The Future of Information Governance

The future of information governance and records management grows more critical—and more complex—as data volumes surge and new communication channels emerge. For most organizations, effectively managing all that information is an uphill battle, especially with compliance on the line. Good recordkeeping practices reduce legal risks, making litigation and discovery processes easier to navigate.

During a recent webinar, Kaan Volkan, an expert in information management, highlighted the increasing pressure on organizations to keep pace with data retention, deletion, regulatory compliance, and privacy needs.

Expanding data environments makes applying secure, compliant practices across all data types challenging. Volkan shared essential insights and actionable strategies for addressing these evolving demands. Here’s an overview of his key points:

1. The Challenges of Managing PII and Data ROT

Organizations now manage a flood of data that’s nearly doubled in size between 2020 and 2023, posing serious concerns for handling Personally Identifiable Information (PII) and data ROT (redundant, outdated, and trivial data).

As Volkan emphasized, many organizations hold vast quantities of irrelevant or outdated information, which burdens resources and raises compliance risks. "Around 80% of this data just sits there without use, draining resources and complicating records management," Volkan explained. Not only does unused data bog down search efforts, but it also increases exposure risks, especially when it includes sensitive information.

Managing PII is incredibly challenging, as it requires strict compliance with regulations like the General Data Protection Regulation (GDPR), which sets rules for handling PII to protect individuals’ privacy. Importantly, GDPR fines have been climbing exponentially, with 2023 penalties nearing the combined totals of 2021 and 2022. Noncompliance now risks severe financial penalties and reputational damage. Volkan emphasized that organizations must adopt more agile data management policies, particularly for tagging and remediating PII.

2. Off-Channel Communications and Regulatory Fines

As of late, regulatory bodies such as the SEC have been imposing very steep penalties on organizations that engage in prohibited communication methods. As mentioned in the webinar, a recent case involved 26 firms penalized $390 million plus for recordkeeping discrepancies arising from unlawful off-channel communications.

“These firms relied on unmonitored messaging platforms, resulting in lost records and preventing regulators from reviewing crucial communications,” Volkan explained.

Off-channel communication apps create significant regulatory risk, particularly in financial sectors. To mitigate these risks, organizations need to review their communication policies and ensure that every platform employees use for business purposes complies with legal standards and is properly monitored.

3. Technology Use in Mapping and Recordkeeping

Data mapping technology is essential in achieving compliance and maintaining effective records management. Techniques like regex-based search algorithms enable organizations to tag relevant records by identifying specific data patterns. For instance, regex (regular expressions) can automatically identify HR-related contracts by detecting terms like "contract" near "HR" within documents.

However, Volkan cautioned that regex’s effectiveness depends on an organization’s knowledge of its own data structure. When data mapping lacks organization, tech solutions fail to meet compliance standards. Advanced data-mapping techniques can support better regulatory compliance and recordkeeping, but poor data structuring can lead to gaps in records and exposure to potential legal and compliance issues.

4. Data Mapping Solutions vs Piggyback vs Dedicated Content Solution

Volkan identified three primary options for companies looking to manage data and compliance effectively:

• Data Mapping Solutions: Using regex search inputs, these solutions help companies with well-structured data frameworks. They’re ideal for organizations with established lexicons and ordered records.
• Piggyback Solutions: While cheaper than custom solutions, piggyback systems are less precise in record detection. They’re suitable for companies that can tolerate some risk and don’t require precise categorization.
• Dedicated Content Management Systems: These provide the most accurate and comprehensive results but demand significant data input and organization. “If you can get it done using just Microsoft, go with Microsoft,” Volkan advised, noting that full-service content management solutions are best suited for larger firms handling complex data structures.

5. Legal and Financial Implications of Reactive Compliance

Poor recordkeeping and compliance failures can lead to significant legal and financial risks. Unmonitored, off-channel communications and underregulated records have resulted in substantial fines for many organizations.

Although most companies don’t intentionally disregard compliance, many overlook the risks associated with the sheer volume and variety of communications used. Volkan emphasized the importance of involving legal and compliance teams early in data management processes to set up strong documentation practices. This involvement helps ensure that records from all channels are reviewed and documented effectively, which reduces risks associated with off-channel communication gaps.

Record review costs represent a significant portion of legal expenses. As Volkan noted, “Review costs can amount to over 58% of legal budgets, yet 80-98% of these documents go unused.” By implementing robust records management practices, companies can cut back on unnecessary data storage, reduce review costs, and prepare more effectively for audits and investigations.

6. Strategic Records Management

Volkan advocated for proactive recordkeeping as opposed to reactionary methods, which often leave companies scrambling when litigation or regulatory inquiries arise. Efficient recordkeeping helps reduce litigation risks and streamline the discovery process.

In a notable example, a pharmaceutical company managed to significantly reduce its record review costs and improve litigation outcomes by using targeted keyword searches and interviews to narrow down over 6,000 relevant terms. This approach saved the company 23% in review expenses and increased its legal success rate by 11%.

7. Addressing the Communication Barrier Between IT and Record Managers

A common challenge often arises between the IT and records management departments. Both functions are vital for ensuring compliant data practices, but they each have limited funding and conflicting priorities. IT departments may sponsor recordkeeping processes but need more resources or time to devote to the cause.

Volkan stressed that “privacy issues, mainly originating from the HR department, are also significant concerns that organizations must address, especially when handling sensitive employee data and ensuring compliance with privacy regulations.” This mainly concerns options to provide access to private data or perform broad searches for records for records keeping needs. He urged records managers to advocate for a link between records management and IT groups. Having IT on board helped in the tech side of search and records management. He suggested focusing on technologies that anonymize data or only provide access to the relevant records.

8. Data Management Programs and Legal Team Cooperation

Volkan highlighted the need to sync the records and legal teams when using data analysis tools. These legal tools are often useful to records managers, as they help with data management tasks, including defensibly disposing of ROT and finding vital records in file shares.

In regards to time management, Volkan suggested: "When your legal team isn’t running searches, use that time to identify records," pointing to the benefits of everyday tool use. This can also make a big difference in terms of huge cost savings, better data organization, and improved compliance outcomes.

Improving Records Management Practices

As organizations face mounting data volumes and stricter compliance requirements, they need to focus on proactive information governance practices to limit legal risks and minimize costly penalties. Volkan emphasized that unmonitored, off-channel communications can pose serious regulatory risks if not properly managed.

To address this, organizations must involve compliance and legal teams early in the data management process to establish strong documentation practices that prevent the use of non-compliant channels. This approach helps ensure that records are consistently monitored and available for audits and strengthens oversight across various communication platforms.

By collaborating with IT and employing advanced data mapping tools, records management teams can use dedicated and cost-effective solutions to improve data categorization, regulatory compliance, and resource allocation. Ultimately, investing in solid information governance is essential for protecting organizational integrity and reputation in a data landscape that grows more complex daily.

Watch this webinar to prepare your organization for new changes.

Founded in 1999, ZL Tech has proven itself as the specialized provider of electronic content archiving software for the most demanding large enterprise environments. The award-winning ZL UA addresses analytics, eDiscovery, compliance, records management and storage optimization. Built upon the industry’s most scalable platform, ZL Tech offers today’s leading organizations the ability to comprehensively manage the entirety of their digital assets. To accomplish this challenge, ZL Tech engineered a number of complex technologies into one seamless solution in order to manage billions of documents from a consolidated point of control.