how to build an information governance program · digital data growth is outpacing storage...
TRANSCRIPT
Presented To:
How to Build an Information Governance Program
May 23, 2018
Challenges in Today’s Environment
2
15%
Digital data growth is outpacing
storage capacity. By 2020, storage
capacity will be:
$3,212
The cost to store 1 TB
of data for one year:
IT Key Metrics Data 2014: Key Infrastructure Measures:
Storage Analysis: Current Year, by Jamie Guevara,
Linda Hall and Eric Stegman, Gartner, December 13,
2013.
$18,000
The cost to review
one GB of data:
“Fight Rising Litigation Costs with Proactive Approach
to ESI Capture” November 2015
$65M
A 10% increase in data
accessibility will provide a typical
Fortune 1000 company with
additional income of more than:
Fortune Magazine article “Big Data: 20 Mind-Boggling Facts
Everyone Must Read” by Bernard Marr, September 2015
40%
The percentage of all data that
will live in or pass through the
cloud by 2020:
IDC Study: The Digital Universe of Opportunities: Rich
Data and the Increasing Value of the Internet of Things,
April 2014
$6.9M
The average cost of a data
breach or about $225 for each
compromised record:
IBM and Ponemon Institute Research study: 2017 Cost
of Data Breach Study
IDC Study: The Digital Universe of Opportunities: Rich
Data and the Increasing Value of the Internet of Things,
April 2014
:
Information Governance Challenges
� Mining corporate data to find and act
upon key information quickly
� Disposing of old or redundant data to
reduce storage costs and reduce risk
� Updating litigation hold, preservation
and e-discovery tools and processes for
greater efficiency
� Developing and implementing
information governance policies that do
not disrupt the business
� Storing sensitive data, including client
information and proprietary intellectual
property
� Migrating data to cloud applications and
remediating information within legacy
applications
� Securing proprietary data when
employees leave, companies divest, or
other similar circumstances
Information Governance Model & Stakeholders
• COO Looks for cost savings by
BOTH investment projects, and
trading OpEx for CapEx
• CISO Typically focused on
protection of all data, not
understanding content. Strong
buyer with growing budgets
• GC Focused on lit hold and
eDiscovery spend. Wants
to help with IG but
confused as to how
• Records Management/ CCO,
CPO Often a strong influencer,
but struggles obtaining budget
• CIO Forced to do more with
less. Budgets growing at about
4%, The perfect leader for
large transformational
initiatives with ROI based on
defensible disposal
• Chief Data Officer New
executive position in
corporations, focused on the
IGRM problem writ large
4
Elements of Effective Information and Data Governance
Security
And Privacy
Audit
& Metrics
Reporting
Supporting Technology
Classification &
Master Data
Information Technology
Architecture
Systems of
Record
STEWARDSHIP
Value CreationData Risk Management
and Compliance
A good information governance program
will balance business value and risk
5
Information
Lifecycle
Mgmt
Data Quality
Mgmt
Information and Data Governance Strategy
Objectives:
� To proactively focus on information ensuring data is accurate, complete,
accessible, timely, and trustworthy
� To create a common understanding of key business processes and the data that
supports them
� To understand how changes to key business processes and systems impact data
quality
� To recognize that information quality is a prerequisite to efficiently conduct
business with all key stakeholders
� To align enterprise goals for regularly identifying and resolving data quality
issues and addressing data loss risk
6
Provides the framework and accountabilities to stand up program-level guidance to drive continuous
improvement and responsible stewardship of data management to support operational excellence, reduce risk
and meet legal and regulatory compliance requirements.
Benefits:
� Alignment with and support of strategic goals and competitive advantage
� Reduced costs associated with managing and finding information
� Avoidance of costly data breaches
� Enhanced analytics and accurate reporting capabilities.
� Increased resilience of IT operations and more efficient disaster recovery
� Reduce data duplication and process inefficiencies
� Determine potential sources for “single source of the truth” database
� Identify relevant systems to respond efficiently and effectively to external or
internal requests
Information Governance Maturity Models
Accountability Transparency Integrity
Protection Availability Retention
7
Sample Information Governance Program Structure
Gap Analysis Drives Execution Plan
9
Gap Analysis & Risk Profile
Drives Recommendations
IG Process 1 2 3 4
LEG
AL
A Employees on Legal Holds
B Data on Legal Hold *
C Hold publication *
D Evidence Collection *
E Evidence Analysis & Cost Controls *
F Legal Record *
RIM G Information Retention and Disposal Obligations *
BU
SIN
ES
S H Departmental Information Practices *
I Realize Information Value *
J Data Quality & Data Lineage *
PR
IVA
CY
K Privacy & Data Protection Obligations *
L External Intrusion
M Accidental Data Leakage *
N Insider Theft of Data *
IT
O Data Source Catalog & Stewardship *
P System Provisioning *
Q Cloud Computing *
R Active Data Management *
S Disposal & Decommissioning *
T Legacy Data Management *
U Storage Alignment *
I/A V Audit *
Future State Recommendation
Data Mapping Artifacts: Surveys & Questionnaires
• System lifecycle (age of data,
legacy data)
• Technical info
• Description of data and
categories of information, by
system
• Prioritization
• Key Contacts
• Archiving and backup routines
• Search capabilities
• Collection challenges
What information has been
captured?
10
Data Mapping Artifacts: Visualization Deliverables
11
Plan Execution Can Take Many Paths
Facets for Execution
Usually a combination of these:
Quick Wins■ Data cleanup (paper/electronic)
■ Employee Awareness
People■ Education, Training & User Adoption
■ Change Management (roles, responsibilities)
■ Additional headcount
Process■ Existing Process Changes
■ New Processes (business rules, governance structures,
roadmaps)
Technology ■ Current Technology Capabilities
■ Future Requirements
12
CONFIDENTIAL
ROI & Roadmap for Execution
13
Quantitative analysis showing
program benefits over time from
enacting an IG program.
Proposed work plan constructed
based on highlighted risk and cost
savings potential
About
Deana Uhl is a Senior Director in the FTI Technology practice and is
based in Houston. Ms. Uhl provides consulting to corporate clients, with
a focus on designing, implementing and enabling change management
for information governance, data privacy, data security and e-discovery
programs. Ms. Uhl has particular expertise in advising oil and gas
companies on the processes and technology to effectively address legal
and regulatory matters and improve information quality and life cycle
management to support operational excellence.
Ms. Uhl has more than two decades of experience building effective e-
discovery and information governance teams across IT, legal and line
management. Prior to joining FTI Technology, Ms. Uhl managed the
information governance program at Marathon Oil Company, where she
led the strategic development and execution of a holistic data
management program that encompassed data privacy and security. This
included developing a data governance strategy aligned with industry
best practices, evaluating and recommending various process and
technology solutions, collaborating with stakeholders throughout the
organization, managing a dynamic team, and providing expert witness
testimony on the results.
While at Marathon Oil, Ms. Uhl also led the in-house development of the
company’s e-discovery program. This included evaluating and adopting
e-discovery and legal hold software and solutions throughout the
Electronic Discovery Reference Model (EDRM), as well as liaising with in-
house legal teams and outside counsel. In addition, she helped lead the
development and execution of a large-scale, multi-year project to better
manage the company’s IP and organizational data.
Prior to joining Marathon Oil, Ms. Uhl held a variety of positions within
Baker & Botts L.L.P. , including as the litigation support manager
overseeing practice support across six U.S. and international offices,
managing complex cases on behalf of clients within the oil and gas,
chemicals and pharma industries.
Deana’s select client engagement work includes:
• Led a GDPR readiness project to identify process, technology and
security gaps for a global data and analytics firm. Deana led a team
to rapidly assess and document current state data protection
capabilities, developed a robust data map inventory which captured
all personal data processes the firm is responsible for and presented
a formal executive readiness assessment and roadmap.
• Leading an IG assessment for a global technology firm, including
leading the team to assess information and data management gaps,
costs and risk Information across the EDRM model to include GDPR
readiness, legal holds, records management, data valuation and
remediation and IT cyber security controls.
• Leading a GDPR readiness project for an international drilling
company to assess and document current state compliance
capabilities to the GDPR and to develop a data inventory to capture
personal data locations and processes and develop a gap
assessment and remediation roadmap.
Deana Uhl
Senior Director – Technology,
Information Governance, Privacy and Security
Houston, TX
+1 832-667-5123
EDUCATION
B.A. in Political
Science, Southwest
Texas State University
CERTIFICATIONS
Certified Legal
Assistant
Certified Exterro
Platform Administrator
Obtaining CIPP/EU
certification
PROFESSIONAL
AFFILIATIONS:
Member, International
Associations of Privacy
Professionals
Member, ARMA
SELECTED
PUBLICATIONS:
A Look at the Data
Issues Energy Industry
Counsel Face this Year
(Texas Lawyer, April
2018)
14
Presented To:
How to Build an Information Governance Program
May 23, 2018