Managing ever-growing volumes of data and being prepared for eDiscovery requests challenges many organizations.
“The fact that email is no longer the primary source of information for an eDiscovery request is a significant change from what has been the norm over the past several years,” said Dean Gonsowski, eDiscovery Counsel at Symantec. “With the wide variety of sources in play, including loose documents, structured data, SharePoint content and even social media, it is not enough for legal and IT to simply focus upon email alone. It’s critical for the two departments to work together to develop and implement an effective information retention policy.”
Symantec’s 2011 Information Retention and eDiscovery Survey found that despite the risks of hefty fines, nearly half of respondents do not have an information retention plan in place. Thirty percent are only discussing how to do so, and 14 percent have no plan to do so. When asked why, respondents indicated lack of need (41 percent); too costly (38 percent); nobody has been chartered with that responsibility (27 percent); don’t have time (26 percent); and lack of expertise (21 percent) are top reasons.
When asked what types of documents are most commonly part of an eDiscovery request, respondents selected files and documents (67 percent), and database or application data (61 percent) ahead of email (58 percent). As evidence of just how many sources companies must be prepared to produce information from, more than half indicated SharePoint files (51 percent), and nearly half cited instant messages and text messages (44 percent) and social media (41 percent).
It’s no surprise that respondents who employed best practices for records and information management were significantly less at risk of court sanctions or fines, and are well prepared to respond to an eDiscovery request.
The survey revealed that these “top-tier companies” are:
• 78 percent less likely to be sanctioned by the courts
• 47 percent less likely to lead to compromised legal position
• 20 percent less likely to have fines levied
• 45 percent less likely to disclose too much information leading to compromised litigation position
Symantec suggests that companies get started with a formal plan as soon as possible, and then refine it accordingly to address specific laws and regulations governing the retention and availability of information. Without a formal plan it is difficult to know when — and what — to delete, which drives over-retention and creates additional risk.
Symantec also provided these tips when it comes to records and information management:
• Periodically delete electronically stored information (ESI) according to your RIM program. Most organizations (79 percent) believe that a proper information retention plan should allow them to delete information. Yet, 20 percent of organizations still retain archived data forever. Delete according to your information retention plan to reduce storage, litigation exposure and eDiscovery costs.
• Use backup for recovery, archiving for discovery. The survey found approximately 40 percent of organizations keep data on their backup tapes infinitely and use those backup tapes for their legal hold process. This exposes them to the costly and dangerous proposition of restoration in the event of litigation. Backup is intended for recovery purposes, and 30-60 days is the longest data should be backed up. Files should then be automatically archived or deleted. Using backup only for disaster recovery enables an organization to delete older backup sets within months instead of years.
• Deploy advanced legal hold processes and solutions to minimize the risk of non-compliance.
• Conduct litigation readiness exercises to determine exposure areas and formulate a prioritized remediation plan.
• Prepare for eDiscovery and governmental inquires by casting a wider ESI net, including social media, cloud data, instant messaging and structured data systems.
Applied Research conducted the survey by telephone in June and July of 2011. They spoke to 2,000 Enterprises from 28 countries, across a wide range of industries. Respondents were enterprises with 1,000 employees or more and consisted of both a representative from IT management and a representative from Legal.