Right Discovery Staff Writer

As data volume grows exponentially and regulatory demands continue to evolve, organizations are facing a stark reality: data governance is no longer optional. In a recent roundtable discussion led by Right Discovery’s CEO, Kevin M Clark – focused on “Data Governance and Management Challenges”, the panel comprised of legal, compliance, and IT leaders discussed what’s working—and what’s not—in modern data governance.

Their candid insights revealed a clear throughline: the cost of doing nothing is rising, and inaction is one of the biggest risks. Whether it’s hyperlinked files, decentralized servers, or legal holds gone awry, today’s data management landscape is riddled with complexities—and often, bigger consequences.

Data Sprawl and Legacy Liability

The panel kicked off with a familiar story for many attendees: data environments have “become sprawling, inconsistent, and [extremely] difficult to manage.” One of our panelists shared their experience of the chaos following a merger between two companies using entirely different productivity platforms: “We had teams working in both Google and Microsoft. We couldn’t even access each other’s calendars, let alone enforce consistent data retention.”

This kind of fragmentation isn’t just inconvenient—it’s a legal and compliance liability. Especially when legacy systems are in play. “Archiving was never turned off,” one panelist admitted, referring to aging backup tapes that continue to accrue storage and management costs. “And now, the price to clean it up is astronomical.”

The problem isn’t limited to corporations. Government agencies, too, face challenges with outdated or decentralized infrastructure. Agencies working with highly sensitive data, like NASA, often maintain separate contractor-managed servers, which fall outside traditional enterprise IT oversight. These decentralized systems complicate both internal records management and external compliance requirements.

Legal Hold Headaches and the Human Element

One of the most persistent pain points raised was the management of legal holds—particularly when employees leave the company. “You can’t just move data under legal hold,” one participant stressed. “You have to copy it. And if you didn’t tag it correctly when they were still with the company, you could be sifting through 40,000 lines of unstructured data just to find what matters.”

This issue is compounded by employee behaviors that, while well-intentioned, don’t align with governance policies. “People save to personal drives or desktop folders,” one speaker noted. “And when they leave, IT wipes the machine in 30 days—unless it’s under hold. That’s a huge risk.”

The takeaway? Technology alone isn’t enough. Even with tools like Microsoft 365 Purview or Google Vault, organizations must train and educate their teams to understand where to store data, how to tag it, and what to avoid. “If your culture doesn’t prioritize good data habits, your tools won’t save you,” a panelist emphasized.

Shadow IT and the Trouble with Hyperlinks

The panel also discussed increasingly prevalent issues like Shadow IT—the use of unsanctioned apps by employees—and the complex compliance questions posed by hyperlinked content. Why the concern? Think of Shadow IT as the digital wild west—where employees download or use tools that aren’t sanctioned by IT, often to "just get things done." These unsupervised choices can lead to major headaches later, from data breaches to missing information during an audit or legal hold. In the modern workplace, it’s common to share links to files in SharePoint, OneDrive, or Dropbox instead of sending attachments.

But what happens when those links point to evolving documents? Or worse, when the document has been deleted, moved, or overwritten? The concern arises as to “Do you preserve the current version or the one that existed when the link was shared?....Is a hyperlink the same as an attachment? The law hasn’t fully caught up.”

And then there’s ephemeral messaging—communications on apps like Slack or Signal that are designed to delete messages shortly after they’re sent or read.  Ephemeral messaging systems differ from conventional communication tools by intentionally avoiding long-term storage.  Messages disappear automatically, without backup or archiving—unlike email or enterprise chat platforms that retain records. This makes ephemeral messaging incompatible with most legal, compliance, and records retention frameworks. These platforms often operate outside of IT’s visibility, creating major headaches during regulatory inquiries or internal audits. As one panelist put it, “If it exists, it’s discoverable. Regulators don’t care whether your policy said not to use it.”

The Financial Case for Data Governance

Perhaps the most compelling part of the conversation centered around the real-world financial consequences of failing to govern data. “We once spent $40,000 litigating a single document,” one panelist revealed. “Now, our policy is immediate deletion post-legal hold to avoid that happening again.”

This kind of proactive data hygiene isn’t easy to implement, but the ROI is clear. Organizations that invest in centralized data lakes, structured tagging (using tools like NUIX), and defensible deletion policies are finding they can reduce legal review hours, minimize risk, and simplify compliance audits. “We use NUIX to preserve tagging across projects,” another panelist shared. “We can immediately queue up privilege review based on previous matters.”

These practices not only improve efficiency—they build trust with outside counsel and regulators. One speaker described how their proprietary project management platform helped them align internal stakeholders, map key data sources, and become more litigation-ready. “Our partners like working with us more now. We’re organized. We know where our data lives.”

Doing Nothing Is No Longer an Option

The overarching message of the panel was sobering but very clear: data governance is no longer a project—it’s a posture. And for organizations still putting it off, the risks are rising fast. Between aggressive regulatory oversight, increasingly complex data sources, and the upcoming deployment of AI tools like Microsoft Co-Pilot, companies are being forced to face the state of their digital closets.

As one panelists concluded, “Co-Pilot will surface what’s buried. If your files aren’t labeled, it’s going to expose everything—source code, salaries, maybe worse [things that shouldn’t be public knowledge].” That fear is proving to be a powerful motivator to finally secure budget and resources for data governance initiatives that, in the past, were often deprioritized.

Ultimately, the cost of inaction is measured not just in dollars, but in reputational risk, regulatory fines, and missed opportunities for efficiency. The organizations that will thrive in the data age aren’t the ones with the most tools—they’re the ones with the clearest priorities, the strongest habits, and the courage to act before it’s too late.

If there was one takeaway echoed by all: Data governance is not a checkbox—it’s a muscle. And like any muscle, it must be exercised regularly, or it atrophies into a liability.

Want to talk more about modern data governance strategies or share your own lessons learned? Reach out to Right Discovery solutions@rightdiscovery.com or follow us for future events and discussions.

Right Discovery is a proud sponsor of the Masters Conference & Masters Conference Legal Events. Be sure to mark your calendars and join us for this year's most anticipated legal tech events

‍

Topics:

data governance, legal holds, data hygiene, shadow IT, Microsoft Co-Pilot, eDiscovery, compliance, data retention, litigation readiness, ephemeral messaging, Nuix, Microsoft Purview, Google Vault, hyperlinked content, legacy systems, regulatory oversight, structured tagging, AI-driven data visibility, IT governance, Shadow IT, legal operations, corporate compliance

‍

‍

‍

‍