As regulators and courts increasingly exercise their oversight powers, it can be expected that they will hold organizations accountable to explain the evaluations which underpin their ESI (Electronically Stored Information) preservation protocols.
The business impact of this heightened level of regulatory and judicial scrutiny is that enterprises that ignore the ESI preservation risks inherent in local and remote working, as well as the management of employee Web 2.0 communications, do so at their peril. Since over 93% of enterprise records are electronic, and the volume and mix of data types are exploding, millions of electronic documents are now routinely collected from all locations where an organization has custody, control, or access to electronic documents – be it in London, Lima, or Timbuktu.
The dynamic nature of ESI means that critical documents can easily be overwritten, modified, destroyed, or corrupted during normal use. It does not matter whether this happens accidentally or maliciously. The result is the same – loss of potentially relevant evidence giving rise to probable criminal penalties, fines, or court sanctions for spoliation.
The following tips may provide useful guidance:
Dig your well before you are thirsty.
The Chinese proverb “dig your well before you are thirsty” is particularly apt. Be proactive and establish a transparent, documented, and defensible methodology for the preservation of ESI once a regulatory investigation or litigation is foreseeable. This process should be driven by senior stakeholders from legal, IT, records, and compliance.
Define your information management framework.
Implement an effective information management framework that ensures that records generated by the business are kept and destroyed in a legally compliant manner. This structure will generally provide a consistent methodology and the volume thresholds in which data is deleted, overwritten, or stored to off-line or back-up systems.
Preserve metadata.
The metadata associated with an electronic document can be just as important as the data in that document because it establishes the context in which the electronic content was created. The courts and regulators expect that the metadata associated with ESI will be kept intact.
Implement an IOA strategy.
Implement an information organization and access (IOA) strategy as the essential cornerstone of the above procedures. Your organization’s ability to systematically create, implement, and administer a holistic information management and compliance strategy is critical.
Constantly monitor custodian based-retention practices.
Employees tend to store data in the most convenient manner, regardless of policy. Portable media or storage devices can now hold vast amounts of data, which can exist at any given time only on that device. Along with Web 2.0 social networking platforms, they can be crucial in establishing relationships, timelines, and exceptions to hearsay objections. Remember that different functions handle data in different ways. For example, mahogany row executives often deploy private email systems that are known only to a handful of people. You must guard against the concealment of such potential sources of ESI.
Deploy archiving technology.
Deploy archiving technology that meets evolving data retention and preservation obligations, and don’t rely on backup tapes as an archive.
Centralize and consolidate preserved ESI.
Centralize and consolidate preserved ESI into one or just a small number of repositories if your organization is routinely involved in litigation or regulatory investigation or as soon as you anticipate any of these events. This will reduce the cost and disruption normally caused by the e-disclosure process.
Develop a transparent and consistent process for ingesting preserved ESI.
Develop a transparent and consistent process for ingesting preserved ESI back into an enterprise archive once the investigation or litigation is fully concluded.