Storage Tip: New e-discovery rules mean no more business as usual
Send your Storage question to David Hill today! | See other Storage tips from David
What seems to be the problem? You may not have heard of the changes to the Federal Rules of Civil Procedure (FRCP), and complying with the new rules will have a significant impact on data and storage management.
What do you need to know? The FRCP rules govern discovery in civil litigation. Discovery means that you must provide legitimately requested company information to those who sue your company. FRCP Rule 26(a) clearly defines electronically stored information (ESI) as discoverable. Electronic discovery (or e-discovery) is the process of making available electronic records (e-records).
Why does this matter? Your company is probably no different than any other company; it is being sued all the time. If your company fails to comply with the new e-discovery rules, your company can be subject to fines and sanctions -- not to mention a drop in stock price from unfavorable publicity. And even if you can comply with the requests, but the process of doing so is arduous in terms of people's time, then that is a productivity drain that prevents you and your colleagues from doing more productive tasks.
So what are the issues? You must know what e-records (i.e., data) you have, what that data is, and how to access it. You must know what formats your data is stored in and what metadata is associated with that data. Moreover, you are required to know the formats that the data can reasonably be converted into. You also must be able to put a litigation hold process in place as well as defining other relevant data retention policies, such as having a "good faith" records disposal process. Now those are by no means all of the issues, but it is more than likely enough to cause you to choke.
Let's look at the first two issues -- what e-records you have and where they are located.
This is an inventory process that starts with identifying your servers, the storage that they use, and the applications that use both. But you can't stop there. You must also inventory remote locations, such as distributed offices and branches. Moreover, e-records on desktops, laptops, and even PDAs must be included.
Two factors make this process even messier. The first is that IT may have little or no custodial control over some of the equipment. The second is that end users have ownership responsibility over e-records. That means that IT in its custodial capacity does not necessarily know what was created or whether it is relevant for e-discovery purposes. In a sense, IT was a "bank" that protected a safe deposit box, but only the depositor knew what the contents of the safe deposit box were. That has now changed. IT will now likely be asked to keep track of the contents of the e-records "safe deposit box" (i.e., storage on both disk and tape) and determine whether the contents are important for e-discovery purposes. (Of course, IT must be given policy direction from the chief counsel for the company, but IT is likely to become responsible for automating the process.)
Realistically, you will never be able to completely do this, therefore, you will need to prioritize, and that's where data classification comes in. You must identify the characteristics of e-records (such as certain types of email that are likely to be the subject of e-discovery requests). That means you must segregate the relevant data into one pile or you must make all the data available.
What can you do about it? A software tool, such as a data classification software tool, is likely to be a necessity. But remember the old mathematical dictum about something being a necessary, but not a sufficient condition. Machine intelligence in the form of a software tool must be combined with human intelligence in order to make the proper decisions.
Moreover, remember that this is just a start. The ramifications of the changes in the FRCP rules will take some time to permeate the corporate consciousness. The initial reaction may be to try to do the bare minimum (the head-in-the-sand approach). If your company acts this way, you will have to roll with the punches, but be prepared for a sudden change of direction.
Or, your company may make a firm commitment to strongly comply with the new FRCP rules. Then the reality may set in that wanting to comply and actually being able to comply are two different things. Your job will be to work with an interdepartmental team, including legal, to do the best job you can.
One final bit of advice: Be alert. The implications of the changes to the FRCP rules will dramatically affect your job. We will explore the different issues in future columns.
storage.itworld.com
Symantec Backup Exec 12 and Backup Exec System Recovery 8 deliver industry leading Windows data protection and system recovery. Download this whitepaper to find out the top reasons to upgrade and how to get continuous data protection and complete system recovery.
Data and system loss — from a hard drive failure, malicious attack, natural disaster, or simple human error — can happen anytime. Don’t leave your business vulnerable. Make sure you have a secure recovery strategy in place. Symantec's latest backup and system recovery technology can efficiently restore critical applications, individual emails and documents and even restore your entire system in minutes in the event of a loss.
Businesses face a growing challenge to ensure that the IT environment is properly protected. Backup Exec 12 integrates with other applications in the Symantec family of products, to complement your current data protection strategy, keep your data securely backed up and make it recoverable when you need it most.
