Are eDiscovery Policies a part of your risk management plan?

Electronic discovery (also called eDiscovery) refers to any process in which electronic data is sought, located, secured, and searched often with the intent of using it as evidence in a legal case.  Discovery of electronic records has become a concern in litigation, government and regulatory investigations.  Having policies in place to manage and store this electronic data is a key factor in risk management.

Does your organization have a records retention policy in place?  Many times, the key players in an organization do not come together to create a policy that employees are aware of and adhere to.  Risk managers need input from executives as to who may be implicated in particular legal matters and IT leaders need to know where electronic documents are stored, and where paper documents are located.

Defining a Policy

First, restrict what employees can put in writing.  Employees should be trained on sending electronic communication inside as well as outside of the organization to ensure that only necessary information is being transmitted.  Electronic information is often created without concern for the liability or an understanding that it can be later discovered or taken out of context.  Having clear cut guidelines will help manage the volume and content contained in the data.

Second, data that is stored should be classified as part of an overall records and information management (RIM) effort.  RIM is the practice of controlling the most important records of an organization throughout the data life cycle.  This includes identifying, storing, archiving, preserving, retrieving, tracking and destroying records.  The objectives of a data retention policy are to keep important information for future use or reference, to organize information so it can be searched and accessed at a later date, and to dispose of information that is no longer needed.  Data that is no longer useful to the business or required by law should be deleted so that it does not clutter up systems or come back to haunt a company.  Different types of data needs to be retained for different lengths of time.

A data-retention policy often follows a retention schedule that lists every possible type of information that the company could have in its stores and the required retention period. There should also be special instructions for archiving and for the deletion of data once the time limit has been exceeded. The policy is also likely to include litigation hold procedures for retaining information when litigation is anticipated.

Lastly, providing clear guidelines when it comes to electronic communications, organization of data and retention procedures will expedite the eDiscovery response which will in turn reduce risks of spoliation, decrease overall costs and shorten delays.  Many companies are reluctant to put an eDiscovery risk management plan in place due to the lack of time and training that is needed to create an effective plan.  But waiting for the inevitable will not make things easier.  Having an action plan in place for managing the risk can make all the difference in the result.

In the end, it is important to develop and maintain a records retention policy.  It will not only help with defensible deletion of documents but also help keep your records and information organized.  For more information on risk management and how Sherpa Software can help, contact us.

Leave a Reply

Your email address will not be published. Required fields are marked *