By Jim Coulson

Poor management of electronic information can inhibit global strategies, drive up costs and risks, create business inefficiencies and tarnish reputations. In the meantime, faced with increasing scrutiny by outside regulators and opposing litigators, the cost of compliance and discovery continues to skyrocket.

It is not surprising that organizations look for a quick fix to this dilemma. Unfortunately, the hunt for a quick fix can drive them to make five common mistakes when they try to set up a viable electronic information management program.

1. Developing a policy and throwing it over the wall for your business groups to implement.

Attorneys often feel that putting a comprehensive policy document in place is the quickest, easiest way to get employees to comply with legal and regulatory obligations for managing company records and information. Some organizations believe they can ensure compliance simply by having a mandatory sign-off by business managers that their group has read the policy and is in compliance.

Faced with no way to practically comply, and not wanting to upset senior management, business managers often dutifully sign and then hold their breath, hoping they will not be caught in the next litigation discovery or regulatory review. In reality, compliance is virtually impossible to achieve without modifications to existing electronic systems aimed at supporting the information management behavior that the policy is meant to reinforce.

2. Purchasing software first and letting it dictate your de facto requirements.

Frustrated with their lack of success to get the organization to comply with their policy, attorneys look to IT to provide suitable information management software improvements. In an effort to provide quick relief, IT often reviews major content management vendors, and settles on the latest archiving software that seems to address the issues.

Before the organization's requirements are fully defined it is easy to get caught in sale pitches rather than real features. The result is a purchase that either stays on the shelf, or is never satisfactorily implemented, because it does not provide an acceptable level of ease of use, or worse, lacks vital functions.

3. Not having a cross-functional team working on a resolution.

While IT is the logical leader for the purchase of any hardware/software required to improve data management, they need to have a firm grasp on requirements from a legal, information security, privacy, compliance, records management and user perspective.

Ownership and accountability for the compilation and agreement on these requirements can only be achieved by having representatives from all stakeholders on an official, cross-function project team.

This team must have appropriate resources to draft initial requirements, approve the review and selection of vendors and testing of the software, and oversee the rollout process.

4. Neglecting the needs of users.

Many organizations have felt comfortable with the drafting of a policy and the development of system requirements by a cross-function team, only to find that the rollout of new software and policies results in contrary user behavior — if not open revolt.

The basic rule is to make the level of burden for using any new information management software less — or at least the same — as efforts to end-run the new rules (e.g., copying all e-mail to a home address, using Gmail, using thumb drives or burning CDs to get around storage limitations, etc.).

If you want to generate policy compliance, it is not enough to include all of support services' stakeholder requirements in the new software. You also must address users' needs for simplicity, speed, and integration with existing tools.

This requires first understanding how users work with electronic systems within their business processes. Then you can determine what information they create, use, and need that must be retained for the organization's business, legal, and regulatory requirements.

The key is to use an "exception only" basis for any improvements that require the users' involvement in the management of his or her information.

That approach will minimize the complexity of the process. If this sounds like it will take some time, it will.

5. "This can be done in a few months."

While the issues caused by poor management of information resources have been with us for a few years now, practical answers do not come easily.

We know that a simple refresh of a policy will not succeed unless it is supported by software that can integrate with existing user systems.

The one issue that organizations continue to rate as most frustrating is the lack of available software that goes beyond mere archiving in meeting the information management requirements of all stakeholders.

Crafting requirements and getting buy-in from all stakeholders — including users — and making fundamental changes to how people manage their electronic information requires time.

This is a one- to two-year process for most organizations. It will take even longer for the organizations that keep looking for a quick fix and continue to make the five common mistakes.

Author

Jim Coulson is managing director, with Huron Consulting Group, based in Boston.

Reprinted with permission from the June 1, 2009 edition of Law Technology News © 2009 ALM Properties, Inc. All rights reserved. Further duplication without permission is prohibited.