Information Governance

Drinker Biddle recognizes that information governance in an integral part of corporate governance and risk management. We understand that skillfully governing a business includes skillfully governing its information, leveraging that information for best use, and avoiding the risks excess information can create. What distinguishes information governance from mere information management is that it determines why a business creates and utilizes information, not simply how. When a business knows why it creates and uses information, it can leverage that information for its best use and minimize the risks inherent with the over-retention of data.

Our team has extensive experience in all areas of information governance and can work with you on any of your needs, including:

  • Data Analytics.  Harnessing the power of data is essential for both driving value in business operations and to tell your side of the story in litigation. We advise on the development and use of analytics models that enable insight, data storytelling, and economic value generation. Our ground-breaking research into the use of machine-based learning and unstructured data for organizational insight is now being put to work in data-driven early warning systems for detecting and preventing corporate fraud and other misconduct. 
  • Information Governance Policies.  We have vast experience working across industries to help companies plan and implement policies that directly affect data integrity. Not only can we help craft social media, e-mail, Internet or bring-your-own-device policies, we also offer employee training to educate staff, help structure employee handbooks, and implement data retention and archive policies.
  • Data Migration and Classification.  When you need to make sense of, or move, large amounts of data, we can help. Our team has the ability to create a data remediation and auto-classification strategy, and we have the technology to cull through and organize the data. When dealing with data, it is essential to not only look back at what you currently have, but plan and organize new data as it is generated.
  • Compliance Programs.  Our team can help shed light on current data and behaviors to detect and prevent misconduct and identify legal issues before they fully develop. We have the knowledge and technology to identify patterns of conduct and provide clients with an early warning so they can act before significant liability develops.
  • Technology Consulting.  Our team has deep knowledge across industries. With lawyers focused on health care, insurance, and the information technology industries, to name a few, we can help you assess, make recommendations for purchase, and then implement new information systems.
  • Board and Control Group Protection.  It is crucial in information governance to ensure that the confidential data of your board members or control group is not lumped in with the general data of the company. We can help establish a system for a company’s board members so that communication channels are strictly controlled. We can also help segregate a defined control group’s data, so that confidential information is handled with heightened security.

Our Information Governance Group assists clients in establishing an information governance framework to effectively link information creation and use to business objectives and properly value. We categorize information during its useful life and defensibly and securely dispose of it when it is no longer needed. The first step in establishing the information governance framework is to conduct an Information Governance Review (IG Review). This IG Review is conducted in five steps:

  1. Information Inventory.  In this step, we work with the company’s IT personnel to understand all of the ways information is created and maintained.
  2. Formation of an Information Governance Steering Committee.  In this step, we work with the company to identify key players from each of these functional areas: legal, compliance, risk management, records, HR, finance and key business units. We then form an IG Steering Committee (IGSC) from this group and appoint someone from the executive level to guide it. The main purpose of the IGSC is to understand what information is created by the company and why. It evaluates whether this information is being put to its best use and whether it can be repurposed for better uses. It also evaluates the company’s regulatory, litigation and risk environments to provide input on retention requirements.
  3. Information Policy and Protocol Review.  In this step, we analyze all of the company’s relevant information policies. These include access, security, privacy and other use policies (such as backup schedules, retention schedules, etc.). We also examine how information is actually used, or intended to be used, and whether those uses fulfill the purposes intended.
  4. Policy and Protocol Creation and Modification.  In this step, we work with the IGSC to modify existing IT policies and protocols to more accurate fulfill the company’s purposes. This includes the establishment of litigation response plans to evaluate preservation-triggering events and protocols for reacting appropriately and defensibly. It also includes the establishment of clear lines of communication between legal and the business functions so that triggering events are correctly identified and communicated.
  5. Policy Implementation and Enforcement.  In this step, we implement the policies created or modified in Step 4 and establish enforcement and auditing mechanisms. This step also includes conforming existing and legacy data to the new policies, including the reasonable disposition of data.

After completing the Review, the company will have streamlined the creation, use and disposition of its information. This will increase its business efficiency, reduce the risks involved in the over- or under-retention of information, and increase its ability to react to litigation or regulatory events.


Many businesses choose different outside counsel to handle different litigation matters. The option of choosing between law firms with strengths in particular subject matters creates a competitive market among outside law firms and can increase efficiency; however, eDiscovery conduct that differs from one litigation to another can expose a business to risk.

As lead eDiscovery counsel, Drinker Biddle can provide strategic uniform advice across all litigation matters to reduce the risk created by variation in practices across matters. Businesses often interview the same custodians and collect and repeatedly review data associated with them for different matters. We can increase efficiency and reduce the burden of eDiscovery by leveraging knowledge gained in one litigation for use in another.

Developing and implementing reasonable, proportional, defensible and iterative eDiscovery policies, practices and protocols is the key to efficient eDiscovery. But even when these are in place, effectuating them strategically in a particular litigation with an eye toward how they may affect other pending or future litigation is critical.

Our Experience

We recognize that eDiscovery can impose significant burdens, but much can be done to reduce that burden. eDiscovery protocols should be sufficiently sophisticated to narrowly target relevant documents and data. In most instances, discovery can be staged in iterative phases so that the most relevant information is targeted first and then analyzed to determine what, if any, additional eDiscovery should be undertaken. We have successfully negotiated and defended iterative proportional discovery protocols that significantly reduced the burden of eDiscovery and that included protective mechanisms to limit the scope of preservation and discovery and safeguard privileged or protected information.

The skillful use of advanced technology can also significantly reduce the burden of document collection and review, and reduce risk of discovery failures. Our Information Governance and Electronic Discovery lawyers continually evaluate the latest search and review technologies, and their application, and can assist clients in effecting less expensive, more efficient, and importantly, compliant document reviews. We have developed review protocols using the most advanced technologies that result in more accurate coding, significantly faster review rates and lower costs, while maintaining the highest quality.

The technology specialists of Tritura Information Governance LLC are adept at working with our clients’ data, whether they are conducting targeted and remote collections, keyword or concept searches, or processing data into a reviewable format. Our specialists help our lawyers and clients decrease the overall cost of the eDiscovery process through the use of culling strategies and advanced technology to target relevant data. Tritura stores data on secure servers and provide our lawyers and clients with access to the data via a web-based document review and management solution. By combining the legal acumen of our Information Governance and Electronic Discovery lawyers with the technical expertise of Tritura, we are equipped to handle any electronically stored information (ESI) issue that arises.