Electronically Stored Information: A Reality Check
Huge volumes of business data are nothing new. But the ways data can hurt you these days – well, that’s a different story. In an age when your company can rise or fall on how they manage their information how an organization manages its ever-growing mountains of data can be the difference between a good day at the office and sheer disaster.
Some organisations take a “wait and see” approach to controlling information. They keep their fingers crossed for nothing to go wrong – and then call in help when it does. That’s a short-sighted view that creates more risk than reward. Because something always goes wrong. The only question is whether they’ll be ready for it or not.
Understanding challenges associated with electronically stored information will allow the organization to mitigate risks associated with the production of such information.
Stand and Deliver
An order to produce documents sounds simple. Carrying it out can be frighteningly complex for an organization which has never been faced with this. For example, what’s a document? From telephone logs to minutes, the SEC’s definition runs more than a hundred words. Needed documents may reside on a legacy electronic media for which the organization may no longer have the appropriate reader. Meeting the demands of a court or regulator is half the challenge. You’ve got to make sure finding and producing records doesn’t grind your business to a halt.
- What is the organisation doing with data from departing employees, inactive clients and historic transactions? This information may need to be produced in a timely fashion and without understanding where this information and how to access it, organizations may be faced with a much greater challenge than originally thought
- Can a litigation hold be implemented without halting or even affecting IT operations? Other functions of the organization need access to the information to operate and cannot be deprived of access to it. A well documented procedure becomes critical
Turn On the Lights
When organisations start identifying where evidence resides, its often like turning on the lights in a cluttered basement: they don’t exactly know where it is and once they’ve found it, it a challenge getting to it. The same thing could be said of e-discovery, organizations need to locate and preserve data.
- Can the organization easily identify where the targeted information resides and how to produce it? From backup tapes to the latest PDA, it can be a challenge to recover information. Furthermore, finding the information in complex document workflow systems and Enterprise Resource Planning and Customer Relationship Management systems can prove challenging when the organization does not understand how information is created, stored and destroyed.
- Are proper computer forensic procedures followed when information is being extracting from the media where it resides? Data retrieved without regard to its admissibility in court might as well never have been detected and collected. Proper procedures should be followed when handling and extracting electronic information whether it be for investigations or litigation.
Entrusting your data
When data stays within the organization, it maintains control over it. This is no longer the case when it ends up being outside the organization. And in most cases, data ends up being hosted at an outside facility by an e-discovery provider. But when it leaves the premises, you need to know who has it – their reputation, their facilities, their location and the regulatory environment they work in.
- Are there controls in place to make sure offsite data is adequately protected? Third party hosting providers should provide highly secure facilities for storing such sensitive information. Adequate physical and logical access control is critical
- What laws and regulations govern the handling of information in the location where it’s being managed? If your data is being moved from province to another or even another country, how does this affect
The questions above serve as a checklist for often forgotten elements which can be critical throughout the e-discovery process. Addressing these issues when planning and developing procedures will facilitate the process when it comes time to react.
It was the trickiness of “litigation hold” that led to the demise of Arthur Andersen. The risks associated with litigation hold give enterprises incentive to store lots more records. –Ben http://hack-igations.blogspot.com/2008/07/document-discovery-litigation-hold.html
Getting good control over electronic records goes beyond the need to produce them in a litigation situation. Organisations who can’t reproduce how a decision was made(factors considered, arguments for and against, priorities at the time), run the risk of not understanding how they got to where they are. This dooms them to second-guessing every decision, which is a waste of time. And when the day comes that someone decides to review and update the policy, the same course is run, with no sense that there is a history which should be considered. It’s like institutional Alzheimer’s.
A well-trained records manager can take care of all this. In Canada, we have the distinction of supporting the groundbreaking work of Luciana Duranti on the preserving authentic and reliable electronic documents. See her InterPARES project at UBC.