So, you’ve decided to move your on premise email system to Office 365/Exchange Online for cost savings, higher security, and scalability. However, before you begin the migration, a question you should ask is; does my organization journal email for compliance, legal, or business requirements? If your company does, then read on.
Today, companies are looking for solutions that can archive inactive data from little used enterprise applications. Those applications can be decommissioned, saving the company the expense of keeping them running for little payback. But the question not addressed early enough in the project is what to do with all of the application’s legacy data – delete it or save it (and where). By migrating the legacy data to an intelligent archive, organizations can preserve the value of legacy application data, ensure regulatory compliance, and address any legal concerns.
I am going to revisit a topic I have blogged about before, mostly because of the feedback I received at Microsoft Ignite last month (September) - that of records management versus information governance. To state the obvious up front; records management does not equal information governance and here is why.
The eDiscovery process can be a complex and expensive undertaking. Ever increasing data stores, new applications and data formats, country regulations limiting data movement and increasingly, documents authored in foreign languages, continue to drive up cost, time to respond, and risk.
One eDiscovery task that has been an ongoing pain for companies is dealing with foreign language-based documents during collection and review.
Corporations continue to adopt new information technologies that make their jobs both easier and more complex. Companies have adopted new communications platforms like Skype for instant messaging, enterprise social networks like Yammer and Slack, collaborative groupware applications such as WebEx, GoToMeeting, and video conferencing, not to mention audio and video recording for security. And of course most companies still rely on the old tried-and-true tools like email and telephone/voice messages for day to day communications. Many of these tools now allow you to record both audio and video for regulatory and eDiscovery needs.
There are many reasons to develop and follow information management policies including the retention/disposition of information. The most obvious reason is to ensure compliance with regulatory retention requirements. Another reason is because of business requirements such as ensuring that data not deemed having long term value is disposed of so that IT resources are not consumed with "junk" data.
I continue to hear companies make the case for the need to have relatively detailed retention/disposition policies is due to their belief that "the law" requires it - in case your company is involved in a lawsuit and eDiscovery. Let me first touch on the first two reasons before I get into the main reason for this blog.
There's a compelling business case for attorney’s utilizing cloud storage including cost, ease of access, and security, but can lawyers ethically use it?
I still have attorneys argue with me about the appropriateness of storing client-related data, client notes, case notes, and eDiscovery results sets in the cloud. Because cloud storage involves storing data, on remote servers/storage outside of the lawyer's direct control, it continues to generate concerns regarding its acceptability under applicable professional ethics rules.
Corporate data is what powers most businesses and so is a valuable business asset. In fact, you can say that companies employ information workers to generate and consume data for the betterment of the company. But can you actually calculate the value of data?
Employee’s annual salary, benefits, training, and corporate infrastructure all go into calculating the cost of information. On the other side of the equation, average revenue and profit per employee are measures of efficiency and productivity. To be successful, companies must generate more revenue (and profit) than total cost. And these are driven by how well companies manage their information.
Many companies faced with a need to archive data (usually email) due to regulatory requirements, eDiscovery responsibilities, or business requirements, look for solutions based on capabilities, cost, vendor reputation, security, and regulatory requirements.
In the past, companies in need of archiving solutions purchased one of the many on premise or cloud-based solutions that met their needs. However, many of these archiving solutions actually converted the data so as to enable more efficient storage, indexing, and search. The problem with data conversion is the data can be corrupted or metadata changed or lost nullifying its “golden copy” or copy of record status. In most cases, this is not really a problem… unless you are anticipating or are in fact, involved in litigation.
Updated: Corporate eDiscovery data storage practices have progressed (a bit) over the last 10 years. More than a few times over the years, I’ve received emails from my employer’s corporate legal department informing me that they would need me to search my email—including local and online file repositories—for any potentially relevant content and set it aside until it was asked for. Come to think about it, I never received any follow-up emails releasing me from those instructions …
Can your defense team save additional litigation cost and lower risk by using the cloud to dramatically reduce the number of data transfers?
The cloud has become a ubiquitous tool for most companies (and industries) over the last several years. However, when dealing with legal situations and eDiscovery, companies are still in the habit of shipping hard disks, optical disks, or if they’re lucky, electronically transferring terabytes of data to their external law firms in response to eDiscovery demands. Those same law firms turn around and follow the same data shipping/transfer processes when turning over client eDiscovery data to opposing counsel.
For anyone responsible for legal discovery – this upcoming webinar is not to be missed! Two experts in the field of eDiscovery will be presenting important new information for modern legal discovery.
Organizations habitually over-retain information, especially unstructured electronic information, for many reasons. However, many organizations simply have not addressed what to do with this data so fall back on relying on individual employees to decide what should be kept and for how long and what should be disposed of. On the opposite end of the grey data management spectrum, a minority of organizations have tried centralized enterprise content management systems and have found them to be difficult to use. In these cases, employees find ways around these complex systems by keeping huge amounts of data locally on their workstations, on enterprise file shares, on removable media, in cloud accounts, or on rogue SharePoint sites that are used as “data dumps” with little or no records management or IT supervision. Much of this information is transitory, expired, or of questionable business value. Because of this lack of active management, information continues to accumulate. This information build-up raises the cost of storage as well as the risk associated with eDiscovery. In some cases the company’s General Counsel actively stops grey data “clean up” processes because they are afraid of being accused of destruction of evidence in a future case.
Managing the huge amounts of data submitted by clients for eDiscovery response is a time-consuming and complex task. Many law firms are struggling to keep up with the data storage, professional, and client demands, and many don’t have (or enforce) law firm data ingestion processes nor economical long-term electronic data storage. One continuing issue for many law firms is the data ingestion process (or lack of a process) to ensure client data sets are logged, indexed, secured and managed appropriately. On too many occasions, large client data sets are handed over to the managing attorney directly, bypassing firm data ingestion processes, making it harder to find and manage. So the first key to handling and organizing client data costs effectively is to create and enforce a client data ingestion process that includes participation of the firm’s information governance (IG) team.
A couple of years ago the Akron Legal News published an editorial on information governance in law firms. The article by Richard Weiner, explored how law firms are dealing with the transition from rooms filled with hard copy records to terabytes of electronically stored information (ESI) - which includes both firm business records as well as the huge amounts of client eDiscovery content. The article pointed out that these days, ESI flows into law firms so quickly and in such large quantities, no one can actually track the volume much less know what it contains. Law firms have reached an inflection point; change the way information is managed or suffer client dissatisfaction and client loss.
Question; how many attorneys know what an email message “stub” is or that they can be a major risk when responding to an eDiscovery request? Even many IT professionals aren’t aware of the legal implications of mailbox message stubs. With that in mind, let’s look at a scenario where mailbox message stubs can become an issue in discovery.
It may surprise you to know that 10%, 20%, or even 30% of enterprise data can be classified as grey or inactive data, mainly from ex-employees, that has accumulated over the years as employees left the company. Many organizations simply haven’t defined policies around what to do with departing employee data. A minority of organizations will remove the hard disk from the departing employee’s laptop or desktop computer and place it in a cabinet for a year or longer. This policy is usually driven by the corporate legal department just in case the employee later files a wrongful termination lawsuit. This process is an attempt to address the issue but doesn’t really take into account the other possible data repositories where employee data can reside including file systems, email systems, email archives, removable media, or cloud repositories.
Law firms (and corporate legal departments) regularly hold huge amounts of client eDiscovery data long after the specific case has been decided. These large client data sets are stored with very little activity for long periods of time. Depending on the number of clients, these eDiscovery data sets can reach into the terabytes in total size. This data usually resides on expensive, enterprise class, spinning disk so can be very expensive to keep. For example, the average cost of enterprise class disk is in the $0.35 per GB per month range (fully loaded cost) or $4.20 per GB per year. Assuming 10 TB, the annual cost to store that data within the law firm would be approximately $42,000.
Responding to an eDiscovery request carries with it many duties and responsibilities that the court will expect to be carried out in a good faith manner. Several of these duties are set it stone via the Federal Rules of Civil Procedure (FRCP) and should not be ignored or taken lightly.
Lawsuits have become a (high) cost of doing business for most organizations. Because of that, eDiscovery response should be proactively planned for to ensure the lowest possible cost to the company.