Your garage: it’s the perfect place to tuck away stuff that you don’t currently need but can’t part with just yet. Unfortunately, by the time you need something stashed in there, it’s buried under a mound of other junk, and you don’t know where to begin to look for it.
Unfortunately, many organizations treat their electronically stored information (ESI) much the same way: it’s easier to allow e-mails and other electronic files to pile up instead of taking the time to purge valueless items and extract the most value from the remainder.
The risks associated with this approach are myriad, thanks to the “rule of three,” which means that all live data is backed up in at least two places. Not only does additional data mean more storage expense, but it also means that the cost of finding data rises exponentially. Moreover, the redundancy multiplies the risks associated with storing personally identifiable information and other confidential data, such as trade secrets.
However, a proactive information governance (IG) program offers organizations numerous benefits. For example, an effective IG program can improve an organization’s ability to find the information it needs for a variety of legal, compliance and business purposes to identify trends and otherwise harness the value of its data. Second, sound IG policies eliminate the costs of storing useless data and streamline the process—and thus lower the costs—of searching for, collecting, reviewing, and processing data for e-discovery. Furthermore, IG can help organizations manage tricky transfers of data, both between systems and across international borders.
The hardest part is determining when and how to begin an IG program. An ideal time to start a program is when the organization launches another data-related initiative, such as cleaning up its legacy data, instituting a litigation hold tracking system, or implementing an initiative to curb data loss.
Regardless of where it begins, an organization’s first step should be to make sure that it has sound records retention procedures in place that capture critical information about its deletion of data, including why, how, by whom, and when it was destroyed. This way, the organization will be prepared to defend a spoliation claim, particularly if amended Rule 37 of the Federal Rules of Civil Procedure becomes effective next year, which requires an organization to prove it took “reasonable steps” to protect its information in the event data is lost.
Next, the organization often chooses one of two approaches to data remediation: (1) manage new information as it is created or (2) purge excess from existing data stores. No matter the approach, e-discovery tools and approaches can be applied to automatically and cost-effectively classify ESI:
- Deduplication, which culls copies or similar versions of e-mails and other documents
- Concept clustering, which organizes documents into categories based on their subject matter
- E-mail redundancy, which preserves the final message from every string of e-mails
- Relationship analysis, which depicts relationships and communications between custodians
- Technology-assisted review, which uses statistical modeling and machine learning to sort important documents to be retained from documents to be purged
As these steps and tools are implemented, the organization should retrain its personnel to educate them on new approaches to managing their data. By learning to keep only what is needed, employees can shed the packrat mentality, and organizations can avoid the risks and costs of maintaining a garage jam-packed with ESI.
Data remediation programs is the topic of a recent Today’s General Counsel article, “Using Analytics to Clean out the ESI Garage,” that I recently co-authored with Robert D. Brownstone, partner and co-chair of the Electronic Information Management group at Fenwick & West LLP.
About the Author