Robert Cruz, Senior Director, Information Governance, Actiance in a conversation with Techseen discusses how Electronically Stored Information (ESI) is being managed by eDiscovery, the challenges that enterprises are facing with compliance, how enterprises need to be more proactive by working with the IT teams and business users to understand what communication channels need to be used and how soon the enterprise tech sector might see change in privacy and privacy laws.
Techseen: What is eDiscovery? Why is managing eDiscovery one of the most sought after topics in the current enterprise world?
Cruz: eDiscovery or electronic discovery refers to any process in which electronic data is sought, located, secured, and searched for production in a lawsuit or investigation. Electronically stored information (ESI) includes, emails, documents, presentations, databases, audio and video files, social media, and web sites.
Managing eDiscovery today is full of challenges. To makes matter worse, firms continue to follow a reactive approach, and treat each litigation case as a separate event that requires the identification, collection, and filtering of information every time an event occurs. This approach leads to skyrocketing costs, increased disruption to IT resources, and more potential for error. Given the volume and variety of electronically stored information (ESI) that firms have to deal with, it is imperative that firms look for ways to be proactive in bringing information under control.
Techseen: Is it true that eDiscovery is only required when ESI is needed in anticipation of civil litigation. Are there any other use cases when eDiscovery is necessary?
Cruz: In the US, the eDiscovery workflow that firms follow comes the Federal Rules of Civil Procedure (FRCP). A common way to think about this process is described in the eDiscovery Reference Model (EDRM), which discusses the tasks that are accomplished across the lifecycle of litigation. However, having a proactive approach to eDiscovery delivers value to processes beyond litigation. In fact, any time a firm must collect information from multiple individuals for on-demand exercises such as internal investigations or to answer regulatory inquiries would benefit from a proactive information management approach. The underlying benefit of being proactive is that information is under control, which provides a heightened state of readiness and faster response to whatever time sensitive, on-demand information request that arrives.
Techseen: Actiance claims that it helps in responding to eDiscovery faster. How?
Cruz: eDiscovery teams spend significant time tracking down potentially related content in response to eDiscovery requests. Today, that responsive content can be found in email, instant messaging, chat, or unified communications channels. Each of these channels present their own unique challenges in:
- Gaining access to the ‘native’ content
- Proving that the content actually belongs to a specific custodian
- Collecting that information in a fashion that is complete and inclusive of all changes or deletions that may have taken place.
Once collected, a new challenge is created in that most archiving and review tools require that content be converted into an email format – thus removing much of the conversational context. If legal teams having to piece together conversations from these sources, it can dramatically slow down response time and raise eDiscovery cost. What’s worse is if an important part of that conversation was not preserved or produced, it can lead directly to court sanctions due to incomplete or late discovery response.
Actiance helps companies reduce eDiscovery risk and cost by proactively capturing, archiving and managing all social communications, in context, for effective collection, culling and first pass review. In does so while also ensuring that each of these communications ‘snapshots’ are complete, and that communications participants can be easily mapped to individual custodians that are of interest in a specific legal matter.
Techseen: What else can enterprises do to reduce eDiscovery costs?
Cruz: First off, it is important to have a plan in place to stay ahead of the shifting patterns of communication. Organizations can start being proactive by working closely with IT teams and business users to understand what communications channels your customers are asking about, and which ones your firm are currently evaluating. Legal teams should be actively involved in providing due diligence of new communications tools to ensure that they can be collected, preserved, and reviewed in ways that do not introduce new legal risks. Firms that are being proactive in bringing information under control cut costs and time in the long run. In addition, those that do not adapt their strategies to prepare for future changes will incur high costs during eDiscovery processes, risk future sanctions, and lose customer trust, a recipe for disaster in today’s customer-obsessed business world.
Techseen: When it comes to adhering multi-national rules of litigation, how can enterprises stay ahead of international requirements for data privacy, data locality, and cross-border eDiscovery requests?
Cruz: Clearly, multi-national rules are changing rapidly, which we can expect to continue to be dynamic. In order to simultaneously fulfill privacy demands and compliance ordinances, organizations must implement technologies that support flexible information governance strategies. This specifically means exploring technologies that will allow you to design and enforce policies at a granular level, and it also means ensuring that you are working with providers who can maintain data in countries with strict data privacy and locality requirements. Efficient data governance strategies will enable organizations to maintain privacy compliance even as the patchwork of global legislation changes.
Techseen: The use of social media is encouraged in many organizations, but when it comes to content compliance how can an employee differentiate between personal and professional space on social media?
Cruz: The best way for firms to avoid gray areas is to have a clear policy around personal and company social media use. Companies need to develop and implement a fully baked plan that outlines goals, strategies and tactics before for public social media usage. Having a firm strategy in place will help mitigate errors and make it as hard as possible for team members to make mistakes.
Additionally, as a service to their employees some firms provide guidance on the personal versus professional use of social media. Communication records on social media have been used as by litigators as evidence in criminal and civil trials, by insurance companies to conduct fraud investigations and by human resource departments to conduct background checks of prospective employees. Some firms also remind their users of the importance of privacy settings and to be careful about revealing their own personally identifiable information (PII).
Techseen: National and multi-national technology enterprises do consider compliance to be a challenging issue. What about enterprise technology startups? How important should compliance be for them?
Cruz: Compliance affects all organizations, regardless of size. All firms are subject to employment laws that impact how information is managed. Plus, with new communications channels popping up in the enterprise daily, sensitive information can easily leak – whether you are regulated or not. Firms should take a posture of ensuring that sensitive or high-value content is protected and properly managed as a business record. Above all, proper information governance practices benefit all organizations and ensures they are properly controlling one of the most important assets: your information.
Techseen: With technology evolving at a rapid rate, do you feel it is hard for enterprises to keep up with their compliance requirements? Do you think the governing bodies should be more involved?
Cruz: Organizations must institute a culture of compliance, but doing so can be a challenge. This means that they can no longer delegate information governance to IT teams. The entire organization must understand what correct compliance protocol looks like – this involves adjustment of policies, proper training and ongoing evaluations of employee knowledge about regulations. A culture of compliance requires that individuals understand acceptable and prohibited uses of all communications and collaborative tools that they are sanctioned to use as part of their jobs – as well as the implications of policy infractions. To keep up organizations must implement intelligent tools to help employees maintain compliant practices and automatically spot potential policy violations that require further inspection. Additionally, the right stakeholders, such as legal teams or compliance officers, must be given the tools to quickly respond when a litigation or regulatory event occurs.
Techseen: How has the enterprise content compliance space evolved in the last 5 years? What do you think is the way forward and what, if any, are the major changes you foresee?
Cruz: Important data no longer lives exclusively in managed repositories as was the promise of enterprise content management (ECM) systems a decade ago. Compliant use of new communications channels must continue to track the evolution of new tools with broader, more powerful features. Privacy continues to be a prominent news topic and we will undoubtedly see changes to existing privacy laws or additional laws. Privacy law exists as a patchwork. From healthcare regulations to eDiscovery practices, existing compliance standards are changing and new standards are cropping up to govern new types of information and information usage. With the emergence of new types of corporate communication channels, compliance strategies cannot be rigid. They must be built to adapt to a constantly changing environment.