To schedule a demonstration, call 1-800-998-4874

eDiscovery 101

Information Governance and Document Retention

Information governance greatly affects the volume and content of data accessible to an organization


Information Governance and Document Retention

eDiscovery applications and technology enable organizations to pull information and records from the massive volumes of content that span the enterprise, including emails and eliminate exact copies to reduce the effort and cost of reviewing the remaining content. This can be costly and time consuming. The best practice is to prepare before you have to act. The costs and management of eDiscovery can be lowered and managed through the implementation of a records management program and the use of Electronic Records Management (ERM) system.

In summary, the following outlines the most important policy issues and their importance:

  • Information without business value must be disposed of according to policy and in the normal course of business.
  • Records that have value to the organization must be stored and managed properly, under the control of the organization.
  • A classification scheme providing an information and records management structure must be implemented for consistency and control.
  • Records that are no longer needed must be destroyed in a systematic and documented way.

Remember that eDiscovery is just a more recent form of traditional Discovery with different (and more voluminous) media.  Identifying the data requires the same understanding that it always has; it just means using some more updated tools and requires some improved planning.

Information governance and data preservation are challenging systems to deploy given the rapid increase in data volume, types and locations in today’s marketplace.  However, it is something that should not be ignored because it can save millions of dollars and dramatically reduce the volume of data that is discoverable at any given time.   The key to an effective data defensibility program is participation and buy-in from all stakeholders; from the CEO down to Legal, Operations, IT and HR.  With the correct committee of people and a clear corporate mandate in place, it can (and should) be done.

 

In order to begin planning for a corporate-wide information governance program, there are a series of preliminary steps that should be undertaken:

  1. Know Where All Your Data is Located

     

    While it seems like an obvious issue, it a not necessarily an easy task to perform.  Legacy data has been accumulating for years.  Systems have been partially replaced and satellite offices often have separate systems.  Very few companies have moved everything to the cloud.  Add to that the fact the increased number of new data types such as:  mobile, chat/messaging apps, cloud services, and social media postings, all of which require different approaches to preserve than “standard” email and document storage.  It is hard to get a handle on all the forms of communication in use by different divisions within a company, making identification and location the first logical steps.

     

  2. Create a Strong Working Group

     

    You need to have management buy-in to the process so that plans can and will be executed.  You also need to gather the correct stakeholders together to make sure that no important steps are left out of the process.  Depending on the structure of your organization this should include at least the following: COO or Operations, Legal (including GC and general Litigation counsel), Project Manager, IT and usually HR.  Each member of the Working Group will bring a different perspective and knowledge base to the problem.  Collaboration results in a more complete solution and complete understanding of the importance they play in the overall strategy

     

  3. Update Existing (or Create) Data Management Policies

     

    The only way that an organization can manage its data is to create detailed policies that make sense for your corporate mission.  A complete data management policy that includes the increasingly disparate sources of data will facilitate identification and subsequent collection of data types when the need arises. It will also identify data that can and should be eliminated from the systems.  Additionally, constantly updating the list of individuals with data responsibility and their email addresses will insure that litigation hold orders can be immediately implemented. A complete Data Management Policy will result in proactively controlling data before the need to collect and produce arises.  There will be less panic in the organization when a plan can be implemented that is familiar to all the players.  Make sure that all departments follow any data destruction policy that is written and implemented creating a defensible position with the courts moving forward.

     

  4. Develop a Collection Plan 

     

    As part of the data management plan, making sure that a data collection plan has been created is key to successfully controlling data.  It is important that everyone be aware of any existing litigation holds that might impact collection as well as any other auditing/archiving/logging actions that are required by the organization.  Knowledge is power and creates efficiencies when executing an effective collection plan with the least amount of corporate disruption.  In fact, some content may already be retained/captured in usable formats, so reaching out to appropriate stakeholders within the organization may shortcut the entire process.

     

  5. Understand the Scope of the Request 

     

    Spending some time evaluating the scope of the collection need beforethe plan is implemented is time well spent.  This evaluative process and pre-planning will result in efficiencies down the line.  Refrain from the impulse to “get started immediately” and make sure that the Working Group is involved in the scope evaluation.  Creating a list of exactly what is needed for a particular response would include decision points on items such as: how many disparate sources of data may need to be captured (email, data files, chat messaging apps, social media postings, mobile data, unstructured data and/or legacy content; custodians that require hold notifications, responsive date ranges, and perhaps most importantly responsive categories of documents.  Remember that courts are frowning on fishing expeditions that are too broad in scope and are requiring requesting parties to be more focused in their requests. Make sure the legal team reviews the plan before you get started.

     

  6. Collection Execution 

     

    Every document request is different.  Sometimes it makes perfect sense to perform the collection using in-house staff (depending on the sophistication of the team), other times it might be more prudent to employ a third party to coordinate the collection, sometimes a hybrid approach is called for.  Determining what is at stake and the experience of your team will help guide this decision.  Regulatory or compliance litigation that has a focus on deleted information might require a “neutral” party to perform the collection in order to assure that defensible practices are used and eliminate potential liability issues.