbreaking work in identifying emerging buyers, was honored by the Executive Women’s Forum as a woman of influence in Risk Management.  She blends practitioner work on MDL litigation and governance, with sales and marketing experience today as a market strategist and brand manager.