As business records have transitioned from paper to electronic, they are available on many platforms, in many formats, and have proliferated to the point where they have become a substantial risk and drain on resources. The discipline of “records management” can no longer be narrowly defined to cover custodianship of files and boxes. Organizations must consider all aspects of information governance, which now incorporates records retention, electronic commerce, privacy, information security, admissibility of electronic evidence, and electronic discovery.

In today's economy, information can be a company's most valuable asset, and at the same time its biggest source of financial and reputational risk. As a result, governments and private sector organizations are turning to their trusted advisors for help in five critical areas: (1) privacy assurance; (2) information security; (3) electronic commerce; (4) litigation preparedness, and (5) electronic records management. While each of these areas requires the attention of executive management and outside expertise, they are all tied together under the rubric of information governance.

Who should be accountable for information governance? By its very nature, information governance is multi-disciplinary. While corporate IT must be heavily involved, it is not up to IT to determine, for example, retention periods or policies around the content of information assets.

By the same token, the scope of information governance extends beyond traditional records management, but electronic records management is a key aspect of information governance.

How is the legal department involved? Historically law departments may not have had much to do with records management, and may have had practically nothing to do with IT except software licensing, if that. But now, it is clear that information governance has many critical legal aspects, and general counsel must step up to engage if not lead the initiative to better corporate performance in the realm of information governance.

Legal issues include:

1. Opinion as to admissibility of corporate records as evidence
   
2. Defensibility of e-discovery processes, whether internal or outsourced
   
3. Determination of legal retention periods
   
4. Contractual issues with cloud service providers
   
5. Implementation of legal hold
   
6. Protection of privacy of personal information (customers and employees)
   
7. Compliance with electronic commerce legislation
   
8. Input into threat and risk assessments for security purposes
   

The following questions should be posed by any General Counsel:

1. When it comes to corporate email, is your IT group managing content or just volume?
   
2. Are they managing volume by adding more storage capacity?
   
3. Is your executive team aware if the serious risks and hidden costs associated with over-retention of data?
   
4. Does your organization have an electronic records management policy and is it effectively implemented?
   
5. Have you delegated ERM to IT?
   
6. If your organization's financial spreadsheets had to be produced to a regulator, court or tribunal, how would you go about proving their authenticity?*
   
7. Are you confident that the personal information of your customers and employees is segregated and destroyed at the mandatory time?
   
8. Are you managing your electronic records or just storing them?
   
9. Are you considering moving to “the cloud” but concerned about privacy, access, and security?
   
10. Are electronic discovery issues covered adequately and fully understood in your email archive or enterprise content management (ECM) project plans?
    
11. At your organization, IT and RM professionals are likely planning a move to “the cloud” – that is, outsourcing corporate applications and data to offsite third party providers. Are information governance and legal compliance issues being effectively addressed?
    
12. Your in-house law department has expertise in many areas related to your core business activities. Are your lawyers sufficiently knowledgeable about electronic commerce, privacy, information security, admissibility of electronic evidence, and e-discovery to advise your business leaders or take a leadership role on matters of information governance?
    
13. Principle 3 of the Sedona Canada Principles, which have been incorporated by reference in the law of Ontario, provides: “As soon as litigation is reasonably anticipated, parties must consider their obligation to take reasonable and good faith steps to preserve potentially relevant electronically stored information.” As an organization, do you know where potentially relevant electronically stored information might be? Would you be able to take effective steps to identify, preserve and collect this information?
    

Organizations have been using technology for about 25 years, creating, sharing and storing electronic business records without the benefit of retention schedules and clear guidelines about archiving or destruction. Are there ghosts lurking in your electronic closets? Contact Martin Felsky for a free consultation.