Single copy provided to Chuck Rothman on 02/10/2014

Copyright 2014 eDJGroupInc.com. All rights reserved.

Do not copy, distribute, or transfer.

Why Information Governance

Programs Do Not Work

December 4, 2013
By: Barry Murphy

© 2013, eDJ Group Inc. All rights reserved. Additional reproduction is strictly prohibited. Information is based on
best available resources. Opinions reflect judgment at the time and are subject to change.
 The Information governance (IG) topic is slowly evolving to the point of mainstream awareness thanks to
high-profile data breaches, out-of-control litigation cost, and the simply astonishing growth in the volume of dig-
ital information and the cost to manage and store it. Many refer to the IG market growing rapidly and evolving
quickly, but in doing so, miss the point that IG is not a market or buying category; rather, it is a topic made up of
sub-topics such as storage/archiving, eDiscovery, compliance and GRC, earch, records management, and securi-
ty. As such, IG manifests in organizations as a program versus a specific solution.

Perhaps IG is considered a “market” because of the perception that organizations actually buy IG solutions.

an
hm

/
Organizations Are Beginning To Spend Money On Information Governance

om
ot
Does your company have allocated budget or budget plans for

l.c
information governance over the next 12 months?

R
na
100.0%

ck

ur
90.0%

hu

jo
80.0%
C

y
70.0%

er
by

60.0% 55.8%
ov
d

50.0%
sc
de

40.0%
di
oa

//e

30.0% 24.8%
19.4%
nl

20.0%
:
tp
w

10.0%
do

ht

0.0%
m

Yes No Unsure
fro

Source: eDJ Group / ARMA International Joint 2013 Information Governance survey, in conjunction with ViaLumina N = 278

Page 2
 But, the truth is that organizations are not “buying IG.” Instead, they are spending money on specific IG projects
such as fileshare cleanup or email archiving.

But, IG Itself Is Not Driving Budgets

Has the concept of Information Governance helped you get

more attention and/or funding from decision-makers at your

an
organizations?
100.0%

hm

/
om
90.0%

ot
80.0%

l.c
R
70.0%

na
ck
60.0%

ur
hu
50.0% 46.8%

jo
40.0%
C
33.8%

y
er
30.0%
by

19.4%
ov
20.0%
d

10.0%
sc
de

0.0%
di

Yes No Unsure
oa

//e
nl

Source: eDJ Group / ARMA International Joint 2013 Information Governance survey, in conjunction with ViaLumina N = 278
:
tp
w
do

ht

Referring to IG as its own market reflects the current state of confusion and disarray around the topic. While the
hype builds around IG and the predictive analytics technologies that can help organizations that are drowning
in a sea of information overload, the pragmatic truth on the ground is that a majority of IG programs are simply
m

not working. Not enough organizations truly grasp the impact that poor IG programs can have.
fro

Page 3
 e Negative Consequences Of Poor Or Non-Existent Information Governance

• Complex, sluggish
compliance processes

an
• More information to store
• Inability to e ciently
• Increased eDiscovery costs
manage Legal Holds

hm

/
• Inability to identify PII

om
Higher Increased

ot
Costs Exposure

l.c
to Risk

R
na
ck

ur
hu
Lost Competitive

jo
Revenue C Disadvantage

y
er
• Inability to leverage • Others leverage better
by

corporate intelligence ov Info Gov for competitive

• Intellectual property loss advantage
• Less productivity • Not nimble enough to
d

employees react to market dynamics

sc
de

di
oa

//e
nl

:
tp

eDJ regularly talks with eDiscovery and IG professionals that provide the context for just how negative the con-
w

sequences of poor IG can be. One eDiscovery manager at a very large, highly regulated company relayed a story
do

ht

that is all too common:

The company purchased enterprise software for search and early case assessment several years ago,
m

but was unable to get it working. As a result, eDiscovery is handled by sending forensic disk images
fro

out for processing, hosting, and review. With no ability to cull the data down before sending it out,
the company pays exorbitant hosting and review fees. The eDiscovery support manager went to
the IT team at the company looking for a solution and was met with the “I don’t care” attitude. IT
essentially said, “this is your problem – you get budget for it.” But, the Legal team does not drive
technology budgets at this company. The fact that Legal is paying through the nose in litigation
costs is meaningless to IT.

In a highly regulated company that conducts eDiscovery regularly, this situation is unacceptable. It is, though, a
regular occurrence in many organizations. To be fair, this eDiscovery manager said the attitude works both ways

Page 4
 – when IT makes a mistake, Legal’s attitude is, “That is their problem.” Anyone that works at an organization of
any size knows that department cooperation is difficult and politics are at play, especially when the solution to
the problem requires funding.

Still, though, this kind of situation should bubble up to the top. After all, Legal is bleeding money that could
otherwise be saved. But, rarely do these situations make it to the highest levels for any meaningful consideration.
The reason is that the people that care about IG are not necessarily the ones with the juice to get budget for it. IG
programs are not working because the incentives for the stakeholder involved with IG are misaligned.

an
IG Is Immature Because Of Stakeholder Misalignment

hm

/
om
ot
High

l.c
R
RIM

na
ck
Interest in all aspects of IG

Security

ur
hu

jo
Legal
C

y
Compliance

er
by

CFO CEO
ov
d
sc
de

Business Units CIO

Low
di
oa

Low High
Ability to get budget for all aspects of IG
//e
nl

:
tp
w
do

ht
m
fro

Page 5
 Examine the C-Level executives that should and could care about IG and it is not surprising that most IG initia-
tives are disjointed, under-funded, and ineffective:

Role Driven By Attitude On IG

CEO • Pro tability Should care, but too o en unaware of risks and
• Innovation and Growth costs, especially as it relates to the granular details
• Shareholder value like eDiscovery costs
• Avoiding bad press

an
CFO • Compliance Cares about issues like compliance, but not aware
• Risk management of the detailed IG needs for issues like eDiscovery
• Revenue Growth

hm

/
• Investment opportunities

om
• Pro tability
COO • Operational e ciency Generally unaware about IG issues

ot
• Pro tability

l.c
• Enhance cross divisional/departmental

R
communication

na
CIO • Staying under budget Understands IG issues, but not necessarily
• Infrastructure operational e ciency interested in paying for the solution, especially

ck
when the business case is risk management

ur
Records and Information • Regulatory rules Passionate about IG, but few RIM teams in eDJ’s

hu
Management (RIM) • Information access recent IG survey – 27% - report having budget for

jo
• Legal needs IG solutions
• Standardization
C

y
Business Units • Growth Generally unaware about IG issues and feel the

er
• Information access (high speed on the best devices) need to hoard their data
by

• Minimization of business disruption

Compliance Regulatory rules Passionate about certain aspects of IG, such as
•
ov
• Avoiding sanctions GRC, but o en not aware of the broader IG
d

• Avoiding bad press ecosystem like eDiscovery issues

sc

• Standardization
de

Legal • Ability to manage caseload Passionate about most areas of IG and more likely
di

• Desire to make fast decisions on matters than any other department to “own” IG – 19% of
oa

• Managing litigation spend survey respondents indicated that Legal currently

//e

• Streamline intradepartmental preservation/ owns IG

collection
nl

• Standardization
:

Security • Privacy Understands IG issues and at least peripherally

tp
w

• IP protection involved with parts of it like forensics, but rarely

• Infrastructure operation owns IG – less than 4% of respondents show that
do

ht

CISOs have responsibility for IG

m
fro

This chart is a generalization, but indicative of the state of IG presently and provides useful context for why IG is
so challenging. While it seems trite, one of the core elements of successful IG programs is C-Level sponsorship.
If high-level leadership is not actively engaged in and aware of all aspects of IG, programs are doomed to failure
– it is that simple.

How To Right The IG Ship

There is no silver bullet when it comes to fixing IG. Unfortunately, the organizations that have solid IG programs
tend to be ones that have felt the pain of bad IG – the sanctions, the spiraling litigation costs, the information

Page 6
 overload. The challenges can be overwhelming and intimidating, but it is possible to chip away at IG and get
programs moving in positive directions. To do so, it is critical to:

• Focus on common ground and goals. IG has many stakeholders and those stakeholders need to have common
incentives. Without everyone working toward a common goal that benefits all, IG will be impossible. The
incentives of the stakeholders truly need to be aligned. In addition, IG needs to be woven into corporate
culture; not just something that is given lip service. When it comes to culture, work with it, not against it.
• Obtain C-Level Sponsorship. As previously mentioned, IG programs fail without a C-Level owner. And
ownership needs to mean active involvement – the executive must truly understand all aspects of IG and why

an
they are important. It is not enough to focus on one goal, such as compliance; the executive must understand
how that initiative complements other IG projects like eDiscovery, archiving, and records management.

hm

/
There is not necessarily a “best” owner (meaning, it does not have to be the same executive at every organi-

om
zation), but the executive carrying the IG torch should have the respect of others in the organization and the
ability to get budget for initiatives.

ot
• Gain small, incremental wins. Remember that IG is not a market – no organization is going to buy and IG

l.c
solution. Instead, IG is a series of projects, each of which should ultimately complement each other. A cen-

R
tralized IG team can ensure that the wins in one project can be leveraged in the next project. And, IG proj-

na
ects will likely not span the full enterprise, at least not at first. Instead, projects should attack discrete goals,

ck
such as cleaning up network file shares or gaining control of Legal Hold Notification and preservation.

ur
hu

jo
C

y
er
by

ov
d
sc
de

di
oa

//e

About The eDJ Group

nl

eDJ Group is a new kind of research firm – our analysts are “working analysts” that cycle between consulting
:
tp

engagements and research projects in order to keep a real-world perspective. eDJ’s analysts all have 10-25 years of
w

experience in detailed eDiscovery and information governance projects. Our analysts research, analyze, and write
do

ht

based on a combined one hundred (100) years in the legal technology community.
m

We operate with the utmost integrity and commitment to our clients on these guiding principles:
fro

• Independence – All research, reports, advice and services are agnostic and conducted independently without
influence by solution providers.
• Highest Ethical standards – All content is honest perspective based on real experience and interactions with
thousands of practitioners; detailing both successes and failures without favoritism.
• Pragmatic, Experienced Expertise – All services are conducted by industry experts with decades of experience
and strictly vetted by the eDJ Group founders.

For further information about the eDJ Group and their research, please contact Barry Murphy (barry@edjgroupinc.
com) or Jason Velasco (jason@edjgroupinc.com).

Page 7