Send your Storage question to David Hill today! | See other Storage tips from David

What seems to be the problem? The new changes to the Federal Rules of Civil Procedure (FRCP) will have considerable impact on IT in general and storage administration in particular. Litigation holds are likely to be an especially thorny issue. A litigation hold means that you are required to preserve data that may be the target of a lawsuit against your company so that you can make the necessary information (e-discovery) available if required. But a huge gap exists between your legal department asking you to put a litigation hold on data and your ability to actually do so. And that is your challenge.



What do you need to know? Litigation holds are about the guaranteed preservation of data that can serve as evidence in a lawsuit. The duty to preserve records is triggered when your company learns of pending litigation or is put on notice that litigation is imminent. Not only that, but the obligation is also triggered when your company "reasonably anticipates" litigation.



The consequences of not putting effective litigation holds in place to ensure data protection is the risk of claims of spoliation of evidence. Spoliation is considered to be "the destruction, alteration, or mutilation of evidence." Your company does not want to have a claim of spoliation upheld against it in front of a judge.



A little relief (but don't rely on it) is that all parties to a lawsuit must have an early meet-and-confer meeting to discuss e-discovery issues and to resolve concerns upfront insofar as possible. This may help you limit the amount and types of information to be subject to litigation hold. However, you really should have proactive retention policies in place so that you can respond flexibly and quickly to any situation that arises rather than relying after the fact on meeting of the minds between contentious parties (your side and their side) to get you out of trouble.



And litigation holds are really about putting in place an effective data retention policy. That requires a lot of work because it is not only about preserving current data, but also about understanding all the data protection copies (for example, backup tapes), keeping a record of what data was destroyed, and determining what data must be preserved at remote and third-party locations.



Now Legal must decide on the policies on what needs to be protected. You must help your legal group think about the issues because they may want to specify that all data has to be preserved or that only relevant (however defined) business information has to be preserved.



Specifying that all data needs to be preserved indefinitely means that irrelevant, non-business, and obsolete data would have to be kept. Since that may represent a significant percentage of your data, that data would not clog the storage arteries, but also bog down the storage management process (such as having to backup no longer useful data that you would otherwise have destroyed).



The alternative to keeping all the data is to keep only the relevant data. The problem is how to determine (i.e., classify) data that is relevant. Relevant data has to have recognizable characteristics, such as a record in a financial database or an e-mail that has certain key words in it.

What can you do about it? First of all, there is no substitute for putting the proper policies, processes, practices, and procedures in place. That said, you will need intelligence in the form of automation software. That is not to say that the technology is a deus ex machine where the "Gods" drop automation software from the sky to fill your every need. However, technology is likely to be a necessity not only to install after everything has been planned, but also a part of the planning process. For example, you may need search capability to discover what data you have before you can determine its relevance.

Among the software tools that you will probably want to consider in your shopping cart are in the following categories:



* Data classification -- essential for helping you organize and classify your data

* Data protection management -- vital to keeping track of key data protection copy information, such as do you have a valid backup of key data?

* Data archiving -- retention-managed data is typically fixed content data that is put in an active archive. The archive can be managed for retention purposes, including litigation holds.

* Data security -- you must ensure data preservation, both data survival (no destruction) and integrity (no alteration or mutilation) to prevent spoliation.

The question is whose budget-dollars "credit card" is going to be used at the checkout counter. IT does not have extra dollars for significant unplanned purchases. Business units and functional groups do not want to have to fork over for what is perceived to be a corporate problem. Legal wants to offer counsel, not dollars (even though Legal may benefit from lowered litigation expenses). Corporate will probably ask Finance to figure out who should pay and how. But if your company cannot agree how to pay, it may find that it pays anyway from higher litigation costs, and that is likely to be a more expensive way to go.

nbsp;

ITworld.com

• Email
• Print
• Share
  • Slashdot
  • Digg
  • Stumble
  • Reddit
  • Newsvine