Jump to content

Large Enterprise Business

Products & Services
Support & Drivers
Solutions

The legal risks of information management

 
Content starts here Keeping too much data increases legal risk. Find out why.

“The best way to both manage legal risks and lighten the electronic data load is to actively purge nonessential information.”

--Liane Komagome, Discovery Compliance Counsel, HP



Information management isn’t just an IT issue anymore—it’s a legal issue, too. Unfortunately, IT and legal don’t always see eye-to-eye, or even speak the same language, when it comes to data retention.

IT may assume a “keep it all” data retention program should take care of legal worries, but that’s not true. Even if you can retain every bit of business data, sifting through it for a lawsuit or government investigation is a monumental task.

Digital information is growing at an explosive rate. The Enterprise Strategy Group estimates that, in North America alone, more than 40 percent of large organizations collect more than 1 terabyte of log data each month, while 11 percent collect more than 10 terabytes of data each month (ESG Research Report, Security Management Matures).

As our addiction to ever-more information increases, so does the risk it poses to our businesses. Information critical to legal or regulatory compliance is hard to find—or lost altogether. And don't forget the storage costs of retaining nonessential data, or that more data means a longer, more complicated and expensive electronic records discovery effort.

That’s why it’s critical to develop a strategic archiving, or information management, program. Simply put, strategic archiving means keeping essential data while purging the extraneous. Strategic archiving can both reduce IT’s data load and mitigate your legal exposure.

In this interview, Liane Komagome, lead discovery and compliance counsel at HP, highlights the legal concerns of information management, bursts some myths and offers some best practices for developing a strategic archiving program.


Q. What is strategic archiving and information management? How is it different from traditional data storage and archival approaches?

A. Strategic archiving, or information management, is a structured process of selecting specific types of data and storing it in an accessible form.

You’re discerning very specifically which electronically stored information is valuable and worth retaining, while purging the rest. By valuable, I mean something that is really necessary to keep the business functioning or that will have critical impact on ongoing litigation or regulatory compliance.

Traditional data storage methods do not discriminate as to what kind of data is stored. It’s all dumped into the same bucket, so you have essential data being stored alongside nonessential data. The other important difference is that traditional data storage usually doesn’t account for future accessibility needs. You just sort of cross your fingers and hope you’ll never need it.


Q. Why do IT organizations need strategic archiving programs? What kinds of benefits does such a program deliver?

A. First, it’s important to understand the terms involved. In the legal sphere, there’s a difference between data and records. That’s why data retention isn’t necessarily record retention and vice versa.

Data retention typically involves the storage of large volumes of data, like backing up databases onto tapes or CDs. Usually, minimal effort is made to validate whether or not backup data completely and accurately reflects the original data.

Records retention, on the other hand, involves retention of certain kinds of documents tied to legal and regulatory requirements. Records preserve the details of actions or events to comply with laws or regulations. For example, any information necessary for an audit is considered a record. Records may also be defined as information that is essential to managing a business, like revenue or customer data.

All corporations are obligated to store records to meet legal and regulatory requirements. But in the event of litigation, whether you have a strategic archiving system in place or not, you’ll have to mine your databases for all documents and data relating to the dispute. If your data isn't stored systematically, nor is easily accessible, then your IT organization faces a difficult time retrieving it. And all of that nonessential data that was stored alongside your essential data will need to be reviewed by the legal team.

Having a strategic archiving system in place allows everyone in the organization, not just the IT folks, to access critical data to support ongoing business efforts or build a litigation defense.


Q. Is this what is known as e-discovery?

A. Yes. E-discovery is the process of identifying, preserving, collecting and providing electronic evidence relevant to a litigation dispute. Businesses face more and more e-discovery requests every day, not only due to litigation, but also due to third-party subpoena requests and governmental inquiries. And if they can’t quickly deliver the information demanded and validate that it was preserved in its original form, they could end up paying millions of dollars in fines.

How hard is it to find information without a strategic archiving program? Take e-mail for example. Worldwide in 2006, more than 87 billion e-mail messages were exchanged daily. Accessing the relevant e-mails among this much data is a huge task for any IT organization. And e-mail is only one example. Word processing documents, presentations, spreadsheets and other forms of digital media, even podcasts and blogs, can also be relevant in a litigation dispute.


Q. What are the components or best practices that comprise a strategic archiving program?

A. You first need buy-in from all your IT and business stakeholders. Effective data management requires participation across the entire organization. Begin with asking the business to clarify its goals and needs. Then have your legal and business unit leaders narrowly define essential data and encourage consensus on how long it should be kept. Once those two pieces are in place, you can take a leadership position in proposing a solution.

Second, you must have formal documentation dictating what data you can purge under your records retention policy. Knowing what you can legitimately and safely purge is just as important as identifying what you need to keep. You need a written policy in place that defines all the elements and specifies each step of the process. This allows you to train not just IT folks on the process, but business stakeholders and lawyers as well.

Finally, once you get your policies in place and implement your plan, you need to test it. This part is really important. Kick the tires and see if this process actually works. Continually evaluate your system, because factors may change. The volume of data may change. You may acquire a company and, as a result. introduce a new set of applications and data. You need to do an annual review of your strategic archiving process and tweak things as necessary to keep the system effective.


Q. What is HP’s solution for strategic archiving and how does it help?

A. HP Information Retention solutions mitigate business risk by providing rapid response to e-discovery requests. They also make frequent self regulation possible. By enabling businesses to archive all critical information and implement mandatory retention policies, these solutions reduce the cost of compliance. And they protect individual rights by governing archive access during audits and formalizing data destruction processes.


  Your feedback is important to us. Was this article useful/informative?  
   
   Not at all(1) Neutral(3) Definitely(5)