February/March 2010 / Features
E-Discovery is Just One Cog in the Machine
Companies continue to “keep information they should destroy, destroy information they should keep, disclose information they should hold close, and lose information they should protect,” according to the authors. The problem, in their view, is that companies manage such challenges from a limited tactical point of view, and not strategically.
The authors identify twelve information and technology “domains,” each with its own objectives, sources of authority and legal requirements. They argue that tactical decisions made within each domain should be made in light of a larger strategy, informed by principles of governance, risk management and compliance, sometimes referred to as “GRC.”
The objective of their first domain, “Evidence and Electronic Discovery,” is handling information in the context of actual or potential legal proceedings. Another domain is “Information Security,” where the objective is to protect the confidentiality, integrity, and availability of information. Other domains identified in the authors’ analysis are Data Privacy, IP, Records Management, Cyber and Internet, Consumer Protection, Employment, Ethics and Privilege, Incident and Emergency Response, National Security, and Cybercrime.
The authors suggest a governance structure, a listing of compliance requirements and a cost-benefit analysis of proposed decisions as ways of harnessing tactics in each of the domains to an overall GRC strategy.
