The fall-out of the credit crisis has had a significant impact on the information technology (IT) landscape, and even more specifically a dramatic impact on compliance, risk, e-discovery and records management requirements. These technology-based requirements, also known as enterprise information management, affect every type and size public sector and commercial organization today.
Managing and controlling electronically stored information is a matter of technology, but also of strict procedures, quality control and well-documented information management activities. It has become one of the most serious sources of legal exposure and risk. There are several key questions an organization must consider in today’s business climate. Is your organization prepared to respond to an e-discovery demand imposed by regulators, civil parties or a competitor? Is your organization able to find and produce all relevant documents? If so, at what price and how fast?
More and more organizations are now understanding the importance of not waiting for an electronic information request. They actively audit, monitor and police their organization to enforce ongoing compliance, and take immediate action when needed in order to avoid expensive legal proceedings. Therefore, in terms of the electronic discovery reference model (EDRM), there is a great need for fully integrated solutions for information management, identification, preservation, collection, processing, review, analysis and production.
Advanced search, text-analytics technology, classification and categorization can be used to reduce costs and risk in the e-discovery process for unstructured data, but eventually authentic records management solutions for email and other relevant content archives are the only real means to a successful end. Organizations must relearn the art of information destruction and records management which will ultimately allow them to implement true enterprise information management. (See Figure 1, Page S6)
Technology is Essential
1. Information access technology solutions ideally help address today’s compliance, risk, e-discovery and early case-assessment challenges, but organizations must implement the right tools—if there is something out there that is relevant to a case, it must be found. The best positioned tools are those that are optimized for high recall that can also find non-obvious issues such as misspellings, word patterns, concepts or people that do not want to be found and are deliberately hiding information. In this context, advanced search, text analytics and data visualization are very important.
2. Workflow, data identification and collection technologies are what is needed for the legal hold, identification and collection process. Both corporate legal and IT organizations are in great need for technology that will help manage the first phase of an electronic information request. In this phase there is more demand for technology to addresses the specific e-discovery process.
3. Automatic content-based archiving will solve the enterprise information management problem. Text analytics and text mining are also essential in this phase. Many organizations are implementing this last phase in the development of the e-discovery marketplace in order to realize proper enterprise information management.
4. Data monitoring technology is required for ongoing auditing and compliance on dynamic and static (archived) data. Known current awareness and selective dissemination of information (SDI) technology from the intelligence and security industry is going through a second live phase due to these new (corporate) compliance requirements.
However, organizations need more than just software. Count on professional services from specialists and—just as important—best-practice methodologies including quality control, reporting and auditing that will help organizations bring e-discovery, records management, risk control and compliance in house in a defensible manner.
Proper preparation starts with full-text indexing the most relevant storage areas such as servers, local hard disks, mail servers, SharePoint and other repositories. IT departments and in-house legal counsel can implement the collection of data more intelligently and efficiently rather than making hard disk images or using Boolean queries that consist of five pages of words connected by OR statements (which effectively collects way too much irrelevant and redundant data).
Organizations can do an even better job by linking the identification and legal hold to their records management system and data collection services. From the legal hold report it should be possible to automatically collect data from the records management systems and on the network where such users (custodians) have access. Much of this information can usually be found in the active directory.
When law enforcement and intelligence agencies are looking for a smoking gun, organizations need to produce data under the Federal Rules of Civil Procedure (FRCP), which reduces all collected data to a smaller amount so the legal review cost can be controlled. In fact, the discovery is similar to an accounting process where at the end of the process the amount of documents that was collected has be the same as the amount of documents produced plus the documents that are removed in the discovery process. All documents that are not produced need to be justified. As a result, auditing and reporting are essential. Also, if an organization has several discoveries in parallel, which is often the case, then managing e-discovery becomes a resource and logistic issue.
The popularity of SharePoint adds an additional level of complexity to discovery and auditing obligations for many organizations. Vast amounts of information are stored in such archives that are not always easily accessible. The same problem exists with information stored in other closed and proprietary databases and repositories. Often there is a need for developing special scripts or connectors to make the content of these repositories searchable. Both federation and natively full-text indexing of the data in the repositories can provide organizations with the functionality needed to implement an in-house electronic discovery request or for auditing and monitoring for compliance. This may not be trivial and organizations should give this the attention it requires.
In a number of markets where information in the back office is extremely sensitive and real-time access is required for auditing, discovery or security, traditional public interface applications such as SharePoint, MS Exchange, SAP, Oracle, Open Text, SAP and many others do not provide sufficient search capabilities and also require data to be converted over and over again whenever the vendor of such product provides a new version of the application. (See Figure 2, Page S7)