Legalweek Recap: Meeting the challenges of information governance in the cloud

In 2020, businesses were subject to an unexpected tidal wave of remote work and digital transformation. We’ve now emerged on the other side of it in a more cloud-based world, forced to address a conflict that’s been brewing for a while: How do we continue to benefit from cloud-based apps while controlling the fragmented, unstructured data they produce? 

The answer lies in the minds of industry leaders on the front lines. A few of whom we brought together for this year’s Legalweek New York: Rajan Gupta, Head of Global Legal Technology at Facebook, Stephanie Corey, Co-founder & General Partner at UpLevel Ops, and Jeanne Somma, Chief Legal Officer & Head of Managed Review at Lineal Services. With the help of Brian Hupp, legal ops veteran and our Special Advisor at Onna, we discussed the biggest challenges legal teams face today, and how to tackle them with proactive strategy and policy.

Data explosion in the modern enterprise

Today, the average business uses 129+ apps, which has increased by 68% over the past four years. From Slack and Microsoft Teams, to Zoom and Google Workspace (GSuite), a plethora of cloud apps are the backbone of today’s businesses. 

But this phenomenon is a double-edged sword. On one hand, these apps afford ease and productivity, on the other, they create scattered data silos. Until the latter is under control, businesses face legal and compliance risk, data loss, and miss out on leveraging critical knowledge.

Beyond accumulating in silos, data has proliferated at an unprecedented scale. We’re now predicting 175 zetabytes of data will be created globally by 2025, with as much data residing in the cloud as in data centers. To put this into perspective, a single zetabyte is one trillion gigabytes — an amount beyond most people’s comprehension.

The cost of knowledge fragmentation

“The number one complaint we hear is, ‘We can’t find our data,’” says Stephanie Corey, who has over 20 years of in-house legal consulting experience. Between searching for contracts, materials from outside counsel, or ESI pertinent to litigation, significant time is wasted simply locating the information that matters. In fact, with 20% of the average workweek spent searching for information, it’s estimated that upwards of $12 million is spent per year per employee on finding information.

Without effective information governance, getting data to the right people, in the right place, at the right time, is a challenge. As a result, people find workarounds that eventually snowball into a more complex web of dark data. “They tend to create their own solutions,” says Jeanne Somma, seasoned law practitioner and eDiscovery expert who has specialized in creating technology-driven review workflows. “All of a sudden, you have information governance inception: IG, upon IG, upon IG, and unraveling that is a nightmare.”

The relationship between governance and discovery

Information governance and eDiscovery go hand-in-hand, but they didn’t always. eDiscovery was initially introduced for static emails and documents. Now that pieces of a conversation can live across email, Slack messages, project management tools, and more, it takes a holistic view of technologies to bring context to light.

The connectivity of multiple platforms presents implications for eDiscovery. More data is living in more apps than ever before, each with its own unique formatting, retention rules, native search capabilities, and more. Naturally, eDiscovery professionals care about the bigger picture. 

“We started asking, ‘Where is the data?’ but we didn’t yet ask, ‘Why does it exist?’, ‘How long will it be here?’ or ‘What are we doing with it?’” Jeanne says, reflecting on the early days of eDiscovery. Asking these questions has become critical to conducting efficient data collections and investigations without breaking compliance, leading more eDiscovery leaders to depend on a solid governance framework.

What if you don’t have an information governance program? How do you start?

The experts say it’s never too soon to begin. The most important thing is a commitment to making the program work — which starts with an honest assessment of your environment and buy-in. 

To get buy-in, it’s important to build a business case. Ask questions like: How will this save us money? How can we avoid sanctions and reputational damage that other companies in our space are facing? “Just starting on this journey is really critical,” says Stephanie, “You educate, market, communicate, and you just keep going and going.” 

But education can look different depending on your company. “In large organizations, you might have an IT team focused on eDiscovery. In small companies, it might be a shared IT resource, so you have to spend time educating them on information governance models and frameworks.” says Rajan, who’s had extensive experience in legal and compliance program management across giant tech corporations. “Start small. Ask, ‘What are we trying to solve?’ and move from there.”

The bottom line? Talk to the people who are actually handling your data and doing the work. Learning their processes and needs is the best way to create a realistic, resource-conscious roadmap.

Information governance is not a “one and done” process

Even with a well-thought-out roadmap, the route to an information governance program is not linear. Cloud-based data environments are ever-changing, leading governance policies to bend and shift over time. “Assessment, prioritization, strategy, engagement, implementation, metrics – this process never ends,” says Stephanie.

“You don’t need an all or nothing attitude,” says Jeanne. Instead, building an information governance program is a constant iteration of people, process, and technology. With this flexibility in mind, our experts shared some golden rules of thumb:

  • Know your data
  • Bring records management into the conversation
  • Include IG policies in the Employee Handbook
  • Organize data as it’s being generated
  • Create a risk analysis for data accessibility
  • Develop a solid working relationship with IT
  • Create an IT data map for legal

Although the work is never done, keeping these best practices in mind will position you well to meet the challenges of information governance in the cloud. Now more than ever, it’s critical to identify, organize, and control critical business data — and legal teams are uniquely positioned to make a huge impact that will ripple across their organizations.