Migrated from eDJGroupInc.com. Author: Greg Buckles. Published: 2010-04-12 16:26:20Format, images and links may no longer function correctly. When you consult on discovery issues, you cannot avoid running into retention management initiatives, no matter how hard you try. One of the first Interrogatories on almost every matter asks for a copy of the corporate retention policy and supporting documentation concerning record systems. The problem is that records are no longer boxes of old files kept in offsite storage. In the modern business environment, every piece of ESI has the potential of being considered a ‘record’ or at least evidence. One of my more frequent client conversations starts with, “We need to have a system to apply retention periods so that I can get rid of anything that I do not absolutely need.” Counsel views the seas of unstructured ESI as potential evidence that will cost $1-3 per item to review. So the motivation behind legal’s push for retention management is to reduce discovery cost and risk. The actual goal is to legally destroy ESI as fast as possible, referred to as ‘record disposition’. To that end, I have come to the conclusion that trying to define records and apply retention periods is tackling the problem from the wrong end of the equation. A program of ‘Destruction Management’ that categorizes and destroys non-records seems to be a much more practical initial step toward overall information lifecycle management.
A quick Google check shows only Iron Mountain calling out destruction management for electronic records. I am sure that other traditional records storage and archiving players use this argument in the sales cycle, but all of them appear to start by defining a records retention schedule that lists categories and their corresponding retention period to comply with regulatory or business requirements. This academic exercise tends to generate hundreds to categories that no employee will ever be able to remember, much less actually apply. Next is the retention policy that lays out how the retention schedule is supposed to be enacted. Somewhere in here most retention committees or teams realize that designating records in typical communication and office applications is unrealistic. Even the new managed folders and personal archive in Exchange 2010 will do little to reduce the categorization burden on users. Microsoft Outlook has had basic rules that act on the header of the email (To/From/Subject) for over a decade with little actual usage. Those of us in eDiscovery have always known that users will not manually manage their email and files unless the consequences of non-compliance are dire.
A policy that users cannot or will not comply with is worse than having no policy at all. In the quest to remove the classification burden from users and comply with the onerous monitoring requirements of the broker-dealer regulations, securities firms have employed classification filters like MessageGate, Orchestria, Recommind and Autonomy to flag messages for compliance review. Even the relatively narrow filter rules for detecting potential violators and data loss require substantial time and effort to develop, check and maintain. Now think of the challenge faced by records managers attempting to create filters that will reliably categorize all of the diverse data sources and streams according to the laundry list of retention schedules. Archiving platforms like Symantec Enterprise Vault, Autonomy EAS and EMC SourceOne(previously EmailXtender) have acquired or partnered with various categorization providers over the years with the promise to magically organize a corporation’s data assets. To date, I have yet to find a public company that has achieved this data nirvana. Instead, I regularly bump into clients in permanent analysis paralysis around the entire retention issue. The archiving promise of data expiration becomes infinite retention when legal and compliance will not sign off on destruction.
Before the data proliferation explosion, record management (RM) platforms were created to enable users to designate records, retention categories and many more business attributes. The leaders like MDY, Filenet, Documentum, Open Text, Autonomy, and Oracle have generally been successful only in regulated or specialized business environments that justify the user effort of compliance. The leading Record Management products are DoD 5015.2 certified, meaning they can do forensic level destruction of records under their control. These systems have not scaled gracefully to tackle the storm of email and files. Instead, most rely on archive platforms for large enterprises to effectively federate records management. This raises the potential that your certified disposition may actually leave a retrievable copy within a CAB file or on big filer. The only well known applications with DoD-certified integrations with are Enterprise Vault and SharePoint.
Frankly, legal does not want to approve expiry because they do not trust users or filters to accurately designate records. The consequences of improper destruction of ESI under legal hold or retention regulations seem to outweigh the benefits of expiry. My proposal is to use these technologies to kill off the low hanging fruit and clean out the vast proportion of non-record or non-business ESI on live systems and in archives. eDiscovery providers have been quick to develop culling filters to exclude entire domains, newletters, personal email, collections of MP3’s and more. Between duplicates and junk, most providers are able to cull 30-70% of collections. If enterprise systems could identify and delete even 15-35% of existing ESI, the savings would be impressive. Exchange and other IT admins have been doing this on an ad-hoc basis behind the scenes, but all the publicity around legal holds has curtailed this practice. So glance through the list below and tell me how many of these categories could be destroyed automatically absent a legal hold?
- Advertisements
- Internal Announcements
- Business Periodicals
- Chain Humor
- Freemail Communications
- Internet Temp Files
- Mass Communications
- Media Entertainment
- Personal Medical
- Personal Financial
- Personal Spam Domains
- Pictures
- Random Generated Spam
- Receipt Notices
- Religious
- RSS Feeds
- Shortcuts
- Social Networking
- Sports
- Stock Market
- Surveys
- System Files
- System Generated Notices
- Temp Files
- Template Files
- Well Wishes