Onna Blog: Unified Information Governance: Reconciling Conflicts Between Stakeholders

Information governance is a critical discipline that encompasses many parts of the business. Compliance, security, legal, and IT all have an important stake in managing information; however, when it comes to handling that information, conflict can arise. Priorities may differ when it comes to data retention, archival, and deletion, leading to difficult decision-making. Add in the pressures of data privacy laws, like GDPR and CCPA, and the perils of disunity only intensify.

So what does the decision-making process look like when legal wants to retain data but IT wants to delete it — both with valid reasons? How can organizations avoid spending on outside counsel to weigh-in on internal decisions? If these questions resonate with you, it might be time to take a hard look at what information governance means in your organization. More likely than not, you are taking a siloed approach to information management that has your people working against, rather than with, one another.

Here are six ways to align information stakeholders and proactively avert conflict.

1. Formalize stakeholder relationships

All too often, information stakeholders are thrust into meeting for the first time because of urgent matters, such as litigation or discovery requests. These matters require cross-functional collaboration, and yet crucial relationships may not be defined. To ensure all stakeholders are connected, you may want to start an information governance steering committee comprising key members from security, compliance, privacy, legal, IT, and other lines of business that hold essential company information — like HR or finance. By proactively bringing stakeholders together and formalizing their roles and responsibilities, you can foster clear communication and coordination from the get-go.

2. Understand information’s value from all perspectives

Company information is multifaceted. It lives in different places and serves different purposes, so its lifecycle isn’t clear-cut — nor is its treatment. For example, while personally identifiable information (PII) may need to be held for regulatory compliance reasons, you might want your year-over-year company performance metrics for business strategy purposes. To avoid miscommunication and conflict, your information governance framework needs to address the value of information from all angles. To start, you can ask questions like: What purpose does this data serve? What department(s) are concerned with this data and why? How might this data pose risk, maximize value, or both? The sooner teams address information from a holistic view, rather than a siloed view, the better.

3. Make a plan for potential conflicts with risk front-of-mind

Once you map out the answers to these questions, you can start to spot overlap and conflict in priorities. Although every organization is different, the most common conflict arises around the question of retention — whether to keep or delete. Although you might be legally bound to retain information, you might also be required to delete information for privacy matters. In scenarios like this, it’s crucial that the necessary stakeholders come together to resolve issues, and not just the ones in conflict. Depending on the situation, you may need the input of separate stakeholders, such as IT, to help you understand what technical solutions are possible. Regardless of the nature of your potential conflicts, identifying them early on will help you get ahead of pain, risk, and confusion.

4. Develop an information governance policy

After you outline stakeholder relationships and identify potential conflicts, you’ll want to bake those solutions into your information governance policy. There’s a lot to consider in developing a policy, but a good rule of thumb is to focus on people, process, and technology. You’ll also want to break it into two portions: minimizing risk and maximizing value.

On the minimizing risk front, narrowing down legal, compliance, and privacy obligations first will ensure the most critical protocols are covered. This could include anything from the who/when/how of handling yearly audits to creating a data retention policy. Once that’s done, you can move on to the data maximization portion, which informs how you will protect and utilize your information. This could be anything from handling eDiscovery to data loss prevention measures. Every company’s policy may look different, but the one thing that should remain consistent is alignment from all information stakeholders.

5. Assign roles and responsibilities

Once you develop an information governance policy, you’ll want to make sure every stakeholder understands their roles and responsibilities. This ensures your framework is put into practice effectively. Every organization looks different, but a good way to delegate responsibilities among each department is branching down from the executive level to working groups. Executives, such as the CIO, CSO, General Counsel, and others can operate as key decision-makers, and different departments, such as security, IT, and compliance, can form working groups to encourage better data stewardship over their own information.

6. Unify your information in one place

You can have all the right people and policies in place, but without the right technology, it can still be a challenge to locate your most vital information — which can lead to stakeholder conflict. Especially when it comes to the scattered, proliferating nature of cloud applications, keeping tabs on dynamic data such as messages, threads, and attachments in so many locations can be daunting. More often than not, teams end up heavily relying on IT to expend more time and resources. Implementing a solution that brings all of your siloed data in one private, secure, and searchable place can make it easier for stakeholders to find what they need at a moment’s notice. Not only can this help you avert future conflict, but also reduce risk, maximize value, and enhance compliance.

Organizations have a huge opportunity to leverage key information to help realize their goals — but first, their governance framework must guide key stakeholders towards alignment. By focusing on the factors we’ve discussed, you can start to transform your information governance plan to work for your people, not against them.


DISCO founder and CEO Kiwi Camara on the company’s Q4 2020 $100 million funding: “Legaltech is booming now, and the industry’s real growth has only just begun. Over the next five to 10 years, legaltech will emerge as the next high-growth category of enterprise software. We are delighted to see investors acknowledge DISCO’s position as the category creator and category leader for legaltech. Legal departments and law firms are embracing the power of artificial intelligence to automate away the parts of the practice of law that don’t require human legal judgment, freeing great lawyers to do the work that only they can do.” 

Click for the press release.


Click to check out the article.


Lighthouse, a leader in technology-enabled legal services, today announced the launch of Prism, a new in-house technology that uses AI and machine learning to radically improve document review legal processes. Prism deploys big data analytics along with expert insights and unified workflow consulting to deliver scalable, lightning-speed ediscovery and document review, with the proven ability to save thousands of hours in review time and over $1 million in review costs on a single matter.

Click for Press Release.


Your data is vulnerable. Hackers access home computers. Employees and contractors can cause breaches. The information security risk is real.

Click for SecureReview video.


Control Work From Home with SecureReview. Here’s a handy chart that helps you understand what you may be missing from your hosted virtual infrastructure.


FOR ADVANCED CONTENT MANAGEMENT SYSTEMS (CMS)
If you have a complex, dynamic website—whether it’s created using an advanced CMS like Adobe Experience Manager, Sitecore Experience Manager, Drupal, or some other tool or combination of tools—you need to ensure that you also have dynamic web archiving capabilities.
Hanzo’s Compliance Archiving of Advanced CMS is the guide digital marketing and compliance professionals can use to understand best practices for capturing web content.
Get the Resource for Archiving Success with Advanced Content Management Systems:
  • Features and benefits of top CMS solutions
  • Overview of archiving requirements for regulated industries
  • 3 common regulatory challenges for sophisticated websites
  • 6 archiving best practices including

Click for the White Paper.

Contact us to learn more.


Capture and preserve the most interactive data sources on the web today.

Looking for technology that can archive and preserve digital, social, and online data in an interactive, native format that cannot be tampered with or doctored, can be easily searched and presented, and holds up to legal and regulatory scrutiny? No, it’s not too much to ask.

You see, the web isn’t static, so why are your archives? Hanzo Dynamic Capture provides authenticity via the highest-fidelity, full context dynamic capture, archive, and preservation of the web, collaboration apps, and social media content., and immutable retention that meets WORM storage standards. Our enterprise customers use Hanzo Dynamic Capture to meet FINRA, SEC, FTC, and eDiscovery web preservation requirements.

Even better, you don’t have to sacrifice marketing or digital innovation to maintain your ability to demonstrate regulatory compliance.
Download the Hanzo Dynamic Capture datasheet and see you can demonstrate compliance with confidence.

More documents to review. Tighter deadlines and cost pressures. And more eyes on those documents. SecureReview protects sensitive data.

Click to download brochure.


Like most organizations, your workforce has shifted from the office to home. In the future, a hybrid workforce will be the norm. Are your documents truly secure?

Click to download brochure.