For an information governance (IG) professional, reacting to and protecting an organization is nothing new as information is a critical asset of any organization. However, in an era of increasingly higher levels of regulatory compliance standards and risk of spoliation for the destruction of data, they can also help ensure the organization has a legal defensibility defensible plan in place in the event of litigation. Below are the five things organizations can do to improve the legal defensibility of your organization.
Whether it’s in-house counsel or outside counsel, they ultimately defend the preservation of documents and respond to regulatory inquiries. Some organizations may be averse to contacting their lawyers due to expense. However, the cost of not contacting them can be detrimental to your case. The cost of preservation in organizations was spelled out by William Hubbard in his study on the cost of preservation, the cost for an ad hoc program far outweighs maximizing efficiency and being prepared. Preserving evidence, determining if laws have been broken, and determining your legal response to an inquiry is important, and you should not do so without legal counsel. You may also have in-house counsel you can contact for assistance.
With changing regulations, it’s no longer about best universal practices; it is about becoming an environment of “what legal regulations apply in the location of my data.” What legal and regulatory obligations does your organization have? There are many resources for that including legal and compliance. Join an association that regulates privacy, and spend your time on bulletin boards such as information from all aspects of information governance that include regulation, privacy, security, risk, and compliance. Keep in touch with peers and colleagues in the industry. Attend association events. As an information governance professional, there are myriad ways to collect information and research what your organization may be required to keep and respond to issues or concerns.
Take steps to become more proactive vs. reactive. Gaining and maintaining compliance is critical, but it is also important to document why decisions were made. These decisions can help a lawyer, judge, and possibly a jury understand why and how an organization chose to respond or react to legal and regulatory matters. There are many legal matters that need to be considered, and working with compliance can help an information governance professional prioritize and recommend an action plan, or, more importantly, a prevention plan. Suggest that you form a litigation or compliance response team and plan how you will manage and set your response in action by performing simulations of actual events.
How an organization preserves information and assets associated with legal action is crucial to a legal defensibility position. Information governance experts recommend ensuring a holds process is in place, and that would also include part of your litigation or regulatory response team planning. Identifying trigger events, defining the scope of legal action, implementing the hold, who receives notices, enforcing, and preserving the information are all part of a solid process. It is also important to understand that the legal understands and endorses the process. Make sure you have the right time in place, including in-house or outside counsel, IT, Risk Management, and of course information. Failure to manage legal holds can lead to spoliation or adverse instructions (Zubulake).
Identifying technical stakeholders to create a legal defensibility position is crucial to defending against litigation. IT departments and information governance professionals typically have the knowledge and access to all relevant information inside the organization. Further, if data is stored outside of the network, understanding how information is accessed and stored is crucial. Vendors may be able to assist with the legal hold process, so ensuring their capabilities and confidentiality are understood is important.
Litigation is typically something that is not planned, so preparing yourself for the event before the notification is considered a best practice. There is a saying, defense wins championships, and that saying applies to organizations when preparing for litigation. Having a good defense in place and a plan before the game starts should help your legal defensibility position.
For more information, check out our educational webinar: Creating A Defensible Disposition within your RIM Program.
Robin Athlyn Thompson is a double lifetime-achievement award winner for her subject matter expertise in information as an asset, including Cyber Security, eDiscovery, Information Governance, and corporate buying teams. She is a leading industry micro-influencer and was the recipient of the first ACEDS lifetime achievement award for her groundbreaking work in identifying emerging buyers, was honored by the Executive Women’s Forum as a woman of influence in Risk Management. She blends practitioner work on MDL litigation and governance, with sales and marketing experience today as a market strategist and brand manager.