Don’t be surprised by e-discovery

E-discovery has all the makings of a fire drill. E-discovery requires government agencies to know what electronic documents they have and be able to find them quickly if someone requests them for a court case. That’s no small task considering the enormous volume of electronic documents created by the typical organization. E-mail messages and attachments represent a good chunk of the problem, but word-processing documents, PDFs and other digital information also contribute to the management challenge. The amended Federal Rules of Civil Procedure, which has heightened awareness of e-discovery, cover a wide range of data types under the umbrella of electronically stored information.Agencies might choose to update their storage and archival strategies in light of the document glut and demands of e-discovery. That chore requires making policy along with updating information technology. Some industry and government managers suggest that policy-making might be more  difficult than navigating the storage system challenges. Is it time to develop an e-discovery storage strategy? Consider taking the following actions.E-discovery often winds up on the IT shop’s to-do list. However, preparing an organization to effectively comply with document requests calls for more than a new storage system. Officials must decide which documents the agency will archive and for how long. They must also determine who can search and retrieve documents and how to handle sensitive information.  Those questions call for a governance structure that reaches well beyond technology.“It can’t just fall into IT’s lap alone,” said Jason Baron, director of litigation at the National Archives and Records Administration’s Office of General Counsel. “You need key people in the organization who know the lines of business and know where the information is.”Baron said those key people fall into four groups: lawyers, records managers, IT managers and an agency’s business community. “Those four players need to be sitting down and talking to each other.” J.R. Reagan, vice president of BearingPoint’s Public Sector Risk, Compliance and Security Solutions practice, agreed that e-discovery is more than a technology exercise. “We’ve pushed off a problem with a lot of stakeholders to one organization,” Reagan said, referring to the IT department. Reagan said agencies must broaden their e-discovery work groups. The human resources department should be involved because requests for electronic information might include documents with personally identifiable information, he said. Reagan also recommended giving the enterprise risk management side of the house a seat at the e-discovery table. Failure to comply with an e-discovery request exposes an organization to significant financial risk, Baron said. He pointed to a $1.5 billion judgment against Morgan Stanley for failing to produce records that existed only on backup tapes. Although that judgment was reversed, the discovery precedent remains, he said.  Baron said the Morgan Stanley case and others like it reflect a lack of communication between an organization’s legal counsel and IT department. An e-discovery work group or committee can keep the conversation going and guide the e-discovery process. In Clackamas County, Ore., e-discovery affects a variety of groups, including the offices of county counsel, records management and district attorney’s office. Chris Fricke, Clackamas County’s senior microcomputer specialist, said the county’s e-discovery players recently gave IT the green light to more forward with an e-mail archiving system. The county has been discussing policy issues, which Fricke said can prove more difficult than the technology of e-discovery. & quot;Retention is the hardest question,” Fricke said. “You have different retention laws for different kinds of information, and it’s constantly changing.”A decision is still pending on retention policy, so for now, the archiving system retains every e-mail message indefinitely. As for who will access the system, the county has determined that two attorneys from the counsel’s department have the authority to view and retrieve e-mail messages. Building consensus around such issues underscores the need for some form of e-discovery oversight. “It is hard…to get results if there is no governance plan or structure to do that,” Reagan said. Agencywide engagement helps prepare the way for e-discovery, but additional management focus might be needed. “Most initiatives in an organization benefit from an executive sponsor driving these types of things through an organization,” Reagan said. He suggested that an entity’s legal counsel might be an appropriate sponsor for e-discovery. On the technology side, organizations should designate an e-discovery czar, according to a recent report by Ferris Research on e-discovery best practices. “Identify someone who is a member of the IT staff and who will also be responsible for [being a liaison]  with internal and/or external legal staff,” the report states.Colin Bush, an analyst at Ferris Research, said such an e-discovery czar is still rare. “Integrating IT’s role into some of these new requirements is very new, and organizations are still struggling with how to do it,” he added.The speed and effectiveness of a data search increase significantly when information is organized and classified. E-discovery experts recommend establishing a taxonomy and creating metadata tags for electronic information. The taxonomy provides a general way to classify information, and metadata provides detail on information to make searches more fruitful. “The use of metadata tagging ensures that individual record sets are produced during a corporate search,” said Penny Quirk, principal consulting manager at Robbins-Gioia. If metadata isn’t tagged properly, a search won’t generate a high enough percentage of  information relevant to a discovery order, she said. Against that backdrop, the Electronic Discovery Reference Model project devised an Extensible Markup Language schema to consistently describe electronic information. Quirk said EDRM created the XML e-discovery standard to “ensure that consistent and common nomenclature is used for business records during the e-discovery process.” The project is scheduled for completion in this year’s second quarter. Reagan said an e-discovery reference model can fit into an agency’s enterprise architecture and that e-discovery and enterprise architecture should be closely associated. That’s because e-discovery involves metadata management and information life cycle management, areas that enterprise architectures can address, Reagan said.Quirk agreed that agencies can take advantage of enterprise architecture as they pursue e-discovery. “One of the goals of enterprise architecture [is] to have the right systems in place to ensure that relevant records can be accessed,” she said.However, in many agencies, the discovery process is not fully automated. Most agencies “don’t live in a world of metadata tags,” Baron said. Government generally lacks the “sophisticated means that some people in the private sector have to do it.”With that in mind, government entities should “inventory their assets and get i ntellectual control” of those assets, Baron said. A governance process and data organization pave the way for technology. One challenge here is the lack of a unified archiving technology, said David Ferris, president and senior analyst at Ferris Research. “You’ve got one technology used for e-mail that may also cover instant messaging,” he noted during a recent Web seminar. Ferris added that an organization might use an enterprise content management system for files and a separate system to house other types of data. Various archiving technologies use different administrative and search interfaces, he said.Individual archiving technologies, however, are fairly mature and readily deployable. James Burke, information systems manager for  Safety Harbor, Fla., described the city’s deployment of Mimosa Systems’ NearPoint e-mail archiving solution as relatively painless. NearPoint archiving software runs on a Windows server and can be installed without taking the primary mail server or servers off-line.NearPoint uses a shadow database that allows archiving work and searches to take place without touching the production e-mail database,  Burke said. Running a big search across all mailboxes would create performance issues, he added. Matthew Reynolds, chief information officer at law firm Howard Rice Nemerovski Canady Falk and Rabkin in San francisco, said an organization might start out lean with a traditional file server. But he supports the adoption of storage-area network or network-attached storage technology when storage capacities exceed 4T. Clackamas County uses SAN storage for its e-mail archive, which runs Symantec’s Enterprise Vault software. The 25T EqualLogic SAN houses the vault in a RAID 5 unit, which stores deata on multiple hard discs.wsvolume. The county uses Tivoli software to back up the archive. The county’s Microsoft Exchange servers use local storage, and the only e-mail information on the SAN is the archive data, Fricke said.Clackamas is transitioning to Exchange information in  the archive. Fricke said the county works with users to move PST files into the vault. PSTs are personal storage files in Microsoft’s Outlook e-mail client. A project coordinator helps users through the process.The personal attention helps “alleviate the fear that if it’s not in the mailbox, I must not have it anymore,” Fricke said. Electronic documents culled in e-discovery and used in litigation demand special treatment. Quirk said a knee-jerk reaction at some organizations might be to destroy any document once it reaches retention maturity, but Quirk said they should resist that reflex. Information used in a legal action should be reclassified as litigation support documentation, which is subject to the statute of limitations for a given litigation event, she said.Some litigation support documentation might be retained permanently. Baron said the documents compiled in significant cases at the Justice Department are kept as permanent records of the government. Records in garden-variety cases in federal court are considered temporary, but they might still be housed for a number of years at one of the National Archive’s Federal Records Centers, Baron said.The National Archives tapped Lockheed Martin in 2005 to build an Electronic Records Archives system that will help the agency ingest electronic records flagged for permanent storage. Baron said the National Archives has been accepting electronic records from databases since the 1970s. It has broadened the range of accepted transfer formats in subsequent decades. Baron said the aim now is to accept government reco ds in any format, encapsulating each electronic document in an XML metadata wrapper. 

Commercial practices

To ensure timely e-discovery responses, organizations often turn to backup and disaster-recovery plans. San Francisco law firm Howard Rice Nemerovski Canady Falk and Rabkin opted to cover both bases with a single product.

“We wanted to look at both backup retention as well as our disaster recovery as one business problem,” said Matthew Reynolds, the fiirm’s chief information officer.

The firm deployed InMage Systems’ DR-Scout software. The product replicates data from the company’s primary site to its target disaster-recovery site and also handles backup chores. The target site has sufficient hard-disk capacity for this dual purpose.

The disaster-recovery solution protects the law firm’s mission-critical systems: time and billing, finance, e-mail, document management and some secondary systems. The approach also lets Howard Rice move away from traditional backup tape.

— John Moore

The hosted option

Hosted e-mail archiving provides an alternative for agencies that want to avoid the cost of long-term e-mail storage.

Colin Bush, an analyst at Ferris Research, said most organizations run in-house archiving solutions. However, a hosted approach is gaining traction, he said, despite worries some organizations have about security.

"One of the biggest challenges is the concern about security,” said Rick Dales, vice president of product management at Fortiva, which provides hosted e-mail archiving.

Dales said the Fortiva solution addresses that issue by installing an encryption appliance at the customer’s site. The appliance encrypts data leaving the customer’s location using a key that only the client possesses.

“We have no ability to read the data,” Dales said.

Will governments use this? Dales said he has seen some interest. But he added that the public sector involves a longer buying cycle because agencies typically take time to research and evaluate outsourcing providers.

“I suspect we will see a lot more activity over the course of this year,” Dales said.

— John Moore











1. Build a governance structure























2. Seek management sponsorship










3. Inventory and organize your data


















4. Deploy technology and avoid  user impact




















5. Don’t forget post-litigation data






NEXT STORY: FOSE: Abuzz about info strategies

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.