The ROI on information governance: measuring success

There are significant roadblocks in the way law firms conduct business that inhibit a maximum return on investment (ROI) as it relates to information governance (IG). Download this report to discover:

• A select set of areas within IG that can contribute to an increase in your firm’s return on investment
• The risks presented by these areas
• Potential solutions that can be implemented to address associated challenges

Executive summary

Achievement of greater returns on Information Governance (IG) investments takes perpetual attention, effort and action. As with most organizations, there are significant roadblocks in the way law firms conduct business that inhibit a maximum return on investment (ROI) related to IG. For example, the average employee spends an estimated 2 to 4 hours per week searching for information, totaling just over 200 hours per year (Tolson, 2014). This does not take into account the time required to recreate or reproduce information that could not be located or other similar activities that minimize efficiency, productivity and increase cost; all of which detract from IG efforts and financial returns to the organization. But, identifying threats to IG investments is not as straight-forward as it may seem. Issues such as data redundancies, overtly manual processes and ineffectual retention policies, often do not make it on the organizational radar as a priority, if at all.

This report highlights a select set of areas within IG that can contribute to an increase in a firm’s return on investment, the risks presented by these areas and potential solutions that can be implemented to address associated challenges.

Introduction

Destruction: getting rid of what is no longer required

Destruction of information, in all formats, when it is no longer required to be maintained for legal, regulatory or operational reasons is one of the cornerstones of a strong IG program. Additionally, destruction is a very measurable activity and can be effectively used to show the impact of an IG program on a firm’s bottom line.

Traditionally, attorneys have been described as hoarders, wanting to keep everything “just in case.” With the increased pressure of client compliance, ISO certification and increasing costs across a firm, that mindset has begun to change. “…clients from multiple industries are examining how their outside counsel protects information across their enterprise – not just within their technology, but also within their policies, procedures, and people.”

The risks and challenges of keeping information forever are nothing new to records and information management (RIM) and IG professionals. In fact, 76 percent of organizations have a “keep everything” culture, so many in the IG field have been struggling to comply with their firms’ policies for information retention and destruction for their entire careers.

Within an IG framework, there are three main reasons to keep information:

• The information is useful or potentially useful to the business (defined as “vital records”)
• The information is within the retention period of the firm’s records retention schedule
• The information is placed on hold as part of a known or potential preservation order

Keeping information that does not fall into these three categories leads directly to avoidable storage cost of both paper and electronic format and unnecessary risk of data breach exposure. Another significant risk of over-retention of records is the loss of clients who are increasingly demanding that law firms not only have a defensible retention and destruction policy but are actively enforcing it.

True cost of storage

To be able to measure the ROI of a compliant destruction program, a firm must first determine what is meant by “storage.” In the past, the cost of storage was primarily reflected in the invoices associated with a firm’s offsite physical storage vendor. Today, not only does a firm depend on physical and electronic repositories (e.g., email, document management systems and shared drives) they also have information stored with eDiscovery vendors and practice area SaaS (cloud) solutions. Developing a “true cost of storage” measure for a firm can be an involved process, but there are some basic elements to consider when creating a base-line storage spend:

• Offsite storage of boxes
• Square footage for onsite storage of records located in firm Record Centers or office areas and workrooms
• High availability electronic storage
• Unstructured data storage
• Backup and redundancy media storage
• Virtual Deal Rooms and eDiscovery hosting
• Overhead associated with managing physical data assets (personnel, infrastructure, time and effort associated with filing and retrieval, etc.)
• Overhead associated with managing electronically stored data assets (system administration, migration fees, etc.)

A firm must decide which components make the most sense for the calculation of its true cost of storage. Once a baseline is established, it then becomes simpler to forecast trends and rates of growth, and to measure the success of your destruction program.

Destruction of records and information can be daunting. The key to a successful defensible destruction IG program is an authorized policy and a systematic approach. Even with these elements in place, in many instances destruction programs never get started because the job feels too big. A firm may have physical storage dating back 50 years or more with little or no descriptive data about it. And if decisions could be made about destruction eligibility, there may be no budget to cover the destruction cost for shredding by a vendor. When considering electronic content, many shared drives, email and other applications have no client matter structure, making destruction activities virtually impossible. Complicating matters, there may be no teamwork between the RIM and IT departments.

The key to successful destruction is twofold.

First, all data is not the same. How a firm manages its legacy data can be very different than how it destroys information going forward. Some examples for destroying information regardless of format include:

• Clients where all matters are closed past the longest retention period (excluding keep forever) of your records retention schedule
• Personal records and documents for departed employees and active employees, providing it has met retention requirements
• Administrative matters that may no longer be in use >> Unknown content of boxes in storage if substantiated and documented

Second, a firm must have a plan that includes these basic steps:

• Check laws and regulations
• Document use cases
• Work with your general counsel to verify the plan
• Follow the plan
• Work across all repositories, both physical and electronic

Measuring the ROI of electronic destruction

While best practice is to destroy information across all repositories, both physical and electronic, the methods of measuring ROI are not the same. Electronic data is created and received by a firm much faster than the amount of data eligible for destruction. Current data formats such as jpeg and MP3 files tend to have a larger electronic footprint than older data, so it is almost impossible to keep the amount of electronic storage flat, but that does not mean it is a useless endeavor. Most firms experience a positive trade-off when reducing the volume of electronic data as they defer making the next storage purchase.

It can be challenging to capture the cost of electronic data. With paper, a service level agreement with pricing exists and the number of boxes in storage is documented and tracked. For electronic data, there is no simple formula to use for measuring storage cost. A firm’s information technology (IT) department should be aware of the price of both regular and premium storage and able to provide a per Gigabyte (GB) cost for each.