is dual qualified US Attorney and UK Solicitor specialising in information governance, with a focus on e-discovery and e-fraud. He is a professional member of AIIM and the Association of Certified Fraud Examiners (ACFE).
8 Things You Need to Know About Preservation of e-Documents for Litigation and Regulatory Investigations
As regulators and courts increasingly exercise their oversight powers, it can be expected that they will hold organisations accountable to explain the evaluations which underpin their ESI (Electronically Stored Information) preservation protocols.
The business impact of this heightened level of regulatory and judicial scrutiny is that enterprises which ignore the ESI preservation risks inherent in local and remote working, as well as the management of employee Web 2.0 communications do so at their peril. Since over 93% of enterprise records are electronic, and the volume and mix of data types is exploding, millions of electronic documents are now routinely collected from all locations where an organisation has custody, control or access to electronic documents – be it in London, Lima, or Timbuktu.
The dynamic nature of ESI means that critical documents can easily be overwritten, modified, destroyed, or corrupted during normal use. It does not matter whether this happens accidentally or maliciously. The result is the same – loss of potentially relevant evidence giving rise to probable criminal penalties, fines or court sanctions for spoliation.
The following tips may provide useful guidance.
1. Dig your well before you are thirsty.
The Chinese proverb “dig your well before you are thirsty” is particularly apt. Be proactive and establish a transparent, documented and defensible methodology for the preservation of ESI once a regulatory investigation or litigation is foreseeable. This process should be driven by senior stakeholders from legal, IT, records, and compliance.
2. Define your information management framework.
Implement an effective information management framework that ensures that records generated by the business are kept and destroyed in a legally compliant manner. This structure will generally provide a consistent methodology and the volume thresholds in which data is deleted, overwritten, or stored to off-line or back-up systems.
3. Preserve metadata.
The metadata associated with an electronic document can be just as important as the data in that document because it establishes the context in which the electronic content was created. The courts and regulators expect that the metadata associated with ESI will be kept intact.
4. Implement an IOA strategy.
Implement an information organisation and access (IOA) strategy as the essential cornerstone of the above procedures. AIIM runs an excellent program which can enhance an organisation’s ability to systematically create, implement, and administer a holistic information management and compliance strategy.
5. Constantly monitor custodian based-retention practices.
Employees tend to store data in the most convenient manner regardless of policy. Portable media or storage devices can now hold vast amounts of data which can exist at any given time only on that device. Along with Web 2.0 social networking platforms, they can be crucial in establishing relationships, timelines, and exceptions to hearsay objections. Remember that different functions handle data in different ways. For example, mahogany row executives often deploy private email systems that are known only to a handful of people. You must guard against the concealment of such potential sources of ESI.
6. Deploy archiving technology.
Deploy archiving technology that meets evolving data retention and preservation obligations, and don’t rely on backup tapes as an archive.
7. Centralize and consolidate preserved ESI.
Centralize and consolidate preserved ESI into one or just a small a number of repositories if your organisation is routinely involved in litigation or regulatory investigation, or once you anticipate any of these events. This will reduce the cost and disruption normally caused by the e-disclosure process.
8. Develop a transparent and consistent process for ingesting preserved ESI.
Develop a transparent and consistent process for ingesting preserved ESI back into an enterprise archive once the investigation or litigation is fully concluded.
-----
Might be worth checking out if you are interested in e-discovery...
AIIM Electronic Records Management Practitioner course
Recent Comments