eDiscovery Daily Blog

EDRM Updates Privacy & Security Risk Reduction Model – eDiscovery Best Practices

The Electronic Discovery Reference Model (EDRM) continues to pile up the accomplishments. In addition to announcing a transition to nonprofit status by May 2014, since the May annual meeting, several EDRM projects (Metrics, Jobs, Data Set and the new Native Files project) have already announced new deliverables and/or requested feedback and EDRM also published new Collection Standards for collecting electronically stored information (ESI).  Now, EDRM is making updates to earlier accomplishments from just five months ago.

As they announced last week, EDRM announced the reintroduction and refinement of its Privacy & Security Risk Reduction Model (PSRRM). Initially introduced last September by EDRM’s Data Set group (and covered on this blog here), the model provides a process for reducing the volume of private, protected and risky data by using a series of steps applied in sequence as part of the information management, identification, preservation and collection phases of the Electronic Discovery Reference Model.

The PSRRM model is used prior to producing or exporting data containing risky information such as privileged or proprietary information. The middle steps are cyclical and are repeated until the amount of private material is reduced to a desirable amount. The private data is finally quarantined in the final step before the remaining information is produced.

Recent high profile data breaches at Target and Neiman Marcus are prime examples to illustrate that high risk data can cause significant trouble and exposure for organizations today.  As their press release notes, EDRM has revised the PSRRM to include industry feedback and real-world experiences using the model in data remediation and eDiscovery projects to help companies address this exposure in an organized and systematic manner.

The current resource page for the PSRRM model is located here.

So, what do you think?  How do you handle security of your organization’s sensitive data?  Please share any comments you might have or if you’d like to know more about a particular topic.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine Discovery. eDiscoveryDaily is made available by CloudNine Discovery solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscoveryDaily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.