Migrated from eDJGroupInc.com. Author: Amber Scorah. Published: 2012-04-03 09:00:25  PART ONE OF AN INTERVIEW WITH JONATHAN WILANPartner at Hunton & Williams LLP Inside and outside counsel, in-house eDiscovery teams and records management departments understand the duties to preserve data subject to a legal hold, and the need to have a retention policy.  But with the exploding rate of data growth, data remediation is a serious exercise that all companies must consider.I spoke with Jonathan Wilan, Partner at Hunton & Williams LLP, about the importance of data remediation.  In part one of this two part series, we discuss the risks of not practicing data remediation, and the main challenges to accomplishing it. Amber Scorah:  How important is data remediation — i.e., what are the risks of not practicing data remediation?Jonathan Wilan:  Data remediation is a critical information governance requirement for any large organization.  While most sizeable companies have developed records schedules and policies that provide for destruction of data that has outlived useful business retention, these policies often were developed in a paper world.  Companies and records management personnel have struggled, however, to adapt those policies to address electronic documents.The volume and sources of electronic data only continue to grow, and there is no likelihood that this will stop anytime soon.  Moreover, mergers and acquisitions and developing technology often lead to replacement of old systems, but frequently organizations find it difficult from either a business or legal perspective to purge the legacy data associated with those systems.  The net result for many companies is a “toxic waste dump” of digital data.The risk of allowing accumulation of legacy data can be significant.  Not only can there be significant extra storage and management costs, but also from a legal perspective, legacy data can present numerous challenges.First, for data that is not currently needed for business purposes and is not on legal hold, a company is just one new case away from having a legal obligation to preserve and retain the data.  It is important not to wait to get to that point before you tackle legacy data, because it becomes infinitely more difficult once there is a legal hold requirement that must be satisfied prior to destruction.Second, we have found that in many cases, legacy data that has been saved beyond its useful life can become a critical part of litigation matters, but there is little or no expertise left within the company to identify, support or explain this data.  This drives up cost, as the in-house and outside legal team must go on a fishing expedition to find a subject matter expert somewhere in the organization.  Further, the more data a company has in litigation, the greater the cost of collection, processing, and document review.Finally, in a world with increasing cyber-security risks, minimizing the amount of data that could be subject to inadvertent leakage or to intentional interception by hostile external parties, is an important part of any cyber-security plan.  These risks militate strongly in favor of aggressively managing legacy data consistent with business and legal obligations. Amber Scorah: What are the main challenges to accomplishing remediation?Jonathan Wilan:  Each organization will have its own internal business challenges.  These can range from business owners who do not want to “give up” legacy data “just in case” they need it someday to the difficulty of obtaining a budget allocation for the remediation project, which may have some near-term costs, even though the long-term costs savings can far surpass the up front costs.Additionally, companies are challenged to know what and where the legacy data is, which is an essential first step to any remediation plan.  If a company does not know where its data is, it cannot successfully remediate it.  We have seen data in every location from IT department closets, to outside law firms and consultants, to long-forgotten off-site storage sites.A third challenge is presented by legal hold preservation obligations.  Once a company has determined that legacy data has no business use, companies still need to understand and assess whether any legacy data they intend to purge may be subject to legal hold.  This requires that the company have an understanding of all of the active legal holds within the organization, the employees whose data is subject to hold, the date range of such legal holds, and the subject matter and scope of such holds.For companies with integrated legal hold tools that encompass all active holds (even for older active cases), this step can be relatively easy to accomplish.  For companies that do not have such an integrated tool, the inability to understand the scope of a company’s active holds can alone be a significant obstacle to remediation.Even if the organization does have a handle on its legal holds, applying those holds to the legacy data can be challenging.  For instance, if old backup tapes or hard drives have no labels or other identifying information, it can often be impossible to even know what might be contained on the storage devices without expending significant costs trying to open or restore such pieces of media one by one.Tune in for part two of the series.  We will discuss what departments should be involved in data remediation efforts, what the return on investment is, and how to measure it.For more information visit www.ediscoveryoilandgas.com, or email amber.scorah@iqpc.com.eDiscoveryJournal Contributor:  Amber Scorah, Legal IQ

0 0 votes
Article Rating