The prequel to the EDRM: Understanding information governance and ediscovery

In a recent Key Discovery Points video, Brett Burney of Nextpoint and Doug Austin of eDiscovery Today dive into one of the most debated topics in the EDRM 2.0 project: Where does information governance end and discovery begin, and does it even matter?

In this blog, we’ll discuss why ediscovery is bigger than just litigation, where the EDRM actually fits within the IGRM model, how legal professionals can use the IGRM, and why keeping information governance visible in the EDRM framework is critical for legal professionals.

A LinkedIn post that sparked a debate

The current conversation started with a LinkedIn post from Maureen Holland that generated 44 comments — enough to surprise even Maureen herself. The post talked about the relationship between data, information governance, and ediscovery, and whether the industry has been thinking about it all wrong.

Doug Austin, who has been following the EDRM 2.0 project closely for nearly two years, weighed in with a thought-provoking visual: What if we literally placed the ediscovery lifecycle inside the Information Governance Reference Model (IGRM)?

“When we think of ediscovery and what have you, one of the things I’ve been on the soapbox about for a couple of years now is people equate it with litigation,” Doug explained. “Of course, ediscovery came into being because of litigation, but ediscovery is about a lot more than litigation today.”

eDiscovery is bigger than litigation

Although ediscovery emerged from litigation needs, today it encompasses many other areas, including:

• Internal investigations
• Audits
• Privacy requests (like GDPR or CCPA data subject requests)
• HSR second requests
• Incident response
• And more…

These are all workflows and use cases that benefit from ediscovery technology and processes, even when there’s not a lawsuit in sight.

Data is business data first

Doug and Brett both referenced how Maureen’s original post made a point that resonated with them strongly:

“Data is business data first. It only becomes legal data when there’s a legal risk that escalates.” — Maureen Holland

Brett, who serves as a trustee for the EDRM 2.0 project, emphasized that he agreed with this statement wholeheartedly: “I absolutely agree with that. It’s only until there’s a legal risk that escalates — which I fully agree — and then at that point maybe that is when you shift over into the EDRM from the IGRM.”

This distinction highlights how different stakeholders view data through different lenses:

• IT departments focus on efficiency: Does email work? Are systems running smoothly? How is the data being stored, saved, or archived?
• Business units focus on business value: What insights can we derive from the data and our data management process? What decisions can we make with these insights?
• Legal and records managers focus on risk: What are our preservation obligations? What could become evidence in a potential legal matter?

The IGRM does an excellent job of showing these relationships and reminding us that all these perspectives need to coexist.

Cut through the noise

No fluff. Just practical insights to help you tackle today’s legal tech challenges.

So where does ediscovery really fit?

The current EDRM model shows the IGRM at the beginning, presenting information governance as the first step before you get to ediscovery. But Doug argues that this isn’t entirely accurate.

Electronic Discovery Reference Model (EDRM), Courtesy of EDRM

“In essence, ediscovery is contained within the IGRM,” Doug explains. The middle of the IGRM depicts four key steps of data management: protect, retain, use, and transfer. eDiscovery lives in the “use” box — it’s when the data moves beyond static storage and gains a practical use (in this case, as potential evidence in a legal matter).

“If you really want to get down to it and if you go zooming into the IGRM middle of the model… You take that ‘use’ box and at least from an ediscovery standpoint, that’s where ediscovery fits.” — Doug Austin

This means that information governance isn’t just the prequel to the EDRM; it’s the entire environment that surrounds it.

Could ediscovery also touch the “protect,” “transfer,” and “retain” segments? Probably to some degree. Data must be retained and eventually transferred for use in litigation, and data protection is essential at every stage of ediscovery. But at its core, the ediscovery lifecycle materializes at the point when data is being “used.”

Information Governance Reference Model (IGRM), Courtesy of EDRM

Of course, we’re not actually going to shrink the EDRM down and stuff it inside the IGRM diagram. It would be impossible to read and wouldn’t make practical sense. But understanding this relationship helps clarify how these two frameworks actually interact — they form more of a circle than a straight line. (Or perhaps a mobius strip. It’s complicated.)

Why keep IGRM in the EDRM model?

Despite the conceptual reality that ediscovery sits within information governance, Doug strongly advocates for keeping the IGRM visible in the EDRM 2.0 model.

Why? It forces legal and ediscovery professionals to recognize how a strong information governance program is key to ediscovery success.

Before the IGRM was added to the EDRM, legal professionals, particularly outside counsel and law firms, weren’t focused on the big picture of data governance and best practices. As this has changed significantly, keeping the IGRM visible in the model helps maintain that focus.

“Putting it at the beginning kind of establishes it as the foundation to ediscovery best practices,” Doug noted.

The corporate vs. outside counsel perspective

Brett raised an interesting point about how this relationship plays out differently depending on your role. For someone like Maureen, who works as an ediscovery professional at a large pharmaceutical company, information governance is absolutely vital. She lives inside the IGRM every day, managing data from a risk, efficiency, and business perspective.

But what about the law firms that serve as outside counsel for organization’s like Maureen’s? They often don’t get involved in information governance practices. Instead, they receive data that’s already been collected — thrown over the fence, as Brett put it — after someone internal has determined there’s a legal risk.

“There are instances where outside law firms are not necessarily involved in information governance practices,” Brett observed. “I think that they should be. I think that’s a good value add for a lot of outside law firms, but they only maybe get it when it’s kind of thrown over the fence.”

And what about individuals? A plaintiff in a lawsuit doesn’t have a formal information governance policy. For them, the process might start at the collection phase of the EDRM.

Even if individuals don’t have a formalized IG policy, they still have a lifecycle of creating, receiving, using, and disposing of data. That lifecycle might eventually include ediscovery if they’re involved in litigation. The framework still applies, even if it’s not formalized.

What should legal professionals do with the IGRM?

The relevance of the IGRM might shift depending on your role in the legal field, but it’s still a valuable tool for most legal professionals. Here’s why the IGRM matters for various legal positions and how you can use it to your advantage.

In-house legal teams

Whether you work in-house at a corporation, nonprofit, or government entity, the IGRM is an essential resource for your team. You are a direct part of the organization that generates the data that could become potential legal evidence. You’re in the perfect position to implement strong information governance practices, and this will set you up for success when ediscovery or other legal issues come into play. Use the IGRM as the foundation for your org’s InfoGov process.

Outside counsel

Although you might not be directly involved with day-to-day information governance, the IGRM can still prove valuable. You should understand how proper InfoGov leads to smoother ediscovery, and in turn, better legal outcomes. And you can impart that knowledge to the organizations you work with.

Of course, you might take a case where your client has no information governance policy, forcing you to piece the data landscape together yourself. In those scenarios, understanding where they lacked proper InfoGov can help you assess the gaps in the data more effectively.

But when you have repeat clients or standing relationships, you can guide them on information governance, using the IGRM as your framework. You provide more value to the client while making your life easier in the future — it’s a win-win situation.

Plaintiffs’ attorneys

Like we said, the plaintiff is likely an individual who doesn’t have any sort of InfoGov policy in their day-to-day life. But they still have some sort of pattern or process to how they use, store, and delete data.

Maybe they have their phone set to auto-delete messages every thirty days, or maybe they’ve saved every single text received since 2018. Maybe they’ve kept their personal cell personal, or maybe work has bled into their private devices. Understanding their individual InfoGov model and how it compares to the IGRM will help you assess the data at hand and determine what your ediscovery process should look like.

Legal is one of seven stakeholders

Doug emphasized that in the IGRM, legal is one of seven stakeholders that form the outer ring of the model. Just one.

This means that while we want to recognize that data is business data first, a good information governance program still considers potential legal needs as part of its framework. Legal use cases, which encompass ediscovery needs, are part of the overall business picture.

That’s why the relationship between the IGRM and EDRM matters. Understanding how they interconnect with each other is valuable for any legal team.

The evolution continues

Technology continues to change how we think about these relationships. Brett mentioned tools like preserve-in-place and the ability to conduct reviews directly in Microsoft 365 without collecting and exporting data separately. These capabilities blur the traditional lines between information governance and ediscovery.

“We’re just seeing some of the industry aspects change,” Brett noted. The frameworks need to evolve with them.

The EDRM 2.0 project is in the home stretch now, working toward a draft model that will be proposed to the general public. Doug is going on the record: Keep the IGRM in there.

“I think it’s important to illustrate to folks the importance of information governance,” he said.

The key discovery point

The relationship will continue to evolve as technology changes, as business practices shift, and as legal requirements develop. The EDRM 2.0 project aims to encapsulate where the thought process is right now, but that doesn’t mean the conversation ends.

Whether you’re in-house counsel managing an information governance program, outside counsel receiving collected data, an ediscovery vendor building tools that span both worlds, or an individual trying to navigate a legal matter, understanding this relationship matters.

Information governance sets the foundation. eDiscovery incorporates specialized processes and tools for legal use cases. They’re both interconnected parts of how organizations manage and use their data.

The more we understand that relationship, the better equipped we are to build programs, select tools, and manage matters effectively.

Watch the full Key Discovery Points discussion:

See the EDRM from a new perspective

eDiscovery for the Rest of Us, a book written by Nextpoint and longtime ediscovery consultant Tom O’Connor, dives deep into each stage of ediscovery. While the EDRM serves as a key foundation for the structure of the book, eDiscovery for the Rest of Us offers an alternate depiction of the ediscovery process: the eDiscovery Checklist Manifesto.

Read an excerpt here, and click the button below to get your copy of the book.