cancel
Showing results for 
Search instead for 
Did you mean: 
Reducing Risk for Legal Departments with Veritas Digital Compliance

Turbulent times and business disruptions spawn litigation, bankruptcies, asset sales, and post-disaster regulatory investigations. Legal departments and retained counsel can rise to meet these challenges – IF they have preserved potential evidence to make risk/cost settlement decisions. Remote workers generate new data sources every day, and they can't be restricted only to corporate email and phone calls while being expected to do more with less.

One scenario where this becomes especially relevant is when employees leave the company or the organization needs to terminate their employment. Separation of employment protocols must adapt to minimize risk and cost when you can least afford it.

The primary legal/IT goals during a separation of employment event include:

  1. Identify and preserve data potentially under legal hold
  2. Prevent the loss of unique corporate data per retention policy
  3. Transfer of unique data to supervisor or successor employee
  4. Prevent deliberate or inadvertent exposure of corporate data by departing employees
  5. Transfer of identified personal data to departing employee
  6. Expiry of duplicate, non-record, personal, or other data over the retention period
  7. Document separation action, metrics, and decisions

Employee turnover can be an everyday occurrence for a Human Resources team at a large company. We still need to consider worst-case scenarios to ensure data compliance policies and protocols do not have any holes. Veritas has found that most termination policies and protocols do not contemplate large-scale layoffs of remote employees, which has become more of a possibility during this pandemic. A stakeholder team (HR, Legal, Records, IT, Security) should review and amend an organization's overall workflow to address gaps and meet key goals. Some key items for consideration include:

  • How can teams know who is on Legal Hold without exposing sensitive information?
  • The list should include flags for special handling, forensic imaging, highly sensitive data, or known adverse terminations.
  • The days of a simple Excel file of custodians are over. A defensible system requires access controls and an audit log.
  • How can you know every device, file, or system owned or accessed by the departing employee? This is essential for defensible preservation/collection efforts. The transfer of asset rights for data scattered across departmental file shares, SharePoint sites, or other repositories is particularly challenging.
  • Do you have a remote collection process and workflow that can accommodate data volumes too large for residential upload bandwidth? How can you identify, collect, and delete corporate data on employee-owned PCs and smartphones?
  • Many corporations rely on employees to classify unstructured files, communications, and other records. Automated classification systems ease that burden, improve classification quality, and reduce discovery volume/time/costs.
  • Determine who monitors the employees scheduled for termination for activities such as bulk downloads, deletions, transfers, accessing sensitive data, or forwarding communications to personal accounts.  
  • How do you handle employees that fall under privacy, data transfer, or subject access request jurisdictions? Can you quickly identify data with personal information while protecting sensitive corporate information?

So what are the key solution components needed to handle departing remote employees or contractors going forward?Veritas Information Classifier.png

 

  • Data Insight—Dynamic inventory and file analysis system to provide ownership, access, and user action context
  • Analyze unstructured data stores across the enterprise
  • Map custodial context to scattered files and actions
  • Live alerts for mass downloads, deletions, and other potential insider threats
  • Veritas Information Classifier—Automated classification of unstructured data stores and departing employee collections to support discovery, retention, security, privacy, and other business requirements
  • Apply hundreds of pre-defined category tags to optimize your preservation and collection scopes
  • Exclude or segregate privilege, PII, trade secrets, pricing, and more before processing
  • Enterprise Vault/EV.Cloud—Preservation repository
  • Consolidate enterprise, local, and cloud data sources to a searchable, manageable repository
  • Minimize user and system impact by migrating held content from live systems
  • Automated management of legal holds and retention expiry
  • eDiscovery Platform Legal Hold—Centralized Legal Hold management
  • Multi-matter custodial management
  • AD/HR integration
  • Centralized master list
  • eDiscovery Platform Identification & Collection—Data Map of enterprise and employee data sources
  • Convert and organize confusing IT asset lists into a logical data source hierarchy
  • Fast lists of custodian enterprise and local data sources
  • Automated collection from a wide array of enterprise sources
  • Remote collection from custodian PCs and local storage

With each of these components as part of an integrated strategy, organizations can ensure that their legal risk is minimized in the challenging environment presented by today's dynamic workforce.

Learn more at www.Veritas.com/Insights.

This blog is part of an eDiscovery and Digital Compliance series, which started earlier this month with A Map from Reactive to Proactive Data Discovery.