This is the second blog in our series regarding the obligations to preserve, identify and collect all relevant and material records in litigation or during an investigation. Earlier this year we wrote about the importance of preservation and the serious consequences that may be felt by organizations for their failure to comply with their obligations. This second blog focuses on identification.
When litigation is commenced or a production order is issued, clients frequently find themselves scrambling to identify the individuals involved with the issues under review and location of the relevant electronic information. Where employees have departed or the issues are historical, locating electronic information can be particularly problematic. It is usually during this phase that an organization realizes that the patchwork of policies regarding document organization, document retention, and BYOB do little to assist legal counsel and IT with satisfying the organization's legal obligations to identify relevant information.
In the age of "big data", with many organizations feeling the constant threat of security breaches and struggling to stay on top of the numerous privacy concerns, it is very important for organizations to have in place systems to effectively manage their information. Studies suggest that management of information is impacting business productivity and creating costs and liabilities for organizations. (Charles R. Ragan, Information Governance: It's a Duty and It's Smart Business, 19 Rich J.L & Tech 12 (2013) [Regan, Information Governance])
Over the past several years, an area called "information governance" has developed to assist organizations in managing their information. Information governance has been described as a holistic approach to managing and leveraging information for business benefits and encompasses information quality, information protection and information life cycle management (IBM's definition as per Judith R. Davis, Information Governance as Holistic Approach to Managing and Levering Information 1 (2010)).
A well-functioning information governance program will involve personnel from numerous different departments including business leaders, legal, IT, internal audit, risk and compliance, records and information managers, and security. Once implemented, an organization should find that, among other benefits, valuable information is reliably and readily accessible; confidential and proprietary information is protected; the costs of keeping information is optimized; and the organization avoids substantial risk of failing to retain information in accordance with legal regulations (Regan, Information Governance).
While the failure to implement proper information governance systems has not been considered in Canada, a United States court has suggested that directors' obligations to a corporation include a duty to attempt in good faith to assure that a corporate information and reporting system, which the board concludes is adequate, exists, and that the failure to do so under some circumstances may, in theory, at least, render a director liable for losses caused by non-compliance with applicable legal standards (Caremark Int'l Inc Derivative litigation, 698 A 2d 956 (Del Ch 1996)).
Thus, organizations are well advised to implement an effective information governance strategy as soon as possible.