/>
X

Records discovery can prove dangerously enlightening

Companies believing they can control the flow of information out of their company by using careful records management systems and policies may find themselves sorely mistaken if they're ever served with a legal discovery order, a leading analyst has warned.
david-braue.jpg
Written by David Braue, Contributing Writer on
Companies believing they can control the flow of information out of their company by using careful records management systems and policies may find themselves sorely mistaken if they're ever served with a legal discovery order, a leading analyst has warned.

Although many companies have invested in systems to store e-mail and other specific types of information, the ubiquity of corporate information outside of those systems means that other types of digital communication are often relevant to legal proceedings, warned Hydrasight research director John Brand at an EMC-sponsored seminar on legal discovery issues held, somewhat appropriately, at Melbourne's Old Magistrates Court this week.

"It used to be that if you had records management, the act of classifying it made a record," Brand explained. "But now, experts often come in and find information the company didn't even know it had. If it can be found, it can be used as evidence."

"Information is still power, and they want as much as information as they can get. Courts are looking to see context and understanding about the decision-making that was going on -- and even draft emails that you never sent, can speak to intent at the time," he continued.

That means information such as fax logs, instant messaging sessions, calendar entries, discussion forum entries, video, the content of virtual team spaces and other types of work product can all inadvertently become part of the evidence stream in the event of a discovery order.

If companies aren't able to retrieve this information, they can spend tens or hundreds of thousands of dollars, and many man-months, trying to comply with ever more demanding court orders. Despite this risk, however, Brand said companies still lack clear guidance about their responsibilities should they ever face a discovery order -- and don't realise the expense and headaches that have driven many companies to simply pay a fine rather than go through the rigmarole of complying.

"Just assuming there's a backup of the data, and that everything is all right, is a big mistake," he explained. "I don't think I've seen a case where retrieval of data from a backup tape has taken less than three months, and it can be as much as eight months as the case drags on and on and the courts ask for more information."

Even though business leaders often rely on IT to implement appropriate solutions, that approach can come back to bite them when IT's "point-and-patch" approach proves not to meet actual business needs. Companies may also face resentment from staff who are unlikely to assist in improving archiving efforts designed to store more detailed accounts of their activities.

Ultimately, proof that a company has earnestly tried to implement an adequate records management system can go a long way towards satisfying courts. Think ecosystem rather than point product, and you're heading in the right direction: Brand classified these initiatives in four categories including protection (eg encryption), surveillance (monitoring, real-time analysis and deterrence), forensic (watermarking and activity audits), and prevention (filtering and metadata stripping).

This last issue has become particularly pointed after increasingly rich data capture methods have repeatedly left companies backpedalling from information inadvertently buried in Microsoft Word and other files. Making a concerted effort to get rid of unwanted metadata in archived files, Brand said -- and improving records management discipline by making it "sexier" and better acknowledged - can keep such issues becoming problems down the track.

"Value determination [for information] should not be a post court-required event," he explained. "We're on a complete revolution of our understanding of information. We've focused so much over 25 years on transactional systems, but they're only a small part of the data - a record of an event. Business records tell you why that event occurred."

Related

Delta Air Lines just made an embarrassing announcement (you may be livid)
screen-shot-2022-06-22-at-3-50-54-pm.png

Delta Air Lines just made an embarrassing announcement (you may be livid)

Business
On July 12, we'll see the universe like never before
51656393132-ca88bc21e3-k

On July 12, we'll see the universe like never before

Space
US weather, climate forecasting is about to get way better
screen-shot-2017-09-07-at-1.jpg

US weather, climate forecasting is about to get way better

Innovation