Companies believing they can control the
flow of information out of their company by using careful records
management systems and policies may find themselves sorely
mistaken if they're ever served with a legal discovery order, a
leading analyst has warned.
Although many companies have invested in systems to store
e-mail and other specific types of information, the ubiquity of
corporate information outside of those systems means that other
types of digital communication are often relevant to legal
proceedings, warned Hydrasight research director John Brand at an
EMC-sponsored seminar on legal discovery issues held, somewhat
appropriately, at Melbourne's Old Magistrates Court this week.
"It used to be that if you had records management, the act of
classifying it made a record," Brand explained. "But now, experts
often come in and find information the company didn't even know
it had. If it can be found, it can be used as evidence."
"Information is still power, and they want as much as information
as they can get. Courts are looking to see context and
understanding about the decision-making that was going on -- and
even draft emails that you never sent, can speak to intent at the
time," he continued.
That means information such as fax logs, instant messaging
sessions, calendar entries, discussion forum entries, video, the
content of virtual team spaces and other types of work product
can all inadvertently become part of the evidence stream in the
event of a discovery order.
If companies aren't able to retrieve this information, they
can spend tens or hundreds of thousands of dollars, and many
man-months, trying to comply with ever more demanding court
orders. Despite this risk, however, Brand said companies still
lack clear guidance about their responsibilities should they ever
face a discovery order -- and don't realise the expense and
headaches that have driven many companies to simply pay a fine
rather than go through the rigmarole of complying.
"Just assuming there's a backup of the data, and that
everything is all right, is a big mistake," he explained. "I
don't think I've seen a case where retrieval of data from a
backup tape has taken less than three months, and it can be as
much as eight months as the case drags on and on and the courts
ask for more information."
Even though business leaders often rely on IT to implement
appropriate solutions, that approach can come back to bite them
when IT's "point-and-patch" approach proves not to meet actual
business needs. Companies may also face resentment from staff who
are unlikely to assist in improving archiving efforts designed to
store more detailed accounts of their activities.
Ultimately, proof that a company has earnestly tried to
implement an adequate records management system can go a long way
towards satisfying courts. Think ecosystem rather than point
product, and you're heading in the right direction: Brand
classified these initiatives in four categories including
protection (eg encryption), surveillance (monitoring, real-time
analysis and deterrence), forensic (watermarking and activity
audits), and prevention (filtering and metadata stripping).
This last issue has become particularly pointed after
increasingly rich data capture methods have repeatedly left
companies backpedalling from information inadvertently buried in
Microsoft Word and other files. Making a concerted effort to get
rid of unwanted metadata in archived files, Brand said -- and
improving records management discipline by making it "sexier" and
better acknowledged - can keep such issues becoming problems down
"Value determination [for information] should not be a post
court-required event," he explained. "We're on a complete
revolution of our understanding of information. We've focused so
much over 25 years on transactional systems, but they're only a
small part of the data - a record of an event. Business records
tell you why that event occurred."