Legal Stakeholders and the Information Governance Reference Model
Written by Doug Austin, Editor of eDiscovery Today
Last week, I introduced a new blog series on the IPRO blog called Considering the 5 Stakeholder Groups of the Information Governance Reference Model (IGRM) and I set the stage for the series by discussing the IGRM model in general, the complexity of information to be managed by organizations today and identified the five stakeholder groups. This week, I begin my look at the stakeholder groups by starting with Legal stakeholders.
Legal Stakeholder Information Needs
As a person who writes an eDiscovery blog, it’s easy for me to look at every potential information need for Legal stakeholders as the proverbial “nail” related to the eDiscovery “hammer”, including considerations for investigations and compliance as well. But, from an operations standpoint, Legal stakeholders have many more information needs than those that apply just to eDiscovery. Here is a list of ten potential areas associated with legal operations:
- eDiscovery & Legal Hold
- Legal Department Strategic Planning
- Vendor Management
- Analytics Metrics & Dashboard
- Team Building & Communications
- Processes & Technology
- Knowledge Management
- Financial Planning, Analysis & Management
- Managed Services & Legal Process Outsourcing (LPO)
- Global Data Governance
While I’d like to take credit for identifying those areas myself, I got them from the Association of Corporate Counsel’s ACC Legal Operations website, which has a terrific infographic to illustrate legal operations as a “hub” function in corporate legal departments here. I could write an entire blog series just on those different operational needs – it’s obvious from the infographic and the list above that Legal stakeholders within an organization have a lot of potential information needs to support these various operational initiatives.
Legal’s Relation to Other Stakeholder Groups
To accomplish its role from an Information Governance standpoint within an organization, Legal needs to collaborate with the other stakeholder groups to achieve the following objectives:
- Identify and Protect Data Sources Necessary to Support the Above Operational Initiatives: Legal must not only effectively understand where information is located to support those initiatives and access that information quickly, they must also establish requirements from a legal and regulatory perspective regarding maintenance, preservation and destruction of that information, including notifying the other stakeholder groups when changes to laws and regulations impact those requirements.
- Generate and Manage Information to Support Legal Objectives: Legal will likely be responsible for at least generating (if not maintaining) agreements and other documents designed to protect the organization from a legal standpoint. Everything from non-disclosure agreements (NDAs) to contracts for services performed could be generated and possibly maintained by Legal.
In other words, Legal stakeholders are big users of information within an organization, but they also establish many of the requirements for when, how and how long that information is created and maintained within it. To do their job effectively, Legal stakeholders not only need to understand their information needs and organizational requirements, they also need to understand technology and how to maximize it to accomplish those goals.
Legal Stakeholder Recommendations for Better Information Governance
Here are some recommendations for Legal stakeholders to help an organization improve its overall Information Governance program:
- Identify and Periodically Revisit Legal Use Cases: As you saw above, there are a lot of potential use cases Legal stakeholders may have regarding organizational information. So, they need to flush out those various use cases to identify their data requirements to support their various ops needs and revisit periodically to adjust use cases or even create new use cases as requirements dictate (e.g., new use cases being identified due to strengthened data privacy laws). Also consider conducting a SWOT analysis for various legal use cases to determine what strengths and weaknesses you have when addressing the opportunities and threats your organization is encountering regarding supporting those use cases.
- Actively Participate in Organizational Data Mapping Activities: To ensure that they understand where the data is located within the organization to support its use cases, Legal must be an active participant in the data mapping process to not only identify where data is located within an organization, but also to ensure the data to support their legal ops objectives will be there when needed (i.e., the “Why” for the data that’s needed).
- Keep Current on Legal Trends That May Impact Organizational Requirements: A great example of that is the changing data privacy landscape with new regulations like Europe’s General Data Protection Regulation (GDPR) and California’s California Consumer Privacy Act (CCPA). Those are just two of the many data privacy regulations that have been passed in the last couple of years – numerous other states and countries have updated their requirements as well and there can be differences from GDPR and CCPA. Legal needs to stay current on changes to legal trends, especially in areas that are changing quickly.
- Find Your Inner Geek: To better communicate with other stakeholder groups, it’s best to understand how to “speak geek”. Attend webinars to learn more technical concepts and consider setting aside 5-15 minutes a day to read about technical concepts (this blog and eDiscovery Today are great places where you can do that). Legal may understand “what” is required, but the other groups can indicate “how” to make it happen, so it’s important to understand how to effectively communicate with them to get there.
- Embrace the Use of Technology: As you find your inner geek, emphasize the use of technology to support Legal use cases. With the volume of data and variety of data sources, index-in-place and artificial intelligence (AI) technologies are becoming more essential to addressing any organization’s information governance needs today. So, learn about and be open to those emerging technologies as well.
Next week, we’ll continue with the goals and considerations for Records Management (RIM) within an organization. See you then!
For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, follow, eDiscovery Today! And as part of the continued educational partnership between IPRO and eDiscovery Today, he’ll be here in the IPRO Newsroom next week with more educational content!