Are you prepared for legal e-discovery?
Gary White- Waterford Technologies
Organisations around the world spend millions every year investing in software and systems to give them a better understanding of their employees, clients, and opportunities to create and maximise potential and also to gain insight and knowledge via automatically generated reporting, with the end goal of protecting themselves against internal and external issues and competitors.
The first question that is asked by an organisation is what is the most relevant and up to date information source available and how they can utilise it. But the first thing an organisation should do, (as with most questions like this), is look internally. The best information any organisation has is already owned by them, they just don’t know how to access this information, the source of this information is held within the mailbox accounts of their own staff, just think of the hundreds of thousands of mails sent every day by your organisation and the huge potential of this resource if you could just tap into it.
The second question should be, how do we protect ourselves against internal disputes (employee productivity, performance, email abuse, legal and harassment) and from external threats (leakage of confidential information, competitor domains, suspicious attachments) these will also allow the HR / Legal departments automatically run reports.
Protection of business critical information has never been more critical, particularly in light of legislative and compliance requirements, such as the Freedom of Information Act (2000 and Scotland 2002), the Data Protection Act (1998), the Sarbanes Oxley Act (SOX) of 2002 and the growing body of European legislation designed to protect information. In addition, new laws have increased the cost and risk associated with legal discovery processes.
Organisations should ask themselves the following:
- What’s important to carry forward for the historical record? What do you need to know about your organisation?
- What legal or regulatory requirements govern your organisation and what records must be retained to comply?
- What records must be preserved to protect the rights of employees, customers and shareholders?
- What needs to be preserved to ensure the continuity of business operations?
- What would the consequences be if certain classes of records were lost?
- What would your organisation be unable to do without them? Could normal functions take place?
- Can the records be replaced or reconstructed? At what cost?
Without proper preservation and reporting of critical business information the impact to your organisation can be hugely damaging;
- Loss of use, including the inability to produce business critical information during litigation or re-use/re-purpose the record to bring additional revenues into the organisation.
- Costs associated with the outright loss or recovery/repair of improperly stored records
- Costs associated with these types of loss will depend on the seriousness.
- Damage to corporate reputation, particularly in cases where shareholders have a reasonable expectation that records should have received the highest levels of protection and security.
- Negative impact on business continuance where inadequate analysis has been done to identify the probability of damage or loss of information and its impact on the business.
- Inability to comply with European, central and local government regulations and mandates, including the Freedom of Information Act (2000 and Scotland 2002), the Data Protection Act (1998), and the increased corporate and personal liability associated with such failures.
- Increased exposure during litigation due to the inability to produce requested documentation throughout the discovery process.
Invariably the third question that an organisation will ask is how much this will cost. The answer is very little especially when you ask yourself;
(A) Do we want to save Money – reduce demands on your Exchange server
(B) Do we want to save Time – during e-discovery, investigations, helpdesks calls and retrieval
(C) Do we Need to protect ourselves and our Reputation – once an organisation loses its reputation whether rightly or wrongly the damage is irreversible.
(D) Do we Need to report on this information, on an hourly, daily or weekly basis if Needed? – ensure that you know before you NEED to know
If an organisation answers yes to any or all of those questions, then they need to consider the options available and develop a clear plan for retention, protection, management and reporting.
If an organisation answers no to all of those questions, they have to accept the responsibilities after the damage is done and congratulate themselves on taking the least expensive but highest risk option available.
If you would like to learn more about Email Archiving and e-discovery contact us.