An EMC Digital Universe Study last year predicted that by 2020 there will be nearly as many digital bytes as there are stars in the universe. With that correlation, to say that managing ESI is a growing problem would be a gross understatement. What we outline below are four high-level steps for creating an information management structure to stay on top of all this data as it is created.
- Creating a data inventory – The goal of creating a data inventory, or data map, is to identify the types and locations of the organization’s data. Types include:
- structured data (data bases, etc.),
- unstructured data (emails, IMs, files, etc.),
- and any legacy content from old systems.
Doing this will give you a clear picture of your organization’s data landscape, making it easier to write your policy later.
When beginning the data inventory process, focus on the departments potentially affected by litigation first. Interview stakeholders who understand the types of data that are created in their department and where and what type of related information will most likely be found. Don’t forget to ask about any physical storage, like external hard drives that could contain corporate information..
Once you have exhausted your internal review, move on to entities outside the company, such as accountants, that may also have information related to current or future litigation.
- Secure data – Securing data is about ensuring that information is accurate, correct, and authentic. During the collection process, you will want to reduce the risk that the data collected could be contaminated, breached, or stolen.
To do this, first limit the number of people who have access to this data and minimize the risk of a data breach by keeping data in-house. Double check supporting technologies securing this information and make sure they meet legal standards and are appropriate for preserving the integrity of the information – aka the data cannot be altered, tampered with, or deleted. Finally, have clear cut guidelines to help manage the volume and content contained in the data.
- Define A Retention Policy – Kristin Mager, Sherpa Software Support Specialist, recently wrote a great article that talks about the importance of defining eDiscovery policies. We summarize the main points here, but recommend you read her full article.
- Restrict what employees can put in writing. Train them on sending internal and external ESI. Only necessary information should be transmitted.
- Classify the data being stored. Records and Information Management (RIM) includes identifying, storing, archiving, preserving, retrieving, tracking and destroying records. The goal is to only keep what is necessary and relevant to business operations.
- Create a Schedule. A data retention policy should follow a retention schedule that lists every possible type of information the company could have and it’s required retention period.
- Provide Clear Guidelines. Providing clear guidelines when it comes to electronic communications, organization of data and retention procedures will expedite the eDiscovery response, reducing risk and costs.
A note about classification: In Jeff Tujetsch’s article about Classification’s Role in Corporate IG Policy, he compares classification to being the world’s best athlete; it’s harder to stay on-top than it is to get to the top. The point is that ESI is a moving target. Every day new types of ESI are created within an organization and the rules you create in your corporate policy are the only way to stay on top of it.
- Make Sure Policies are Successful – Tracking success is an important part of any endeavor, the same is true for enforcing corporate policy. Monitoring the use, access, and compliance levels of information after your policy has been put into place is crucial. Information creation, movement, and use should be logged in real time and maintained as an audit record.
When it comes down to it, implementing an effective corporate information management structure is about good planning, frequent communication and excellent technology. If you are missing any one piece, it is nearly impossible to stay on top of the massive amount of information being created every day. Don’t just take our word for it, ask the stars.