Migrated from eDJGroupInc.com. Author: Greg Harris. Published: 2012-03-08 04:00:02Format, images and links may no longer function correctly. The following article is based on notes taken during The Cowen Group’s Signature Dinner hosted in Atlanta on March 1, 2012.
The guest list for the evening included sixteen professionals with responsibilities ranging from an eDiscovery technologist and an Enterprise Architect to a Vice President of Security Compliance and a College Professor. Some of the industries represented in the discussion were:
- Academia
- Agricultural Machinery
- Air Delivery & Freight Services
- Broadcast Media
- Credit Monitoring
- Financial Services
- Legal Services
- Hotels & Motels
- Telecommunications
David Cowen, Managing Partner at The Cowen Group, started the evening by asking each participant to introduce themselves, and define their biggest challenge. Answers covered the spectrum from identity management and information governance to Payment Card Industry (PCI) requirements and how to protect Personally Identifiable Information (PII). One common theme from all of the answers was the volume of data, and how to manage it.
What is data? To some of the companies, data is not viewed as an asset; it is simply a byproduct of doing business. To other companies, such as the credit monitoring firm, data is “the only asset”. A current industry buzzword is “big data”. Companies hold massive amounts of data, and if they are able to develop ways to analyze it, they can learn a lot about their customer base, and make meaningful forecasts. However, regardless of how the company views data and its usefulness, it is a liability, and accidental disclosure can lead to regulatory fines, and public embarrassment.
Eventually, the discussion turned to email archival and data retention policies. Several of the participants indicated that their organizations either have an archival solution in place, or are in the process of implementation. The question is – how much email do you keep? Of course, some industries are bound by regulatory requirements to preserve email and other records for a number of years. But what about the non-business related email? One company allows their custodians to use folders in the archival system to store email based on the type of data (e.g. financial, legal, medical, etc.). In this scenario, the onus is on the custodian to determine whether or not to preserve the email… even if a legal matter does not exist. The company needs to have a well-defined data retention policy for the custodians to follow, and the policy must be socialized regularly to encourage compliance.
When defining, or refining an information governance policy, organizations need to consider the employee. How do you train people to adopt information governance policies and processes without violating their sense of autonomy and privacy? By highlighting the level of intimate access the enterprise has to an employee’s at-work communications, the employee may feel that they are not trusted, and morale will begin to break down.
Opinions on data retention ranged from “delete everything as soon as possible”, to “keep everything forever.” The first opinion takes the minimalist approach in that you only store what you absolutely need, or are required to preserve. Using this methodology, an organization would limit its exposure in future litigation, but run the risk of purging vital evidence. The person with the “keep everything forever” opinion works for a company that uses a certain web-based email service, which is hosted by a firm that specializes in search. The idea here is that all of their email is indexed, and readily searched on short notice. For those of us that host our email internally, this is not a viable option.
Another interesting question was, “is there a worthwhile conversation to be had around the governance of information within the EDRM, with a specific goal of reducing redundant collection, processing, hosting, and review?” Email archival solutions can help by de-duplicating email collections. Some forensic collection tools, which now have an eDiscovery focus, provide the ability to exclude known files from a collection based on a hash value. Collaboration tools provide a central repository for project documentation, and could be used as the system of record, rather than collecting the same documents from numerous laptops.
Whether the data comes from email, documents, or other sources, companies need to address containment and destruction. eDiscovery teams are faced with an ever-expanding amount of data to identify, collect, process, search and produce. Mail servers are full of redundant, obsolete and trivial data, which only serve to slow the eDiscovery process. In order to reduce the amount of effort involved, eDiscovery teams should find a seat at the table so they can help shape data retention in their organization. Fortunately, Cowen noted that “After 3-5 years of investments in people, process, technology, and policy to control the cost of eDiscovery, executives at sophisticated corporations and law firms have more clarity into the business metrics and operational pains that justify budget for information governance programs.”
eDiscoveryJournal Contributor – Greg Harris