I am at the Masters Conference, a leading e-discovery conference. This a real-time report on the session The Positive Impacts of Records and Information Management on E-Discovery

– Courtney Ingraffia Barton, Crowell & Moring
– Laura A. Zubulake, Consultant and Author
– Donna Vitalie, AOL
– Maura Dunn, Duff and Phelps
– Christina Ayiotis, CSC [moderator]

Donna Vitalie presents:

  • Business runs on information: decision making, develop new products, collaboration, customer information, staff management, etc.
  • An active records management (RM) program helps move from the ocean of information to meeting e-discovery requirements
  • RM is critical to EDD preparedness; in addition, it can help business with quick access to operational information, reduced costs of IT, consistent treatment of recrods (including destruction), and legal hold management.
  • To illustrate how RM can work at its best, consider a structured scenario for procuring vendor services:
    – Check a contract management system (CMS) for approved vendors, MSAs, other useful docs or information
    – Use the CMS to build the request for proposal, distribute to vendors, and collect responses online
    – Capture final contract in CMS – now vendor work is underway
    – The actual work and invoices will be tracked in an ERP (enterprise resource planning) system
    – As long as workers use these two systems, managers and auditors only have to look in two places for all relevant information [As a records manager, you have to make sure above systems work or managers will work outside the systems, leaving records in many different places]
    – In this scenario, the “records footprint” is limited to two systems.

  • In reality, some work will probably occur out of these two systems. But with a structured solution like this, in e-discovery, you can limit where you have to look.

Maura Dunn presents on RM under litigation, audit, or investigation:

  • In a structured program as described above, you know where data and docs reside
  • In reality though, there may be many places to look. Business applications include desktop apps, e-mail, ERP, CRM, and imaging systems. At the enterprise level, there are many separate systems.
  • In the old days, RM was an afterthought. But now, with all these systems in use, RM had to occur in real time. But in stealth manner because workers don’t want actively to participate in RM. So RM has to fit in seamlessly with the varied systems in use.
  • Records destruction is hard today. Paper is easy – just shred it. But what is a record today? Do we delete just one record in a database? Records managers need to understand all the systems in use. And you need a plan for holds and destruction.
  • EDD has a series of separate tools. These are not designed for daily business operations. Nor should they be. You need a strategy of holds or freezes to use these appropriately.
  • Once an e-discovery need arises and you need a hold, you must identify custodians and storage locations. Then collect, preserve, and review.
  • One challenge is that data moves over time. Between archival processes, employees leaving, and normal operations of IT migration processes, data created in one place may eventually reside elsewhere. Typical stats: software upgrades very 18 months and hardware upgrades every 3 years. Another rule of thumb: you can’t open files after two major versions forward. Even if you can, you are likely to lose data and/or formatting. So to say 5 years later that you have an authentic representation of the original is very hard.
  • It’s one thing to start a litigation hold, it’s another to release it. You need a plan of what to do with records post-release.

Courtnoy outlines three main challenges for clients:

  • 1. Getting money to fund RM programs. But consider that a cost of EDD is the possibility of court sanctions if you don’t do RM right. Unfortunately, proving cost of this is hard. It’s easier to quantify the cost of dealing with the volume of data. By having a good RM program, you can demostrate savings in processing
  • 2. Where do you start? Just start – put a program in place. Improvise as you go is better than not starting.
  • 3. How do you implement and enforce? You need good program and managers. If not, you have to think how your organization works best at enforcing other policies. Training will be key, as will the right technologies.

Laura Zubulake (plaintiff in eponymous case). How knowing how your business actually runs can help you locate important records.

  • From various records management requirements imposed by regulators, she knew that records had to exist (or were supposed to).
  • Product v. country reporting lines. Knowledge of the management structure help illuminate where records would lie.
  • From daily business operations, knew how reliant entire organization was on e-mail. So knew that there was a large corpus of message. Similarly, there was instant messaging (IM), then called chat.
  • Chat tools were known not to be very private. So understood that any written communication about here would almost certainly be conducted in e-mail, not IM / chat.
  • Understood a bit about back-end technology. Limited server space meant limits on inbox controls. Being away two weeks would fill inbox and restrict sending outgoing messages. Seeing this helped figure out back-end RM.
  • There was a “double delete” process. User delete did not really delete files. There were additional steps required