Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Compliance

Organizations Not Properly Addressing ESI Challenges

According to a recent study, over 50 percent of companies in the U.K. and U.S. have an Electronically Stored Information (ESI) Disclosure strategy in place, but most haven’t revisited policies to address new communication methods such as social networking (30 percent in the U.K. and 21 percent in the U.S.) and new storage technologies such as cloud computing (28 percent in the U.K. and 16 percent in the U.S.).

According to a recent study, over 50 percent of companies in the U.K. and U.S. have an Electronically Stored Information (ESI) Disclosure strategy in place, but most haven’t revisited policies to address new communication methods such as social networking (30 percent in the U.K. and 21 percent in the U.S.) and new storage technologies such as cloud computing (28 percent in the U.K. and 16 percent in the U.S.).

More than half of companies in the U.K. (50 percent) and U.S. (63 percent) believe their ESI Disclosure strategy for responding to litigation or regulatory matters is repeatable and defensible. While 45 percent of the U.K. and 38 percent of U.S. companies have tested their policies, nearly a third of companies in the U.K. (32 percent) and half in the U.S. (45 percent) do not know if their policies have been tested. Nearly three quarters of companies (70 percent in the U.K. and 72 percent in the U.S.) have not used or are not aware of using ECA technology to reduce the burden of e-disclosure and get a better understanding of their data early on in litigation. ESI Policies

These are the key findings from the Fourth Annual ESI Trends Report, an independent study commissioned by Kroll Ontrack, a provider of information management, legal technology and data recovery solutions.

Creating and Testing Disclosure Policies

This year’s survey revealed that more companies are creating policies for ESI Disclosure to govern the process of locating, collecting, filtering, reviewing and producing ESI in preparation for or in response to litigation, investigations or regulatory matters. However, many companies are not taking the important next step of testing, modifying and implementing policies – all of which is increasingly complex to manage thanks to growing volumes of data, and demands a proactive approach.

Addressing ESI Challenges with Tools and Technologies

Despite the disclosure industry’s attention to early case assessment (ECA) technology and new communication platforms such as social networking, this year’s survey revealed that companies are lagging behind in addressing these areas. There has also been a decline in the number of organizations that have updated their ESI Discovery policies to address new communication channels such as social networking, mobile devices and new storage technologies such as cloud computing and virtualization.

“The emergence of new communication and storage technologies makes the accessibility, admissibility and disclosability of ESI very complex. It is essential for companies to revisit existing policies every six months to ensure compliance with regulatory requirements and disclosure obligations when they arise,” said Martin Carey, managing director, Kroll Ontrack.

Controlling Disclosure Costs

While economic conditions may have hindered organizations from re-visiting proactive plans or testing them, the survey findings indicate that disclosure spend remained relatively constant from 2009 to 2010, despite tight budgets. Also, U.K. corporations are on an average still spending almost £700,000 (about US$1.1M) per organization annually, with but less than half of companies (29 percent in the U.K. and 40 percent in the U.S.) budgeting for disclosure as a component of their overall litigation spend.

In a climate where in-house legal departments are striving to do more with less, companies can and should be taking a more proactive approach to reducing their disclosure costs by utilizing technology and best practice processes such as archiving technologies, data maps, ECA tools and other innovative new technologies like prioritization technologies to reduce disclosure-related costs.

Closing the Gap Between IT and Legal Departments

Although corporations have created and implemented new policies around managing ESI, the 2010 survey exposed a gap between IT and legal departments. In the U.K., legal has shown more awareness of company technologies such as archiving platforms, legal hold tools and ECA technology. In the U.S., it is IT that has shown more awareness in these key areas. This is a significant shift from the inaugural 2007 survey, when legal was primarily responsible for disclosure preparedness and management and in the last few surveys IT assisted in-house counsel with this task.

A total of 200 online interviews were conducted between June and September 2010, among IT and in-house counsel at commercial businesses in the U.K. and 203 at U.S. corporations with 500-1000 individuals and 1000 plus employees were surveyed.

The full results of the survey are available at: http://www.krollontrack.co.uk/fourth-annual-esi-report

Written By

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Cybercrime

A database containing over 235 million unique records of Twitter users is now available for free on the web, cybercrime intelligence firm Hudson Rock...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...