Roundtable Discussion: E-mail management for e-discovery
KMWorld recently hosted a roundtable discussion to explore the relationship between e-mail management and e-discovery. Led by KMWorld’s senior writer Judith Lamont, participants included Dean Gonsowski, VP of e-discovery services with Clearwell Systems; Kevin Joerling, a certified records manager who serves as senior manager, standards and records management, with ARMA International; and Whitney Tidmarsh, chief marketing officer in EMC’s content management and archiving division.
Q Lamont: E-mail management and e-discovery are both challenging tasks in their own right. How should e-mail be managed so that e-discovery can be carried out most effectively when the situation arises?
A Joerling: E-mail really should be managed just like any other type of record. A lot of organizations make some big mistakes with e-mail because they are not sure how to handle it. Some take the approach of saving everything forever, which is expensive and cumbersome. Others go for the short-term solution, deleting all e-mail messages after 60 or 90 days, which can be risky in the face of investigation or litigation. The third option is to manage e-mail proactively. The e-mail messages come in, and the ones that are records are moved out of the e-mail system to a records management system. A retention schedule is placed around them, and they are deleted according to that schedule. E-mail messages that are not considered records can be deleted more quickly.
Q Lamont: Are special problems associated with e-mail as opposed to other records?
A Joerling: The volume is a big problem. Everyone is inundated with e-mail. Also, sometimes it is not clear whether a particular e-mail should be classified as a record. With other content such as reports or financial records, it may be more evident.
A Tidmarsh: Also, many e-mail messages are sent to multiple recipients, making the volume issues even greater. Ideally, a records management solution should de-duplicate these messages so there is just one copy of the e-mail and its associated attachments. This saves on storage costs and makes the information more manageable.
Q Lamont: What steps are required to set up policies?
A Tidmarsh: The first step is to define the rules that identify the documents that need to be managed as records, and set up an appropriate retention schedule. The organization should think ahead about what is pertinent—is it particular individuals, key words, departments or a class of users that make a document important to keep as a record? Any of these, or a combination of them, can be a part of policies.
A Joerling: Industries that are highly regulated generally are aware that they need to have policies in place, and they know they have to do a good job of it. Sometimes we see the less regulated organizations having a much harder time with records management because they are less accustomed culturally to the process of regulation. But all organizations should have something in place.
Q Lamont: How can technology help with the implementation of policies?
A Tidmarsh: Once the retention policy is articulated, a records management system can help by providing a visual way to define and apply those policies. For example, developers can choose from a drop-down list of options to incorporate policies into a system. After deployment, the system will automatically determine whether a certain document is a record and store it with the associated retention policy. Compliance with certain requirements such as the Department of Defense 5015.2 Certification can be built into a records management system.
A Joerling: Technology is an important enabler, but training is critical too. Employees need to know that they are an integral part of the process and that they are responsible for records management. They also need to be able to decide the right category for a particular document, so they need guidance.
Q Lamont: What should be done differently when an organization goes into e-discovery mode?
A Gonsowski: Once you are on notice that litigation is reasonably likely, even if the litigation has not been filed, you have a duty to start preserving information and shutting down any systems that are in place that would be preparing to delete information pursuant to the records schedule. You need to put a legal hold on all the categories of information that might be relevant to the potential litigation or investigation. The failure to do that can result in significant spoliation sanctions, all the way from fines to default judgments.
Q Lamont: How would this "hold" notice be conveyed?
A Gonsowski: The legal department would let the records management side of the house know that the usual policies should be suspended for documents related to a pending case. Historically, the legal and IT departments have not worked closely together in most organizations. Since IT is so closely involved with both managing records and with making changes to the systems for e-discovery, it’s important to overcome those barriers. IT may end up meeting with the opposing council or even testifying about the e-discovery process, so it’s critical for the legal and IT departments to coordinate closely. In any case, putting a legal hold on documents is a critical first step.
A Tidmarsh: This is another area where content management systems can be of great assistance. First, the rules can push information to those who need to see it. In addition, content management systems are able to implement "read and understood" tracking. This step documents that an individual has seen the communication relating to the legal hold, and provides an audit trail to show compliance.