Given the exploding volume of data that organizations in the United States create and store, and the steady diet of compliance, data security, privacy and discovery obligations they face, information governance is garnering a lot of attention these days. As in-house counsel, you know that your company relies on a vast array of electronic information to conduct its daily business activities and to satisfy its legal obligations. But where is this data? Who owns it? What type of data is it? What does it say? How long is it retained? Who has access to it? And when can we dispose of it? Unimaginably huge amounts of data make these questions very hard to answer and make managing all of this information in any meaningful way even harder. Information governance has recently emerged as a new discipline to offer sanity and solutions to this vexing, and constantly growing, problem.
Move Over, Records Retention
Information governance may sound very similar to records retention, but the two are in fact very different. Records retention policies govern the “business records” of an organization. These policies define the retention and expiration of specific business records, as determined by business, legal or compliance requirements. A retention policy typically documents the process for identifying, classifying, storing and destroying these records. While business records can be either tangible objects, such as paper documents, or electronic information, such as email, few retention policies today account for electronically stored business records and how to retain and—equally important—dispose of them. Moreover, designated business records generally account for less than 5 percent of the information and data that organizations create and store. So even with an impeccably crafted and vigilantly followed record retention program, a tremendous achievement in itself, greater than 95 percent of an organization’s information would remain unmanaged, taking up space and creating liability. Simply put, record retention covers only a small piece of a very large information governance puzzle.
