Migrated from eDJGroupInc.com. Author: Mikki Tomlinson. Published: 2013-10-30 20:00:00Format, images and links may no longer function correctly.
Nearly two years ago I wrote a blog on managing the balancing act between eDiscovery and business requirements. The blog identified the differing perspectives of key stakeholders in supporting corporate business goals while maintaining compliance with legal hold and discovery response activities, records and information management compliance, and IT goals and objectives. It also examined three relevant topic areas for corporations where differing perspectives were ripe for analysis. Interestingly, the challenges haven’t changed. Nor have the relevant topics used for example. However, advances in technology have altered the landscape.
The original blog is re-posted in blue font below, with my updated perspectives and comments in black.
One of the greatest challenges of implementing and maintaining legal hold and discovery response processes in a corporate environment is balancing those requirements with the needs and goals of the IT department. While we typically see the dichotomy between Legal and IT, there are other key stakeholders that cannot be left out of the mix: Compliance, Records Management and, of course, the Business Client.
In order to strike the balance (or at least start moving in that direction) between competing interests, each of these stakeholders must be able to understand the goals, mission, requirements, and needs of the others. To point out the obvious – this requires communication. The problem here is that Legal, Records, Compliance, and IT do not speak the same language. Because every organization is unique, culture is another critical component that cannot be ignored. While the cultural considerations and communication difficulties between the stakeholders may not necessarily be contentious, they can be frustrating and challenging. Luckily, there are ways to work through the cultural and language barriers, such as using drawings/visuals, explaining things in simple terms, and the use of translators.
Attorneys are conservative by nature. Thus, it is not uncommon to see the “keep it all” directive coming from Legal (note: we are beginning to see this trend slowly change as a result of the cost of review). It is also not uncommon for IT to push back on this directive due to constraints such as cost, storage space, and labor resources. Compliance and Records Management are interested in ensuring decisions and actions don’t conflict with policy. And, finally, the Business Client wants to control costs and does not want activities unduly constrained.
The move away from attorney directives to “keep it all” has picked up pace. The cost of wading through seas of non-relevant data for discovery continues to be a driver. Additionally, attorneys are beginning to see the cost and pain of keeping around unnecessary data more clearly. This clarity is comes about through other projects discussed in greater detail below.
Projects and events that typically bring these stakeholders to the same table include data destruction, data migration, and merger/acquisition/divestiture activities. Each of these topics can be discussed, blogged, and debated for days on end. This blog merely highlights some of the common issues and is written with an eye toward exposing opportunities for awareness and improvement.
Data Destruction: This is one of the more thorny topics. Because email is the most common business communication tool today as well as one of the most requested types of ESI in discovery, I will use it as an example here. The “keep it all” directive doesn’t cut it. Even if you have an archive and even though the cost of storage is decreasing (especially in the cloud), you simply cannot keep it all. Why? There are three core reasons: (1) The exponential growth of email communications requires the exponential growth of storage space (no matter the location or cost of that space) and the resources to manage it; (2) If your records management policy calls for destruction of “non-records” that have no business value, you are out of compliance; and (3) The cost and effort of collecting, processing, and reviewing non-relevant data in the discovery process is wasteful.
The topic of defensible deletion (data destruction) has been on the hot issues list of eDiscovery and information governance professionals for the last two years. eDJ’s 2013 Defensible Deletion Survey revealed that 96% of the 455 respondents believe that defensible deletion is necessary in order to manage growing volumes of digital information. The survey also revealed a large gap between those that believe defensible deletion is necessary and those actually taking action on deleting data. Although the gap exists, the conversation is continuing and is being pushed by exponential data growth. The time is now for organizations’ key stakeholders approach defensible deletion as a team.
Data Migration: This topic is challenging in that it oftentimes does not surface to all of the stakeholders until legal and policy issues are an afterthought. For purposes of example I will use a migration of unstructured data from file shares to SharePoint. There is no point in migrating data that has no value. In that sense, the logistical reasoning is the same as in a data destruction effort from the IT and Business – simply get rid of what you do not need to conduct business. However, it is easy for legal hold and compliance needs to be forgotten and move forward well below the radars of Legal, Records Management and/or Compliance (the former of whom may prefer to keep it all). One reason is that IT may not be sufficiently educated or aware of these requirements and/or the consequences for failure to comply. Another may be that IT is relying on individual employees (as they have been directed by Legal) to be aware of and alert them of their data subject to hold and policy requirements.
Corporate data migration projects, including those to the cloud, are on the rise and moving quickly. In our consulting practice we are seeing that IT groups are moving forward with migration projects before bringing legal and RIM into the loop. This demonstrates that organizations continue to struggle with appropriate stakeholder communication and timing.
Mergers, Acquisitions and Divestitures: It is challenging enough to work within the boundaries and culture of one organization, and even more so in MA&D activities where others are brought into the blend. The questions from Legal, Records Management and Compliance are generally the same in this arena: Do “they” have policies and procedures? If yes, how do they differ from ours and how do we merge or separate them? If no, how do we implement new? [Do we have/Whereis] the data, hardware and software, and of what does it consist? On the flip side of the coin, IT is under tremendous deadlines and integration issues that are dictated by needs of the business client, and the Business Client needs to continue conducting its business economically and efficiently.
At the end of the day, the question is how do you: (1) Hold data subject to legal preservation/compliance obligations, (2) Maintain official records in accordance with policy, and (3) Enable the business to do its business? There are solutions and there is a way. However, there is not one single approach. The best approach for your organization depends completely upon your organization. It all boils down to culture and communication. Technology and methodology can and will follow.
As to culture – work with it, not against it. Consider, for example, do covert or overt operations work best in your organization? Does the procession of ideas and impetus of change work best from the bottom to the top of the management chain, or from the top to the bottom? Perhaps both and where do they overlap?
As to communication – embrace your role. There may be a language barrier, but that does not have to be a negative. Attorneys are fabulous story-tellers and can articulate their needs and explain the law by way of orating and writing; IT professionals have an uncanny ability to depict technical issues in a visual manner and with facts; records and compliance professionals leave no detail unnoticed; the business is passionate about its mission and carrying it through to success economically and efficiently; and, finally, the translators are found in the middle bringing everything together utilizing leadership skills in the form of project managers, consultants and/or subject matter advisors.
Paving the path to success requires considering your corporate culture, appropriating the strengths of key stakeholders, and making the effort to seek understanding and to be understood.
I would like to hear readers’ thoughts and experiences on this topic and would encourage an open discussion. Please share your comments below.
The interest in coordination and cooperation among key corporate stakeholders is growing, but a good number of companies are still disorganized or in the early stages of making headway. Emerging technologies and trends in the workplace, such as social media and BYOD, are both pushing and complicating the issue. Please join me and three corporate panelists for our November 5, 2013, webinar on Mastering the Balancing Act, where we will discuss this topic in detail. Our panel of experts includes Maryanne Siek – Director, Records and Information Management at Freeport McMoran Copper & Gold, Kathie Slotter – Manager, Litigation Support at Southwestern Energy, and Garland Mitchell – Senior Manager, Technology at Southwest Airlines.