1 eDiscovery and eRetention Management Andrew M. Cohen, Esq. AGC and Vice President, Compliance Solutions Customers Partners Employees Applications Infrastructure Information Volume and Complexity are Exploding Customers Partners Employees Applications Infrastructure Is Information an Asset or a Liability?
6
Embed
eDiscovery and eRetention Management · eDiscovery and eRetention Management Andrew M. Cohen, ... business, international • How ... • Top-down inventory of your information assets
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
• Classification Challenges � from junk to regulated/critical, statutory,
eDiscovery, business, international
• How well do existing processes work for e-content?
• What is/should be the role of individual users in classification?
eDiscovery and Policy-Based
Management of Information
• eDiscovery and records management
colliding
– Driven by huge costs and risks
– Changes to the Federal Rules of Civil
Procedure
• Business imperative to:
– Set simplified practical policies that can
be operationalized by IT
– Pro-actively manage information
– Bridge the gap between Legal, IT,
Compliance, and records management
– Establish repeatable cross-functional
business processes
Principles for Pro-active Information Management
• Top-down inventory of your information assets
• Prioritize: Identify areas of highest risk and concern
• Simplify existing retention policies; incorporate reasonable, repeatable, cross-functional business process for retention, disposition, and discovery
• Implement an enterprise information lifecycle management strategy broken into digestible pieces:
– Consider a “big buckets, then little buckets” strategy
– Build pro-active eDiscovery efficiencies into the IT infrastructure
– Separate backups from archive
• Continuous improvement
Pro-activeInformation Management
PolicyEnforcement
Content Classification
InformationInventory
3
Record classification and retention
• Non record content
– Short retention
– Enforced deletion
• Referential
– Modest retention
– Policy services
• Record
– Official business record
– Longer term retention
New Rules (Over) Simplified• Electronically Stored Information (ESI) is subject to production (the way it
is managed from cradle to grave will impact costs and risks of eDiscovery)
• There will be an early “meet and confer” that will drive (i) less risk and
greater transparency, (ii) more disputes over the scope and form of
discovery, and the cost of having to get outside attorneys up to speed
• Word “preserving” appears in the rules for the first time
• There is a need to understand the “sources” of ESI
• There is less obligation to produce “inaccessible” content, but you still may
have to hold it (which can be just as burdensome)
• There is a “safe harbor” for good faith inadvertent destruction of content,
but this is limited and this risk is likely best addressed through a good r/m
program, including a litigation hold process
• There will be some protection for inadvertent waiver of a/c/p materials
Potential ESI• Enterprise Email Server(s)
• Local Email stores (pst, etc.)
• Relational databases
– CRM
– Accounting / Financial Data
• Fileshares
• Content Management
• Instant Messaging
• Video and voice captures
• Backup / DR tapes
• Wikis & Blogs
• Legacy data
• User desktops
• CDs, DVDs
• PDAs / Wireless phones
• Flash drives
• Home offices
• Legacy / stray tapes
• Decommissioned servers
• Computer graveyard
• Stray drives
• Archives
4
The New Rules…
are causing companies to do what they knew
needed to be done all along – policy manage
information, classify it, treat it as an asset, and
then get rid of it when it has no further value
because the failure to do so has become risky and
expensive.
eDiscovery Challenges
Review
Notice/Trigger
Hold
Collect
Process
Produce
• Perfection can’t be achieved, so you
need a repeatable process
• Lack of control over information leads
to inefficiency and risk
Information Lifecycle Management, RM and eDiscovery
After:
Policy management, logical repositories
Before:
Duplication;little ability to enforce policy
Pro-activeInformation Management
PolicyEnforcement
Content Classification
InformationInventory
Produce
Notice
Hold
Auto Collect
Review
5
Email
Desktop Files
Collaborative Content
File Shares
EMC eDiscovery \ Retention Framework
Centralized Record Stores(official, departmental)
Email Archives
Policy Management• Centralized and In-Place• User mandatory thru zeroImpact automated models• Separation of backup from