Close
Enter your
text here

Information Governance

Preparing for Litigation Before it Happens: eDiscovery Best Practices, Part Three

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including eDiscovery and the GDPR: Ready or Not, Here it Comes (which we covered as a webcast), Understanding eDiscovery in Criminal Cases (which we also covered as a webcast), ALSP – Not Just Your Daddy’s LPO, Why Is TAR Like a Bag of M&M’s?, eDiscovery for the Rest of Us (which we also covered as a webcast) and Litigate or Settle? Info You Need to Make Case Decisions (which is our next scheduled webcast on August 29th).  Now, Tom has written another terrific overview regarding pre-litigation considerations titled Preparing for Litigation Before it Happens that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into seven(!) parts, so we’ll cover each part separately.  Part one was published on Monday and part two was published on Wednesday.  Here’s the third part.

BTW, in addition to exhibiting at ILTACON in National Harbor, MD later this month in booth 936, CloudNine will also host a happy hour on Tuesday, August 21 from 4:30 to 6:30pm ET at the National Harbor’s Public House (click here to register).  Come and get to know CloudNine, your provider for LAW PreDiscovery®, Concordance® and the CloudNine™ SaaS platform!  We want to see you!

General Principles for Information Governance

Assuming a company wanted to begin an IG initiative, are there any general principles to follow? The leading organization in this area is ARMA. Originally, ARMA was the acronym for the Association of Records Managers and Administrators. Over the years, the board of directors realized that records management had become a recognized and integral part of information governance, which is key to doing business. To reflect this change, they decided to discontinue using ARMA as an acronym and adopted “ARMA International” as a general descriptor of the association.

ARMA has 7 core principles it believes are the basis for any IG strategy. These Generally Accepted Recordkeeping Principles® (Principles) constitute a generally accepted global standard that identifies the critical hallmarks and a high-level framework of good practices for information governance – defined by ARMA International as a “strategic, cross-disciplinary framework composed of standards, processes, roles, and metrics that hold organizations and individuals accountable for the proper handling of information assets. Information governance helps organizations achieve business objectives, facilitates compliance with external requirements, and minimizes risk posed by sub-standard information-handling practices. Note: Information management is an essential building block of an information governance program.”

Published by ARMA International in 2009 and updated in 2017, the Principles are grounded in practical experience and based on extensive consideration and analysis of legal doctrine and information theory. They are meant to provide organizations with a standard of conduct for governing information and guidelines by which to judge that conduct and are, in fact, all contained with the eithht HIMA principles mentioned above.

Principle of Accountability: A senior executive (or a person of comparable authority) shall oversee the information governance program and delegate responsibility for information management to appropriate individuals.

Principle of Transparency: An organization’s business processes and activities, including its information governance program, shall be documented in an open and verifiable manner, and that documentation shall be available to all personnel and appropriate, interested parties.

Principle of Integrity: An information governance program shall be constructed so the information assets generated by or managed for the organization have a reasonable guarantee of authenticity and reliability.

Principle of Protection: An information governance program shall be constructed to ensure an appropriate level of protection to information assets that are private, confidential, privileged, secret, classified, essential to business continuity, or that otherwise require protection.

Principle of Compliance: An information governance program shall be constructed to comply with applicable laws, other binding authorities, and the organization’s policies. Principle of Availability: An organization shall maintain its information assets in a manner that ensures their timely, efficient, and accurate retrieval.

Principle of Retention: An organization shall maintain its information assets for an appropriate time, taking into account its legal, regulatory, fiscal, operational, and historical requirements.

Principle of Disposition: An organization shall provide secure and appropriate disposition for information assets no longer required to be maintained, in compliance with applicable laws and the organization’s policies.

We’ll publish Part 4 – Who Uses Information Governance? – next Monday.

So, what do you think?  Does your organization have a plan for preparing for litigation before it happens?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

The Sedona Conference Has Created New Principles on Defensible Disposition: eDiscovery Best Practices

It’s timely that we are currently running Tom O’Connor’s paper on Information Governance (first two parts here and here, more to come tomorrow and next week) because The Sedona Conference® (TSC) has just published a paper on defensible disposition, which is a significant component of any good Information Governance program.

On Tuesday, TSC and its Working Group 1 on Electronic Document Retention & Production (WG1) announced the publication of the Public Comment Version of The Sedona Conference Principles and Commentary on Defensible Disposition. While updating the 2014 Commentary on Information Governance, WG1 recognized there was a need to provide guidance to organizations and counsel on the adequate and proper disposition of information that is no longer subject to a legal hold and has exceeded the applicable legal, regulatory, and business retention requirements.

The Commentary is introduced by reciting Principle 6 of The Sedona Conference Commentary on Information Governance, which provides the following guidance to organizations:

The effective, timely, and consistent disposal of physical and electronic information that no longer needs to be retained should be a core component of any Information Governance program.

Despite this advice, and similar advice from other sources, many organizations continue to struggle with making and executing effective disposition decisions. That struggle is often caused by many factors, including the incorrect belief that organizations will be forced to “defend” their disposition actions if they later become involved in litigation.

As a result, this Commentary attempts to address these three factors and provide guidance to organizations, and the professionals who counsel organizations, on developing and implementing an effective disposition program.  As is the case with any “Principles” guide from the TSC, the core of this guide are its three principles, as follows:

  • PRINCIPLE 1. Absent a legal retention or preservation obligation, organizations may dispose of their information.
  • PRINCIPLE 2. When designing and implementing an information disposition program, organizations should identify and manage the risks of over-retention.
  • PRINCIPLE 3. Disposition should be based on Information Governance policies that reflect and harmonize with an organization’s information, technological capabilities, and objectives.

Each principle includes two or more “comments” that provide additional guidance regarding defensible disposition best practices (you could call them “sub-principles”) and the guide concludes with a section on “Information Disposition Challenges” which addresses considerations such as unstructured information, mergers and acquisitions, departed, separated or former employees (here’s a blog post we did covering that subject), shared file sites, personally identifiable information (“PII”), regulations, cultural change and training and parties such as law firms, eDiscovery vendors (who us?), adversaries, in-house legal departments and data “hoarders” (you know who you are).

The Commentary weighs in at a tidy 34 page PDF file, so it’s an easy read.

The Sedona Conference Principles and Commentary on Defensible Disposition is open for public comment through October 10, 2018. As always, questions and comments regarding the Commentary may be sent to comments@sedonaconference.org and the drafting team will carefully consider all comments received and determine what edits are appropriate for the final version.  You can download a free copy here.

So, what do you think?  Does your organization struggle with defensible disposition of information?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Preparing for Litigation Before it Happens: eDiscovery Best Practices, Part Two

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including eDiscovery and the GDPR: Ready or Not, Here it Comes (which we covered as a webcast), Understanding eDiscovery in Criminal Cases (which we also covered as a webcast), ALSP – Not Just Your Daddy’s LPO, Why Is TAR Like a Bag of M&M’s?, eDiscovery for the Rest of Us (which we also covered as a webcast) and Litigate or Settle? Info You Need to Make Case Decisions (which is our next scheduled webcast on August 29th).  Now, Tom has written another terrific overview regarding pre-litigation considerations titled Preparing for Litigation Before it Happens that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into seven(!) parts, so we’ll cover each part separately.  Part one was published on Monday.  Here’s the second part.

BTW, in addition to exhibiting at ILTACON in National Harbor, MD later this month in booth 936, CloudNine will also host a happy hour on Tuesday, August 21 from 4:30 to 6:30pm ET at the National Harbor’s Public House (click here to register).  Come and get to know CloudNine, your provider for LAW PreDiscovery®, Concordance® and the CloudNine™ SaaS platform!  We want to see you!

What is Information Governance?

The most basic explanation, and one I have used for years, is that IG is the flip side of the ED coin. But before we define it, let’s take a look at what it is NOT.

Much like other discussions in other areas of eDiscovery, IG is not a product. It is, rather, a process that may incorporate several products depending upon the business type and their workflow.

Since IG is not a product, then it clearly cannot be a DMS.  Yet the most common response I received when I asked someone if they had an IG solution was, “yes, we use iManage/NetDocuments/Worldox”. A simple IG solution may include a Document Management System (DMS) product but the DMS itself is designed for the organization and search of only certain types of documents. It may have limitations on document types it can work with and almost always has a document size limit. Craig Bayer, the principal of legal document management firm Optiable, put it best when he said to me that “A DMS is not an enterprise data organization solution.”

And as a side note, for these same reasons and several others, the most important reason being that a DMS will change metadata when documents from outside the DMS are imported into it, a DMS is also not a good eDiscovery tool.  Again, it can be part of the ED workflow process but typically at the front end of that process. Thanks to Paul Unger, managing partner of the Columbus Ohio office of the Affinity Consulting Group for this tip.

So, now that we’ve discussed what is not IG, let’s talk about what it is.

IG, or as it’s also known data governance, is basically a set of rules and policies that have to do with a company’s data. These rules and policies can cover issues such as:

  • Security
  • Privacy
  • Data access
  • Data storage & maintenance
  • Data backup and/or disposal
  • Accountability for employees handling data

But the benefits of data governance don’t stop there. It can also help with:

  • Preventing isolated unregulated data storage
  • Making data accessible across the enterprise
  • Providing accurate, consistent data
  • Ensuring compliance with laws and regulations that govern data, such as the Sarbanes-Oxley Actor HIPAA

IG will also almost always involve some form of unstructured data, that is, information that either is not in a fielded form in databases or is annotated or otherwise semantically tagged in documents. Unstructured data is typically text-heavy but may contain other data such as dates and numbers. A 1998 Merrill Lynch study cited a rule of thumb that somewhere around 80-90% of all potentially usable business information may originate in unstructured form and this figure is still generally accepted as valid.

IG will always be proactive in dealing with corporate data, unlike eDiscovery which is reactive in nature But, because “data” can refer to so many different items, from email and word processing documents to A/V files and unique file types such as CAD drawing or x-rays, is it possible to have standardized best practices for all types of data usage or it is most likely that rules will be built for different business types?

In fact, different IG rules do exist for different professions and industries and some have their own data management tools. Examples include:

  • Health
  • Education
  • Business
  • Nursing
  • Manufacturing
  • Non-Profits

Other IG rules may spring up because they are imposed by entities outside the business. From something as simple as a statute of limitations to general records retention statutes or industry specific regulations and even statutory controls in areas such as privacy, external pressures on a company may force a need for a cohesive IG policy.

We’ll publish Part 3 – General Principles for Information Governance – on Friday.

So, what do you think?  Does your organization have a plan for preparing for litigation before it happens?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Preparing for Litigation Before it Happens: eDiscovery Best Practices

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including eDiscovery and the GDPR: Ready or Not, Here it Comes (which we covered as a webcast), Understanding eDiscovery in Criminal Cases (which we also covered as a webcast), ALSP – Not Just Your Daddy’s LPO, Why Is TAR Like a Bag of M&M’s?, eDiscovery for the Rest of Us (which we also covered as a webcast) and Litigate or Settle? Info You Need to Make Case Decisions (which is our next scheduled webcast on August 29th).  Now, Tom has written another terrific overview regarding pre-litigation considerations titled Preparing for Litigation Before it Happens that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into seven(!) parts, so we’ll cover each part separately.  Here’s the first part.

BTW, in addition to exhibiting at ILTACON in National Harbor, MD later this month in booth 936, CloudNine will also host a happy hour on Tuesday, August 21 from 4:30 to 6:30pm ET at the National Harbor’s Public House (click here to register).  Come and get to know CloudNine, your provider for LAW PreDiscovery®, Concordance® and the CloudNine™ SaaS platform!  We want to see you!

Introduction

Information Governance (IG) has always been part of the eDiscovery landscape but not always a large part. Although it appears on one of the first Electronic Discovery Reference Model (EDRM) charts it was not discussed in any of the standards models and was typically not included in any detailed EDRM discussion.  Here is the early EDRM model chart from 2009 that became the initial standard – note how it wasn’t even called “Information Governance” back then, it was called “Information Management”.

IG was originally important for reducing the population of potentially responsive electronically stored information (ESI) that might be subject to litigation by helping organizations adopt best practices for keeping their information “house in order”.  But now with an increased concentration on the two-fold concerns of privacy and security, IG has become more important.  Good IG best practices and technologies can allow organizations to conduct data discovery on their organizations data, keep it secure, protect privacy and help lower potential litigation costs by archiving or disposing of records in a repeatable defensible manner.

We’ll explore the implementation of Information Governance best practices to help organizations better prepare for litigation before it happens, as follows:

  1. What is Information Governance?
  2. General Principles for Information Governance
  3. Who Uses Information Governance?
  4. Basic Information Governance Solutions
  5. One Reason Why Information Governance is Not More Popular
  6. Concluding Remarks

We’ll publish Part 2 – What is Information Governance? – on Wednesday.

So, what do you think?  Does your organization have a plan for preparing for litigation before it happens?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Unsure About How to Map Your Data for GDPR? Here are Several Templates to Get Started: Data Privacy Best Practices

Now that Europe’s General Data Protection Regulation (GDPR) is in effect, all organizations out there have a good handle on all of their data, including which personally identifiable information (PII) they handle for European data subjects out there and clear policies for how they ensure protection of that PII.  Right?  OK, maybe not.  If your organization is still scrambling to comply with GDPR and still trying to get a handle on the data you’re managing and the flow of that data, here is a site with several templates to help you get started in that process.

The site Demplates has templates for all sorts of things, including SWOT analysis templates (we wrote about the benefits of a SWOT analysis here), Certificates of Appreciation for employees, even Pest Control Service Agreements.  A couple of months ago (on my birthday, no less), the site posted GDPR Data Mapping Template: 10+ Print-Ready Templates, with several useful templates to help organizations create data maps, data flow diagrams, GDPR Data Processing Notices, privacy policy and data protection policy statements, data protection impact assessments and data audits.  The template documents are in different formats, including Excel, Word and Visio.  Here are pictures of a couple of examples:

With the challenges these days stemming from the growth of big data, data mapping is not only a good organization practice to not only help get a handle on your organization’s big data, but also to document your organization’s handling of PII and compliance with GDPR on the handling of PII.  Tom O’Connor and I talked about the importance of data mapping in our webcast on GDPR back in February (you can check it out here).  Data mapping supports in compliance and adherence to critical GDPR factors such as:

  • Maintenance of the data lifecycle;
  • Documentation that records are kept in adherence to the rules of GDPR to submit to the regulatory and supervising authorities;
  • Maintaining Accountability of the data for the full data lifecycle;
  • Evidence for the organization that the data is protected in its full cycle.

If you’re still scrambling to comply with GDPR, perhaps one or more of these templates can help you document your compliance or help you discover one or more areas where you may be deficient in your compliance.

So, what do you think?  Is your organization still trying to comply with GDPR?  Does your organization have an organization data map?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

According to the IGI, Information Governance Continues To Gain Traction: Information Governance Trends

Last week, the Information Governance Initiative (IGI) released Volume III of their State of Information Governance Report – the third (annual) edition of the Report, which is based on “extensive” surveying of Information Governance (IG) practitioners and providers.  So, is Information Governance gaining traction in organizations? (Well, duh, I gave the answer away in the title of this post, didn’t I?)  :o)

I couldn’t find a total number of respondents mentioned in the report, but it does note that the survey “reached an estimated audience of approximately 100,000 practitioners through our network and those of our partners and Supporters” and that “the majority of respondents came from our own community of IG practitioners.”  For what it’s worth.

Regardless, the report contains several findings, including these highlights:

  • Only 2 percent of respondents have never undertaken an IG project. When compared to last year, the number of respondents reporting they have never undertaken an Information Governance project fell by a dramatic 90 percent.
  • There was a 41 percent rise in the number of professionals who say the IG market is clearly identified, with just over a third of respondents (7 percent) agreeing or strongly agreeing that the IG market is clearly defined.
  • There was also a 26 percent rise in the number of organizations with an IG Steering Committee (to 46 percent) and a 41 percent rise in the number of IG leaders with “Information Governance” in their title (to 52 percent).
  • More organizations are also realizing more business value from their data with those extracting value from data rising from 16 percent last year to 46 percent this year.
  • Integration between IG and cybersecurity programs is accelerating, with 48 percent of respondents agreeing that IG is essential to strong cybersecurity.
  • This year, only 4 percent of respondents reported having no active IG projects – a 64 percent drop from last year. However, according to the respondents, the main barrier to IG progress remains a lack of organizational awareness, so there’s still work to be done.

The report cites a couple of factors as driving greater emphasis on information governance: the Equifax breach, which affected 143 million American citizens and new legal and regulatory developments, like the EU’s General Data Protection Regulation (GDPR).  Regarding GDPR in particular, the report states:

“GDPR asks organizations to zero in on the reasons they store data in the first place. Without consent and justifiable reasons for storing the data, organizations are required to delete it. It is a refocus from an attitude of ‘If in doubt, keep’ to one of ‘If in doubt, delete’. Facing a drive for better governance and defensible deletion across at least a subset of their data, organizations are now beginning to more loudly ask those questions that high-profile data disasters raise: Why does this information exist? Why are we holding on to it? What value does it have, and what kind of risk does it represent?”

Needless to say, GDPR will be a major driver in adoption of information governance.

The report is contained within a 63 page PDF, full of detailed information regarding the state of information governance today, but it also includes a two page state of the industry report “quick read” with some of the key findings on pages 3 and 4 (if you want to hit the highlights quickly).  To download a copy of the report, click here (requires an IGI profile to be set up, which is free).

So, what do you think?  Are you surprised by any of these results?  Does your organization have any active IG projects?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Tending Your Garden: Why Information Governance Should be an Ongoing Process in Your Organization: eDiscovery Best Practices

Editor’s Note: Jim Gill’s writing about eDiscovery and Data Management has been twice recognized with JD Supra Reader’s Choice Awards and he holds an MFA in Creative Writing from Southern Illinois University, Carbondale.  Before working in eDiscovery, Jim taught college writing at a number of institutions and his creative work has been published in numerous national literary journals, as well as being nominated for a Pushcart Prize.

Jim’s post below highlights the importance of a strong information governance program and how creation of a data map can be a key component to that IG program.  Complying with the management requirements of personal data in Europe’s impending General Data Protection Regulation (GDPR) will make information governance even more of a priority than ever as Tom O’Connor and I discussed in last week’s webcast.

Just south of San Francisco lies the Filoli mansion, built in 1916 for the Bourn family, and then sold to the Roth family in the 1930s. During that time, the formal gardens gained worldwide renown, and in 1975, the family donated the house and gardens to the National Trust for Historic Preservation.

This month, I was visiting a friend who is the head of horticulture there and was asking about the seasonal planning of the garden and if they use landscape maps, or if it’s up to the garden managers to decide what to plant and maintain. The answer, as most answers tend to be, involved a little of both. But he told me that they no longer had access to a lot of the maps, because they had recently upgraded their computers, and the new machines couldn’t read the old files.

“Did you switch from Mac to PC?” I asked.

“No, we just went with the latest Macs, but they can’t read the old Apple files.”

As computing has shifted more to mobile-based platforms, the issue of legacy document accessibility comes along with that shift. Certainly, it’s nothing new, as system updates with both hardware and software have become increasingly frequent over the last 20 years. But often there was a built-in reverse compatibility – the newest machines could read older software versions but not the other way around.

To add even more complexity, Apple has so far made the decision to keep its mobile iOS platform separate from its desktop/laptop OS. In an article in Time, written in December 2016 by Tim Bajarin, he states, “Keeping two separate operating systems makes sense for Apple, enabling the company to offer a more basic and approachable OS for mobile users, with more powerful software for pro buyers.” But he continues with his belief that “both everyday consumers and business users will embrace so-called “2-in-1” computers, which can function as both a tablet and a laptop-with-keyboard.”

When I asked my friend what Filoli was planning to do about the old maps, he simply smiled and said, “we’re not exactly sure yet.” Mainly, they’d just started creating new maps using the new programs, which at a small organization like his, will probably work just fine.

But it raises some interesting considerations when thinking about information governance and eDiscovery policy in a larger corporate setting.

First, in the same way that the Filoli gardeners used maps to understand the property’s landscape, organizations should create data maps in order to learn the same about their data landscape. What types of data are being stored, where is it stored, when was it created, and in the case of hardware and software updates, will there be compatibility issues.

Second, once a data map is created, policies should be created surrounding retention and storage. If you have older files that can’t be opened, one should question whether it’s even necessary to keep it around. Because storage is moving to the cloud and is becoming more and more affordable, many find it easier to simply just keep everything. But this can lead to issues down the road should litigation arise.

Finally, hardware and system updates are a great time to bring your organization’s data management program up to speed. Before moving old files over into a new system (such as Office 365), it could be beneficial, especially in the long term, to clean house before moving. However, this can be easy to put off, it takes extra time and effort, and if you’re in the middle of a move, being proactive about defensible deletion isn’t often top of mind. It’s the same reason why after you move into a new house and start unpacking boxes, you’re often left shaking your head and thinking, why did I bring this?

Even if you’re not planning to upgrade hardware or software platforms anytime soon, it is inevitable that your organization will do so. And in this day and age, the space between upgrades continues to grow narrower all the time. It may be a good idea to use the “off time” to begin the process of creating a data map, as well as information governance policies and contingencies, so that when the day comes for that upgrade, you won’t have to recreate some things from scratch, while still feeling compelled to carry around the outdated and inaccessible files.

So, what do you think?  Does your organization have a data map that is periodically updated?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Befuddled by BYOD? The Sedona Conference Has a New Set of Principles to Guide You: eDiscovery Best Practices

Many organizations are permitting (or even encouraging) their employees to use their own personal devices to access, create, and manage company related information – a practice commonly referred to as Bring Your Own Device (BYOD).  But, how can those organizations effectively manage those BYOD devices to meet their discovery obligations?  To help with that issue, The Sedona Conference® (TSC) has published an initial Public Comment Version of a Commentary to help.

In late January, TSC and its Working Group 1 on Electronic Document Retention and Production (WG1) rolled out the Public Comment version of its Commentary on BYOD: Principles and Guidance for Developing Policies and Meeting Discovery Obligations.  The Commentary is designed to help organizations develop and implement workable – and legally defensible – BYOD policies and practices. This Commentary also addresses how creating and storing an organization’s information on devices owned by employees impacts the organization’s discovery obligations.  It focuses specifically to mobile devices that employees “bring” to the workplace (not on other “BYO” type programs) and does not specifically address programs where the employer provides the mobile device.

The Commentary begins with five principles related to the use of BYOD programs and continues with commentary for each.  Here are the five principles:

  • Principle 1: Organizations should consider their business needs and objectives, their legal rights and obligations, and the rights and expectations of their employees when deciding whether to allow, or even require, BYOD.
  • Principle 2: An organization’s BYOD program should help achieve its business objectives while also protecting both business and personal information from unauthorized access, disclosure, and use.
  • Principle 3: Employee-owned devices that contain unique, relevant ESI should be considered sources for discovery.
  • Principle 4: An organization’s BYOD policy and practices should minimize the storage of––and facilitate the preservation and collection of––unique, relevant ESI from BYOD devices.
  • Principle 5: Employee-owned devices that do not contain unique, relevant ESI need not be considered sources for discovery.

The Commentary weighs in at a tidy 40 page PDF file, which includes a couple of appendices.  So, it’s a fairly light read, at least by TSC standards.  :o)

TSC is encouraging public comment on the Commentary on BYOD, which can be downloaded free from their website here (whether you’re a TSC member or not). They encourage Working Group Series members and others to spread the word and share the link (you’re welcome!) so they can get comments in before the public comment period closes on March 26. Questions and comments may be sent to comments@sedonaconference.org.  So, you have a chance to be heard!

Speaking of mobile devices, I’m excited to be speaking this year for the first time at the University of Florida Law E-Discovery Conference on March 29.  I’m on a panel discussion in a session titled Getting Critical Information From The Tough Locations – Cloud, IOT, Social Media, And Smartphones! with Craig Ball, Kelly Twigger, and with The Honorable Amanda Arnold Sansone, Magistrate Judge in Florida, moderating.  As always, the conference will be conducted in Gainesville, FL (as well as being livestreamed), with CLE-accredited sessions all day from 8am to 5:30pm ET, with an all-star collection of speakers.  I’ll have more to say about the conference as we get closer to it.  Click here to register!

So, what do you think?  Does your organization have a BYOD policy?  Please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

ESI, ROT, and LBJ – Thoughts on Data Management While Visiting the Lyndon Johnson Presidential Library: eDiscovery Trends

Editor’s Note: If you love to read blogs about eDiscovery, you’ve undoubtedly read posts and articles by Jim Gill.  So, we’re excited to have Jim providing some guest posts for eDiscovery Daily!  Jim’s writing about eDiscovery and Data Management has been twice recognized with JD Supra Reader’s Choice Awards and he holds an MFA in Creative Writing from Southern Illinois University, Carbondale.  Before working in eDiscovery, Jim taught college writing at a number of institutions and his creative work has been published in numerous national literary journals, as well as being nominated for a Pushcart Prize.

Jim’s post below highlights the importance of information governance and the need for data discovery to manage increasing volumes of data (as we discussed during this webcast last month).  For more information on how CloudNine helps organizations with data discovery, contact us at info@cloudnine.com.

But first, this week’s eDiscovery Tech Tip of the Week is about Issuing a Timely Legal Hold.  Without a doubt, the most frequent type of case we’ve covered on the eDiscovery Daily blog has had to do with sanctions for spoliation of ESI.  Often, the risk of spoliation of ESI can be minimized simply by issuing a properly documented legal hold, which can go a long way in showing due diligence efforts to meet your duty to preserve.  It’s also important to understand that the duty to preserve begins when there is a reasonable expectation of litigation, which can sometimes be well before a case is actually filed.  For example, if a terminated employee (who feels that he or she was wrongly terminated) says something like “I’m going to sue you, you’ll be hearing from my lawyer”, your duty to preserve responsive ESI related to their employment and termination may begin then, not when the case is actually filed.  Here’s a famous example of a case where a company failed to meet its duty to preserve.

The good news is that the process of issuing a legal hold today can be largely automated.  To see an example of how Issuing a Legal Hold is conducted using our CloudNine platform, click here (requires BrightTalk account, which is free).

—————————————————

A few weeks ago, I took a road trip from Oregon to Austin, Texas as a way to ring in the new year. A friend met me there, and one of the things we’d hoped to do (besides listen to a lot of live music) was visit the LBJ Presidential Library housed at the University of Texas campus. As the man at the information desk said with a smile, “In Texas, we like to do things a little bigger and a little better,” before explaining that the other presidential libraries keep all the documents created during a presidency, but with Lyndon Johnson, the library contains not only documents from his presidency, but from his entire time in public service.

From the 4th floor mezzanine, you can see the upper floors of the library through glass — Five through Nine contain Johnson’s documents — five floors of paper documents, that may be historically significant and valuable to researchers. The library houses more than 45 million pages, including an extensive audiovisual collection and more than 650,000 photos and 5,000 hours of recordings.  Which made me think of the state of data creation, management, storage, and security in the corporate world today.

We’ve all read various stats on the exponential growth of Electronically Stored Information (ESI), that basically more data is created every two years than all of the data created up to that point in history. It’s a daunting notion. Which means corporations and other organizations need to get serious about data management.

From a legal standpoint, attorneys tend to be very risk averse, and in the name of defensibility, tend to take on a “save everything” approach to data. And a few years ago, this may have been the best approach. But now, with more secure cloud-based information governance and eDiscovery solutions, companies can quickly map and analyze their data landscape and decide what is absolutely necessary to keep, and what can be deleted without affecting defensibility should litigation arise.

In 2016, a study by Veritas found that as much as 85% of ESI is Redundant, Obsolete, or Trivial (ROT). If you think of the image of the five floors of documents at the Johnson Library, that means four of those floors (and part of the fifth) would be filled with duplicates, things that didn’t relate to Johnson’s tenure as a public servant, or grocery lists scribbled on napkins. A Fortune 500 company in 2018 might create five floors worth of data every year (or more!), most of it ROT.

The consequences of poor data management are wide ranging: storage costs; security risks should there be a data leak; eDiscovery costs, particularly surrounding collection and review; etc. Which is why automating and integrating both data discovery and analysis with eDiscovery tools is vital for any organization so that the concerns of all stakeholders (Legal, IT, and Business Units) are covered.

So, unless you’re a presidential library, whose sole purpose is to keep everything, it might be time to consider the state of your organization’s data and move toward a more secure, defensible, and cost-effective approach.

So, what do you think?  How does your organization keep ROT at bay?  Please share any comments you might have with us or let us know if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.

Here are Some More Up to Date Fun Facts on Big Data: eDiscovery Trends

For many of the webcasts that we’ve conducted at CloudNine this year, we’ve noted several big data fun facts that illustrate the challenges that many organizations face in managing increasing volumes of data.  But several of those facts are three years old.  So, we thought it would be fun to take a look at some more up to date facts about big data that you can share with your family at your annual Thanksgiving gathering!

It was just a little over three years ago that we shared these fun facts with you, courtesy of Bernard Marr.  Here are some of my favorite facts from that article back then:

  • Every 2 days we create as much information as we did from the beginning of time until 2003;
  • Over 90% of all the data in the world was created in the past 2 years;
  • The total amount of data being captured and stored by industry doubles every 1.2 years;
  • And, my favorite one – If you burned all of the data created in just one day onto DVDs, you could stack them on top of each other and reach the moon – twice.

Here are some of the more recent facts, again from Bernard Marr.  They may be dated April 2016 (OK, they’re not completely up to date), but they’re still interesting:

As always, we’ve provided the links to enable you to check out the source of each interesting big data stat.  One thing is certain about the growth of big data in the world today – the extent to which it’s growing will continue to be amazing!

So, what do you think?  What is your organization doing to combat increasing volumes of data?  Please share any comments you might have or if you’d like to know more about a particular topic.

Image Copyright © Dilbert.com

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.