Most companies have, or are developing, programs for records and information management (RIM), in-house e-discovery and the control of sensitive information such as privacy data and intellectual property. Historically, these programs have been run as separate work streams by the legal, compliance, audit or IT organizations. But within the past year, we have begun to see a trend of companies combining these initiatives into a single work stream. Killing three compliance birds with a single program stone can save time and money.
Running separate RIM, e-discovery and data privacy programs can create conflicts or extra work. For example, the records organization may be creating retention schedules that are completely different than the information security organization’s data classification standards (often discovered late in the process). Furthermore, these work streams cover the same ground. Information collected as part of a records type inventory is often very useful for data privacy, but this information is frequently collected twice.
We have found that three separate work streams are more work, more expensive and take longer than a single, combined work stream. Consider combining your programs using these methods:
1. Incorporate data sensitivity as part of record retention schedules. Include data sensitivity classification as part of the document retention schedule, ensuring a single, content-based inventory of documents.
2. Leverage data loss protection to limit risk in e-discovery. Data loss protection tools used to protect sensitive information from leaving secure repositories can be used to corral other types of documents, reducing the scope of discovery.
3. Use ESI mapping to identify sensitive data leakage. ESI mapping processes can be used to track data in and out of secure repositories.
4. Train employees once for records, e-discovery responsibilities and privacy. Business units welcome fewer compliance training sessions, with each session covering more content.
5. Data audit processes can focus on both records and sensitive information. Data privacy audits also can examine record retention (or the lack thereof).
6. Better records archiving can make e-discovery much easier. Better control of records and other documents simplifies e-discovery.
Of course, the biggest challenge in integrating these work streams is political. Each group is mainly concerned with driving its own initiative, and is fearful of sharing limited resources as part of a larger project. Nevertheless, we have found that often the economies scale provided by combining initiatives allows these projects to go faster, reduces the likelihood of getting stuck and reduces total workload. And in times of tight budgets with too much work, reducing workload is a good thing.