Registration is now open for KMWorld 2019. Register now to join us Nov 4 - 7 in Washington, D.C.

The Art of Destruction
An Overlooked Key to Records Management and e-Discovery

This article is part of the Best Practices White Paper Records Management & Regulatory Compliance [November/December 2008]
Page 1 of 2 next >>

Although storing 250 gigabytes of data can cost less than $250, hiring an external firm to process and review this data for e-discovery can cost up to $1 million. The impact of these costs is particularly noticeable to in-house legal teams and support staff who are often at the front lines of any e-discovery activities occurring within their organizations. Even though advanced information access technologies are available to help minimize these costs, many legal professionals do not yet have these tools in place, and for those who do, they are still confronted with the primary challenge to effectively managing e-discovery costs: the continued addiction throughout organizations to keeping and storing too much electronic data.

To put this problem in perspective, think about how much data your organization currently stores. Then, project that amount through the revised definition of Moore’s Law, which predicts that computing and storage capacity will continue to double every 18 months—probably for the next two decades. Storage costs themselves are so low that constantly bumping up capacity can seem like the obvious, no-brainer solution to "managing" data. However, you will soon find out that your legal e-discovery costs can also comply to Moore’s law: they will also double every 18 months.

To neutralize e-discovery cost and risk issues, organizations must classify documents with a proper filing plan and implement data retention and destruction policies. Regulatory authorities have established clear guidelines (i.e. Federal Rules of Civil Procedure) about what data must be kept and for how long. Only in rare cases do all email messages, for example, have to be stored. Often, no practical or legal requirements exist for retaining large chunks of organizational data, especially when one considers that data is often duplicated throughout an organization.

Unfortunately, many people are pack rats at their jobs, collecting and storing every email they send and receive as if the entire company would crumble without a solid foundation of ever-growing data repositories on which to rest. But data retention isn’t synonymous with knowledge management, and knowledge management is what is supposed to be the goal of any kind of implicit or explicit data retention activity. For "data" to become "knowledge," data must be structured and organized, and an understanding must be in place about the impact of that data.

The Need for Email Destruction
Email is where the high costs and risks of e-discovery are concentrated. People keep their emails because it is easy, but these email archives (PSTs) rapidly swell to gigabytes of information. Problems fester because the information in these PST folders is often completely unstructured. For example, potentially sensitive HRM-related emails (such as performance reviews or confidential financial or medical information) are frequently in the same collection (i.e. Sent Mail) as other, unrelated messages. This common situation is problematic on two fronts: non-relevant emails are kept, and confidential emails that can be classified as "privileged" in a legal discovery are not stored in separate folders.

In order to implement and execute a filing plan for your organization, you must classify every type of document you have, establish retention rules for each type, and enforce these rules.

All of which seems logical and straightforward. However, although most organizations have some type of document retention policies in place for physical documents, almost 95% of organizations do not apply records management policies to electronically stored information (ESI). Hence, a real need exists to apply the "art" of destruction, as well as of structure and transfer, to all ESI throughout an organization.

This process is easier than it seems. Granted, a big challenge with ESI records management systems is that users often don’t like them and don’t use them. Email archiving, for example, is often postponed "until tomorrow." which then becomes the first day of the end of the records management initiative. The only solution in these situations, then, is to make archiving emails as easy as possible, which only works if there’s a (semi)-automated system in the email environment (such as in MS Outlook). However, the effectiveness of this plan is only as good as the filing plan that supports it.

Developing a Filing Plan
Effective records management must follow a logical sequential order. Many organizations that buy an electronic records management system have no idea what document collections exist in their organization, especially in terms of essential archives that may only reside on someone’s personal hard disk. To compound the issue, opinions often differ about what collections should even exist in their organizations. Therefore, the first step is to define a list of essential archives. Start by looking at your organization’s departments and their recognized information flows.

Departments and their relevant archives could include, for example: sales (contracts, customer contact files, quotes); management (board minutes and notes, legal agreements, quality control); finance (accounts payable, accounting, correspondence files with various external contact); and on down the departmental lists.

After mapping out the departments and relevant archives, define the documents that must be retained in each archive (paper, electronic and email), as well as who has the appropriate access rights, the location of the archive (physical or network-based), the responsible officer and the retention and destruction rules. Responsible officers carry out and enforce the collection, structure, access and retention rules for the documents in their designated archive. The basic filing plan is in place.

Rolling Out Records Management
Next, the filing plan needs to be put into action, which can be done manually. Fully automatic RMA systems aren’t necessary as long as data has been clearly separated into archives and locations that allow for individual retention actions. For example, if all outgoing quotes from one year are stored in one directory, they can be deleted in one batch when their designated destruction date comes up.

Page 1 of 2 next >>

Search KMWorld

Connect