Defensible Deletion: The Cornerstone of Intelligent Information Governance
The struggle to stay above the rising tide of information is a constant battle for organizations. Not only are the costs and logistics associated with data storage more troubling than ever, but so are the potential legal consequences. Indeed, the news headlines are constantly filled with horror stories of jury verdicts, court judgments and unreasonable settlements involving organizations that failed to effectively address their data stockpiles. While there are no quick or easy solutions to these problems, an ever increasing method for effectively dealing with these issues is through an organizational strategy referred to as defensible deletion. A defensible deletion strategy could refer to many items. But at its core, defensible deletion is a comprehensive approach that companies implement to reduce the storage costs and legal risks associated with the retention of electronically stored information (ESI). Organizations that have done so have been successful in avoiding court sanctions while at the same time eliminating ESI that has little or no business value. The first step to implementing a defensible deletion strategy is for organizations to ensure that they have a top-down plan for addressing data retention. This typically requires that their information governance principals – legal and IT – are cooperating with each other. These departments must also work jointly with records managers and business units to decide what data must be kept and for what length of time. All such stakeholders in information retention must be engaged and collaborate if the organization is to create a workable defensible deletion strategy. Cooperation between legal and IT naturally leads the organization to establish records retention policies, which carry out the key players’ decisions on data preservation. Such policies should address the particular needs of an organization while balancing them against litigation requirements. Not only will that enable a company to reduce its costs by decreasing data proliferation, it will minimize a company’s litigation risks by allowing it to limit the amount of potentially relevant information available for current and follow-on litigation. In like manner, legal should work with IT to develop a process for how the organization will address document preservation during litigation. This will likely involve the designation of officials who are responsible for issuing a timely and comprehensive litigation hold to custodians and data sources. This will ultimately help an organization avoid the mistakes that often plague document management during litigation. The Role of Technology in Defensible Deletion In the digital age, an essential aspect of a defensible deletion strategy is technology. Indeed, without innovations such as archiving software and automated legal hold acknowledgements, it will be difficult for an organization to achieve its defensible deletion objectives. On the information management side of defensible deletion, archiving software can help enforce organization retention policies and thereby reduce data volume and related storage costs. This can be accomplished with classification tools, which intelligently analyze and tag data content as it is ingested into the archive. By so doing, organizations may retain information that is significant or that otherwise must be kept for business, legal or regulatory purposes – and nothing else. An archiving solution can also reduce costs through efficient data storage. By expiring data in accordance with organization retention policies and by using single instance storage to eliminate ESI duplicates, archiving software frees up space on company servers for the retention of other materials and ultimately leads to decreased storage costs. Moreover, it also lessens litigation risks as it removes data available for future litigation. On the eDiscovery side of defensible deletion, an eDiscovery platform with the latest in legal hold technology is often essential for enabling a workable litigation hold process. Effective platforms enable automated legal hold acknowledgements on various custodians across multiple cases. This allows organizations to confidently place data on hold through a single user action and eliminates concerns that ESI may slip through the proverbial cracks of manual hold practices. Organizations are experiencing every day the costly mistakes of delaying implementation of a defensible deletion program. This trend can be reversed through a common sense defensible deletion strategy which, when powered by effective, enabling technologies, can help organizations decrease the costs and risks associated with the information explosion.1.1KViews1like10CommentsEmail Isn't eDiscovery Top Dog Any Longer, Recent Survey Finds
Symantec today issued the findings of its second annual Information Retention and eDiscovery Survey, which examined how enterprises are coping with the tsunami of electronically stored information (ESI) that we see expanding by the minute. Perhaps counter intuitively, the survey of legal and IT personnel at 2,000 enterprises found that email is no longer the primary source of ESI companies produced in response to eDiscovery requests. In fact, email came in third place (58%) to files/documents (67%) and database/application data (61%). Marking a departure from the landscape as recently as a few years ago, the survey reveals that email does not axiomatically equal eDiscovery any longer. Some may react incredulously to these results. For instance, noted eDiscovery expert Ralph Losey continues to stress the paramount importance of email: “In the world of employment litigation it is all about email and attachments and other informal communications. That is not to say databases aren't also sometimes important. They can be, especially in class actions. But, the focus of eDiscovery remains squarely on email.” While it’s hard to argue with Ralph, the real takeaway should be less about the relative descent of email’s importance, and more about the ascendency of other data types (including social media), which now have an unquestioned seat at the table. The primary ramification is that organizations need to prepare for eDiscovery and governmental inquires by casting a wider ESI net, including social media, cloud data, instant messaging and structured data systems. Forward-thinking companies should map out where all ESI resides company-wide so that these important sources do not go unrecognized. Once these sources of potentially responsive ESI are accounted for, the right eDiscovery tools need to be deployed so that these disparate types of ESI can be defensibly collected and processed for review in a singular, efficient and auditable environment. The survey also found that companies which employ best practices such as implementing information retention plans, automating the enforcement of legal holds and leveraging archiving tools instead of relying on backups, fare dramatically better when it comes to responding to eDiscovery requests. Companies in the survey with good information governance hygiene were: 81% more likely to have a formal retention plan in place 63% more likely to automate legal holds 50% more likely to use a formal archiving tool These top-tier companies in the survey were able to respond much faster and more successfully to an eDiscovery request, often suffering fewer negative consequences: 78% less likely to be sanctioned 47% less likely to lead to a compromised legal position 45% less likely to disclose too much information This last bullet (disclosing too much information) has a number of negative ramifications beyond just giving the opposition more ammo than is strictly necessary. Since much of the eDiscovery process is volume-based, particularly the eyes-on review component, every extra gigabyte of produced information costs the organization in both seen and unseen ways. Some have estimated that it costs between $3-5 a document for manual attorney review - and at 50,000 pages to a gigabyte, these data-related expenses can really add up quickly. On the other side of the coin, there were those companies with bad information governance hygiene. While this isn’t terribly surprising, it is shocking to see how many entities fail to connect the dots between information governance and risk reduction. Despite the numerous risks, the survey found nearly half of the respondents did not have an information retention plan in place, and of this group, only 30% were discussing how to do so. Most shockingly, 14% appear to be ostriches with their heads in the sand and have no plans to implement any retention plan whatsoever. When asked why folks weren’t taking action, respondents indicated lack of need (41%), too costly (38%), nobody has been chartered with that responsibility (27%), don’t have time (26%) and lack of expertise (21%) as top reasons. While I get the cost issue, particularly in these tough economic times, it’s bewildering to think that so many companies feel immune from the requirements of having even a basic retention plan. As the saying goes, “You don’t need to be a weatherman to tell which way the wind blows.” And, the winds of change are upon us. Treating eDiscovery as a repeatable business process isn’t a Herculean task, but it is one that cannot be accomplished without good information governance hygiene and the profound recognition that email isn’t the only game in town. For more information regarding good records management hygiene, check out this informative video blog and Contoural article.753Views0likes8CommentsSpotlighting the Top Electronic Discovery Cases from 2012
With the New Year quickly approaching, it is worth reflecting on some of the key eDiscovery developments that have occurred during 2012. While legislative, regulatory and rulemaking bodies have undoubtedly impacted eDiscovery, the judiciary has once again played the most dramatic role. There are several lessons from the top 2012 court cases that, if followed, will likely help organizations reduce the costs and risks associated with eDiscovery. These cases also spotlight the expectations that courts will likely have for organizations in 2013 and beyond. Implementing a Defensible Deletion Strategy Case: Brigham Young University v. Pfizer, 282 F.R.D. 566 (D. Utah 2012) In Brigham Young, the plaintiff university had pressed for sanctions as a result of Pfizer’s destruction of key documents pursuant to its information retention policies. The court rejected that argument because such a position failed to appreciate the basic workings of a valid corporate retention schedule. As the court reasoned, “[e]vidence may simply be discarded as a result of good faith business procedures.” When those procedures operate to inadvertently destroy evidence before the duty to preserve is triggered, the court held that sanctions should not issue: “The Federal Rules protect from sanctions those who lack control over the requested materials or who have discarded them as a result of good faith business procedures.” Summary: The Brigham Young case is significant since it emphasizes that organizations should implement a defensible deletion strategy to rid themselves of data stockpiles. Absent a preservation duty or other exceptional circumstances, organizations that pare back ESI pursuant to “good faith business procedures” (such as a neutral retention policy) will be protected from sanctions. **Another Must-Read Case: Danny Lynn Elec. v. Veolia Es Solid Waste (M.D. Ala. Mar. 9, 2012) Issuing a Timely and Comprehensive Litigation Hold Case: Apple, Inc. v. Samsung Electronics Co., Ltd, --- F. Supp. 2d. --- (N.D. Cal. 2012) Summary: The court first issued an adverse inference instruction against Samsung to address spoliation charges brought by Apple. In particular, the court faulted Samsung for failing to circulate a comprehensive litigation hold instruction when it first anticipated litigation. This eventually culminated in the loss of emails from several key Samsung custodians, inviting the court’s adverse inference sanction. Ironically, however, Apple was subsequently sanctioned for failing to issue a proper hold notice. Just like Samsung, Apple failed to distribute a hold until several months after litigation was reasonably foreseeable. The tardy hold instruction, coupled with evidence suggesting that Apple employees were “encouraged to keep the size of their email accounts below certain limits,” ultimately led the court to conclude that Apple destroyed documents after its preservation duty ripened. The Lesson for 2013: The Apple case underscores the importance of issuing a timely and comprehensive litigation hold notice. For organizations, this likely means identifying the key players and data sources that may have relevant information and then distributing an intelligible hold instruction. It may also require suspending aspects of information retention policies to preserve relevant ESI. By following these best practices, organizations can better avoid the sanctions bogeyman that haunts so many litigants in eDiscovery. **Another Must-Read Case: Chin v. Port Authority of New York, 685 F.3d 135 (2 nd Cir. 2012) Judicial Approval of Predictive Coding Case: Da Silva Moore v. Publicis Groupe, --- F.R.D. --- (S.D.N.Y. Feb. 24, 2012) Summary: The court entered an order that turned out to be the first of its kind: approving the use of predictive coding technology in the discovery phase of litigation. That order was entered pursuant to the parties’ stipulation, which provided that defendant MSL Group could use predictive coding in connection with its obligation to produce relevant documents. Pursuant to that order, the parties methodically (yet at times acrimoniously) worked over several months to fine tune the originally developed protocol to better ensure the production of relevant documents by defendant MSL. The Lesson for 2013: The court declared in its order that predictive coding “is an acceptable way to search for relevant ESI in appropriate cases.” Nevertheless, the court also made clear that this technology is not the exclusive method now for conducting document review. Instead, predictive coding should be viewed as one of many different types of tools that often can and should be used together. ** Another Must-Read Case: In Re: Actos (Pioglitazone) Prods. Liab. Litig. (W.D. La. July 10, 2012) Proportionality and Cooperation are Inextricably Intertwined Case: Pippins v. KPMG LLP, 279 F.R.D. 245 (S.D.N.Y. 2012) Summary: The court ordered the defendant accounting firm (KPMG) to preserve thousands of employee hard drives. The firm had argued that the high cost of preserving the drives was disproportionate to the value of the ESI stored on the drives. Instead of preserving all of the drives, the firm hoped to maintain a reduced sample, asserting that the ESI on the sample drives would satisfy the evidentiary demands of the plaintiffs’ class action claims. The court rejected the proportionality argument primarily because the firm refused to permit plaintiffs or the court to analyze the ESI found on the drives. Without any transparency into the contents of the drives, the court could not weigh the benefits of the discovery against the alleged burdens of preservation. The court was thus left to speculate about the nature of the ESI on the drives, reasoning that it went to the heart of plaintiffs’ class action claims. As the district court observed, the firm may very well have obtained the relief it requested had it engaged in “good faith negotiations” with the plaintiffs over the preservation of the drives. The Lesson for 2013: The Pippins decision reinforces a common refrain that parties seeking the protection of proportionality principles must engage in reasonable, cooperative discovery conduct. Staking out uncooperative positions in the name of zealous advocacy stands in sharp contrast to proportionality standards and the cost cutting mandate of Rule 1. Moreover, such a tactic may very well foreclose proportionality considerations, just as it did in Pippins. **Another Must-Read Case: Kleen Products LLC v. Packaging Corp. of America (N.D. Ill. Sept. 28, 2012) Conclusion There were any number of other significant cases from 2012 that could have made this list. We invite you to share your favorites in the comments section or contact us directly with your feedback.625Views0likes3CommentsBreaking News: Recusal Motion in Da Silva Moore Case Denied
In what might be characterized as the most anticipated ruling in the eDiscovery world over the past several months, the district court in Da Silva Moore v. Publicis Groupe today denied the plaintiffs’ motion to recuse the Honorable Andrew Peck as the assigned magistrate to that action. In rejecting the plaintiffs’ recusal request, United States District Court Judge Andrew Carter held that “Judge Peck’s decision accepting computer-assisted review, reached upon consideration of the applicable law, was not influenced by bias, nor did it create any appearance of bias.” Judge Carter’s decision is particularly significant as it leaves undisturbed Judge Peck’s orders regarding the use of predictive coding and his declaration that computer-assisted review in eDiscovery is “acceptable in appropriate cases.” Moreover, Judge Carter gave another judicial imprimatur to predictive coding with his determination that it “does not inherently favor one party over the other in this case.” With today’s ruling, Judge Carter has perhaps finally brought to a close the contentious sideshow that nearly overshadowed the first known case involving the use of predictive coding in eDiscovery. With its potential to reduce the costs and delays associated with the review of ESI, predictive coding holds incredible promise for the future of eDiscovery.587Views0likes2CommentsWould Rule Changes Alleviate eDiscovery Burdens?
You have heard this one before. Changes to the Federal Rules are in the works that could alleviate the eDiscovery burdens of organizations. Greeting this news with skepticism would probably be justified. After all, many feel that the last set of amendments failed to meet the hype of streamlining the discovery process to make litigation costs more reasonable. Others, while not declaring the revised Rules a failure, nonetheless believe that the amendments have been doomed by the lack of adherence among counsel and the courts. Regardless of the differing perspectives, there seems to be agreement on both sides that the Rules have spawned more collateral disputes than ever before about the preservation and collection of ESI. What is different this time is that the latest set of proposed amendments could offer a genuine opportunity for organizations to slash the costs of document preservation and collection. Chief among these changes would be a revised Rule 37(e). The current iteration of this rule is designed to protect companies from court sanctions when the programmed operation of their computer systems automatically destroys ESI. Nevertheless, the rule has largely proved ineffective as a national standard because it did not apply to pre-litigation information destruction activities. As a result, courts often bypassed the rule’s protections to punish companies who negligently, though not nefariously, destroyed documents before a lawsuit was filed. The current proposal to amend Rule 37(e) (see page 127) would substantially broaden the existing protection against sanctions. The proposal would shield an organization’s pre-litigation destruction of information from sanctions except where that destruction was “willful or in bad faith and caused substantial prejudice in the litigation” or “irreparably deprived a party of any meaningful opportunity to present a claim or defense.” In making a determination on this issue, courts would be forced to examine the enterprise’s information retention protocols through more than just the lens of litigation. Instead, they would have to consider the nature and motives behind a company’s decision-making process. Such factors include: The extent to which the party was on notice that litigation was likely The reasonableness and proportionality of the party’s efforts to preserve the information The nature and scope of any request received to preserve information Whether the party sought timely judicial guidance regarding any preservation disputes By seeking to punish only nefarious conduct and by ensuring that the analysis includes a broad range of considerations, organizations could finally have a fighting chance to reduce the costs and risks of preservation. Despite the promise this proposal holds, there is concern among some of the eDiscovery cognoscenti that provisions in the draft proposal to amend Rule 37(e) could water down its intended protections. Robert Owen, a partner at Sutherland Asbill & Brennan LLP and a leading eDiscovery thought leader, has recently authored an insightful articlethat spotlights some of these issues. Among other things, Owen points out that the “irreparably deprived” provision could end up diluting the “bad faith” standard. This could ultimately provide activist jurists with an opportunity to re-introduce a negligence standard through the backdoor, which would be a troubling development for clients, counsel and the courts. These issues and others confirm the difficulty of establishing national standards to address the factual complexities of many eDiscovery issues. They also point to the difficult path that the Civil Rules Advisory Committee still must travel before a draft of Rule 37(e) can be finalized for public comment. Even assuming that stage can be reached after the next rules committee meeting in April 2013, additional changes could still be forthcoming to address the concerns of other constituencies. Stay tuned; the debate over revisions to Rule 37(e) and its impact on organizations’ defensible deletion efforts is far from over.472Views1like3CommentsThe Global Impact of eDiscovery and Data Protection Laws in Germany
The acknowledged power of Continental Europe is Germany. Its steady economy and stable politics offer foreign companies an inviting prospect for investment. And yet, as organizations explore and begin developing business opportunities in Germany, they often become entangled in a web of unfamiliar legal issues. These issues, particularly eDiscovery and data protection laws, can be a costly and time consuming trap for unsuspecting companies. To avoid becoming ensnared by legal minutiae, attorney fees and lost opportunities, companies should consider gaining at least a basic understanding regarding the German eDiscovery and data protection landscape. Discovery in Germany By way of introduction, it should be noted that Germany, like most European countries, is a civil code country whose legal traditions are distinct from the common law notions that characterize the United States. According to its legal precepts, civil litigation in Germany is conducted in a vastly different fashion than in the U.S. For example, “discovery,” as it is known in the United States, does not exist in Germany. Interrogatories, categorical document requests and requests for admissions are simply unavailable as discovery devices. Instead, Germany only allows a limited exchange of documents, with the parties typically only disclosing information that supports their claims. The U.S. Court of Appeals for the Seventh Circuit recently commented on this key distinction when it observed in Heraeus Kulzer v. Biomet that “the German legal system . . . does not authorize discovery in the sense of Rule 26 of the Federal Rules of Civil Procedure.” The court went on to explain that “[a] party to a German lawsuit cannot demand categories of documents from his opponent. All he can demand are documents that he is able to identify specifically—individually, not by category.” Another key distinction to discovery in Germany is the lack of rules or case law requiring the preservation of ESI or paper documents. This stands in sharp contrast to American jurisprudence, which typically requires organizations to preserve information as soon as they “reasonably anticipate” litigation. Data Protection in Germany Another critical, distinguishing characteristic of Germany’s legal traditions are its notions of data protection and individual privacy. Unlike the mostly laissez-faire approach in the U.S. to data protection, Germany has adopted a comprehensive framework to secure personal information from unreasonable government and corporate intrusions. To guard against such intrusions, Germany has strict requirements that govern any “processing” of personal information. In addition, corporate data processing in Germany must satisfy company Works Councils, which represent the interests of employees and protect their privacy rights. Those protections extend to domestic litigation and international data transfers, to which Works Councils and company Data Protection Officers may object. Another important aspect to German data protection laws are the restrictions they place on transferring personal information across international borders. Companies with offices in Germany must ensure that the country where such data will be transferred has enacted laws that meet EU data protection standards. Transfers of personal data to countries that do not meet those standards are generally forbidden, with substantial fines imposed for non-compliance. This backdrop of complexity suggests that companies exploring business opportunities in Germany should obtain a better understanding of its discovery and data protection laws. There are various resources that provide straightforward answers to these issues at no cost to the end-user. For example, global legal expert James Daley recently recorded two podcasts that discuss the challenges associated with German discovery and data privacy laws. Think tanks such as The Sedona Conference have also made available materials that provide significant detail on these issues, including its “International Overview of Discovery, Data Privacy, and Disclosure Requirements.” By obtaining a greater awareness of the legal workings inside Germany, organizations can more capably develop a cooperative, proactive process for how they will address data preservation and production for cross-border litigation. By so doing, organizations can be better prepared to address potential eDiscovery and data protection snares that are inextricably intertwined with globalization.460Views2likes0CommentsSymantec Positioned Highest in Execution and Vision in Gartner Archiving MQ
Once again Gartner has named Symantec as a leader in the Enterprise Information Archiving magic quadrant. We’ve continued to invest significantly in this market and it is gratifying to see the recognition for the continued effort we put into archiving both in the cloud and on premises with our Enterprise Vault.cloud and Enterprise Vault products. Symantec has now been rated a leader 9 years in a row. This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Symantec. Gartner does not endorse any vendor, product or service depicted in the Magic Quadrant, and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose. This year marks a transition in a couple of regards. We are seeing an acceleration of customers looking for the convenience and simplicity of SaaS based archiving solution. The caveat being that they want the security and trust that only a vendor like Symantec can deliver. Similarly the market has continued to ask for integrated solutions that deliver information archiving and eDiscovery to quickly address often complex and time sensitive process of litigation and regulatory requests. The deep integration we offer between our archiving solutions – Enterprise Vault and Enterprise Vault.cloud –and the Clearwell eDiscovery Platform has led many customers to deploy these together to streamline their eDiscovery workflow. An archive is inherently deployed with the long term in mind. Over the history of Gartner’s Enterprise Information Archiving MQ, only Symantec has provided a consistent solution to customers by investing and innovating with Enterprise Vault to lead the industry in performance, functionality, and support without painful migrations or changes. We’re excited about what we have planned next for Enterprise Vault and Enterprise Vault.cloud and intend to maintain our leadership in the years to come. Our customers will continue to be able to manage their critical information assets and meet their needs for eDiscovery and Information Governance as we improve our products year after year.456Views0likes0CommentsWhat Abraham Lincoln Teaches about Defensible Deletion of ESI
The reviews are in and movie critics are universally acclaiming Lincoln, the most recent Hollywood rendition regarding the sixteenth president of the United States. While viewers may or may not enjoy the movie, the focus on Abraham Lincoln brings to mind a rather key insight for organizations seeking to strengthen their defensible deletion process. Lincoln has long been admired for his astute handling of the U.S. Civil War and for his inventive genius (he remains the only U.S. President who patented an invention). Nevertheless, it is Lincoln’s magnanimous, yet shrewd treatment of his rivals that provides the key lesson for organizations today. With a strategy that inexplicably escapes many organizations, Lincoln intelligently organized his documents and other materials so that he could timely retrieve them to help keep his political enemies in check. This strategy was particularly successful with his Secretary of the Treasury, Salmon Chase, who constantly undermined Lincoln in an effort to bolster his own presidential aspirations. To blunt the effect of Chase’s treachery, Lincoln successfully wielded the weapon of information: Chase’s letters to Lincoln that were filled with problematic admissions. Doris Kearns Goodwin chronicled in her Pulitzer Prize winning book, Team of Rivals, how Lincoln always seemed to access that information at a moment’s notice to save him from Chase’s duplicity. Lincoln’s tactics reinforce the value of retaining and retrieving important information in a time of need. Lacking the organizational and technological capacity to do so may prevent companies from pulling up information at a crucial moment, be it for business, legal or regulatory purposes. For this and many other reasons, industry experts are recommending that organizations implement a defensible deletion strategy. Defensible Deletion Requires Deletion Such a strategy could have some success if it is powered by the latest in effective retention technologies such as data classification and automated legal hold. Such innovations will better enable organizations to segregate and preserve business critical ESI. And yet, it is not enough to just adopt the preservation side of this strategy, for the heart of defensible deletion requires just that – deleting large classes of superfluous, duplicative and harmful data – if its benefits are ever to be realized. Companies that fail to delete such ESI will likely never come off conqueror in the “battle of the data bulge.” Indeed, such a growing waistline of data is problematic for three reasons. First, it can place undue pressure on an organization’s storage infrastructure and needlessly increase the cost of data retention. It can also result in higher eDiscovery costs as the organization is forced to review and analyze all of that ESI largesse. Finally, a potentially fatal risk of producing harmful materials – kept beyond the time required by law – in eDiscovery will unnecessarily increase. All of which could have been obviated had the enterprise observed the rule of “good corporate housekeeping” by eliminating ESI in a manner approved by courts and the rules makers. For organizations willing to get rid of their digital clutter, defensible deletion offers just what they need so as to reduce the costs and risks of bloated ESI retention. Doing so will help companies make better use that information so, like Honest Abe, they can stave off troublesome challenges threatening the enterprise.424Views1like0CommentsFederal Directive Hits Two Birds (RIM and eDiscovery) with One Stone
The eagerly awaited Directive from The Office of Management and Budget (OMB) and The National Archives and Records Administration (NARA) was released at the end of August. In an attempt to go behind the scenes, we’ve asked the Project Management Office (PMO) and the Chief Records Officer for the NARA to respond to a few key questions. We know that the Presidential Mandatewas the impetus for the agency self-assessments that were submitted to NARA. Now that NARA and the OMB have distilled those reports, what are the biggest challenges on a go forward basis for the government regarding record keeping, information governance and eDiscovery? “In each of those areas, the biggest challenge that can be identified is the rapid emergence and deployment of technology. Technology has changed the way Federal agencies carry out their missions and create the records required to document that activity. It has also changed the dynamics in records management. In the past, agencies would maintain central file rooms where records were stored and managed. Now, with distributed computing networks, records are likely to be in a multitude of electronic formats, on a variety of servers, and exist as multiple copies. Records management practices need to move forward to solve that challenge. If done right, good records management (especially of electronic records) can also be of great help in providing a solid foundation for applying best practices in other areas, including in eDiscovery, FOIA, as well as in all aspects of information governance.” What is the biggest action item from the Directive for agencies to take away? “The Directive creates a framework for records management in the 21 st century that emphasizes the primacy of electronic information and directs agencies to being transforming their current process to identify and capture electronic records. One milestone is that by 2016, agencies must be managing their email in an electronically accessible format (with tools that make this possible, not printing out emails to paper). Agencies should begin planning for the transition, where appropriate, from paper-based records management process to those that preserve records in an electronic format. The Directive also calls on agencies to designate a Senior Agency Official (SAO) for Records Management by November 15, 2012. The SAO is intended to raise the profile of records management in an agency to ensure that each agency commits the resources necessary to carry out the rest of the goals in the Directive. A meeting of SAOs is to be held at the National Archives with the Archivist of the United States convening the meeting by the end of this year. Details about that meeting will be distributed by NARA soon.” Does the Directive holistically address information governance for the agencies, or is it likely that agencies will continue to deploy different technology even within their own departments? “In general, as long as agencies are properly managing their records, it does not matter what technologies they are using. However, one of the drivers behind the issuance of the Memorandum and the Directive was identifying ways in which agencies can reduce costs while still meeting all of their records management requirements. The Directive specifies actions (see A3, A4, A5, and B2) in which NARA and agencies can work together to identify effective solutions that can be shared.” Finally, although FOIA requests have increased and the backlog has decreased, how will litigation and FOIA intersecting in the next say 5 years? We know from the retracted decision inNDLON that metadata still remains an issue for the government…are we getting to a point where records created electronically will be able to be produced electronically as a matter of course for FOIA litigation/requests? “In general, an important feature of the Directive is that the Federal government’s record information – most of which is in electronic format – stays in electronic format. Therefore, all of the inherent benefits will remain as well – i.e., metadata being retained, easier and speedier searches to locate records, and efficiencies in compilation, reproduction, transmission, and reduction in the cost of producing the requested information. This all would be expected to have an impact in improving the ability of federal agencies to respond to FOIA requests by producing records in electronic formats.” Fun Fact- Is NARA really saving every tweet produced? “Actually, the Library of Congress is the agency that is preserving Twitter. NARA is interested in only preserving those tweets that a) were made or received in the course of government business and b) appraised to have permanent value. We talked about this on our Records Express blog.” “We think President Barack Obama said it best when he made the following comment on November 28, 2011: “The current federal records management system is based on an outdated approach involving paper and filing cabinets. Today’s action will move the process into the digital age so the American public can have access to clear and accurate information about the decisions and actions of the Federal Government.” Paul Wester, Chief Records Officer at the National Archives, has stated that this Directive is very exciting for the Federal Records Management community. In our lifetime none of us has experienced the attention to the challenges that we encounter every day in managing our records management programs like we are now. These are very exciting times to be a records manager in the Federal government. Full implementation of the Directive by the end of this decade will take a lot of hard work, but the government will be better off for doing this and we will be better able to serve the public.” Special thanks to NARA for the ongoing dialogue that is key to transparent government and the effective practice of eDiscovery, Freedom Of Information Act requests, records management and thought leadership in the government sector. Stay tuned as we continue to cover these crucial issues for the government as they wrestle with important information governance challenges.407Views0likes0CommentsWhere There’s Smoke There’s Fire: Powering eDiscovery with Data Loss Prevention
New technologies are being repurposed for Early Case Assessment (ECA) in this ever-changing global economy chockfull of intellectual property theft and cybertheft. These increasingly hot issues are now compelling lawyers to become savvier about how the technologies they use to identify IP theft and related issues in eDiscovery. One of the more useful, but often overlooked tools in this regard is Data Loss Prevention (DLP) technology. Traditionally a data breach and security tool, DLP has emerged as yet another tool in the Litigator’s Tool Belt™ that can be applied in eDiscovery. DLP technology utilizes Vector Machine Learning (VML) to detect intellectual property, such as product designs, source code and trademarked language that are deemed proprietary and confidential. This technology eliminates the need for developing laborious keyword-based policies or fingerprinting documents. While a corporation can certainly customize these policies, there are off the shelf materials that make the technology easy to deploy. An exemplary use case that spotlights how DLP could have been deployed in the eDiscovery context is the case of E.I. Du Pont de Nemours v. Kolon Industries. In DuPont, a jury issued a $919 million verdict after finding that the defendant manufacturer stole critical elements of the formula for Kevlar, a closely guarded and highly profitable DuPont trade secret. Despite the measures that were taken to protect the trade secret, a former DuPont consultant successfully copied key information relating to Kevlar on to a CD that was later disseminated to the manufacturer’s executives. All of this came to light in the recently unsealed criminal indictments the U.S. Department of Justice obtained against the manufacturer and several of its executives. Perhaps all of this could have been avoided had a DLP tool been deployed. A properly implemented DLP solution in the DuPont case might have detected the misappropriation that occurred and perhaps prompted an internal investigation. At the very least, DLP could possibly have mitigated the harmful effects of the trade secret theft. DLP technology could potentially have detected the departure/copying of proprietary information and any other suspicious behavior regarding sensitive IP. As the DuPont case teaches, DLP can be utilized to detect IP theft and data breaches. In addition, it can act as an early case assessment (ECA) tool for lawyers in both civil and criminal actions. With data breaches, where there is smoke (breach) there is generally fire (litigation). A DLP incident report can be used as a basis for an investigation, and essentially reverse engineer the ECA process with hard evidence underlying the data breach. Thus, instead of beginning an investigation with a hunch or tangential lead, DLP gives hard facts to lawyers, and ultimately serves as a roadmap for effective legal hold implementation for the communications of custodians. Instead of discovering data breaches during the discovery process, DLP allows lawyers to start with this information, making the entire matter more efficient and targeted. From an information governance point of view, DLP also has a relationship with the left proactive side of the Electronic Discovery Reference Model. The DLP technology can also be repurposed as Data Classification Services for automated document retention. The policy and technology combination of DCS/DLP speak to each other in harmony to accomplish appropriate document retention as well as breach prevention and notification. It follows that there would be similar identifiers for both policy consoles in DCS/DLP, and that these indicators enable the technology to make intelligent decisions. Given this backdrop, it behooves both firm lawyers and corporate counsel to consider getting up to speed on the capabilities of DLP tools. The benefits DLP offers in eDiscovery are too important to be ignored.365Views0likes0Comments