A comprehensive data inventory and better collaboration are keys to minimizing discovery and litigation risks.
Fortigent, a Rockville, Md., provider of wealth-management services to banks, investment advisors and other financial intermediaries, does more than most companies to manage its data. The subsidiary of Lydian Trust Co., with more than $10 billion in assets under advisement, captures all client-related e-mail, indexes it and transmits it to an off-site third party for archiving, according to Chief Technology Officer Jamie McIntyre. All other client informationsuch as investment proposals and performance reports, along with the production data on investment accounts managed for its clientsis stored in perpetuity on the company's servers, which are also backed up off-site. Yet the firm has no formal policy for purging data that may be outdated or unnecessary.
"Data storage has been relatively cheap compared to the amount of information that we have, so it hasn't been worthwhile to set up anything like that," McIntyre says. He notes, however, that a large portion of Fortigent's client base are banks that are subject to Sarbanes-Oxley and other regulations, forcing it to look at its records-retention policy.
Fortigent is among countless companies that invested heavily in recent years in storage systems to keep more and more data rapidly accessibleparticularly in response to Sarbanes-Oxley, HIPAA and other regulations mandating the storage and safekeeping of financial data and medical records. Yet the new e-discovery rules have created a diametrical force that is now pulling corporations toward pruning data stores that have mushroomed in recent years. "We're talking about corporations that have petabytes of information," cautions Nicholas Croce, president of Lynbrook, N.Y.-based DOAR Litigation Consulting, "and the new rules will require you to deal with [the data store] no matter how large it is."
But while most large companies have tiered storage and systems for managing the expansion of their data repositories, surprisingly few have comprehensive retention plans that limit their growth. Such plans are critical for effective ILM, experts say. And like Fortigent, many corporations fail to purge data stores of "non-records" or information of fleeting business value, notes Julie Gable, a records-management consultant based in Wyndmoor, Pa. Eliminating extraneous data that must be sifted for relevant information in discovery can help keep costs down.
"I'm not saying you should hide anything from discovery, or do anything unethical. And if litigation is pending or imminent, you can't destroy data," adds Gable. "But it works in everyone's best interestsfrom a storage standpoint, from a records standpoint, and from a litigation standpointto be able to identify those things that are lasting records and protect them, and identify those things that are fleeting and make them go away."
Automated systems for moving data among multiple tiers of storagefrom production systems to disk-based backups, then to tape archives, for examplebased on the data's age and frequency of access aren't sufficient, records management and legal experts say. Though they are often billed as ILM "solutions," they fall short of matching the business value of specific pieces of data to the retention policy and storage systems, which requires more procedure than product. Records-management and legal experts agree that companies need to gather high-ranking representatives from IT, legal, compliance and human resources (since employee training is also critical), to hammer out records-management and retention policies that wed business need for access to information with legal and regulatory obligations, while keeping the volume of data in check.
"Most companies already own the technology that will solve their problems," asserts Wolf, who recently launched Lexakos LLC, a consultancy specializing in compliance, records management and e-discovery controls, after leading the development of a records-management system at Cendant. "What they don't have is a handle on their business processes and behavior. The solution is often much simpler than throwing technology at the problem," he says.
One way to address the mushrooming volume of e-mail, instant messages and other unstructured data is for companies to wean themselves off their over-reliance on those tools, Wolf argues. Even simple collaboration tools, such as Microsoft Corp.'s Sharepoint, Novell Inc.'s GroupWise, or IBM Corp.'s Lotus Notes, already used in most large companies, can be used for document management and retention, cutting down on the volume of e-mail generated, for example, when documents need to be circulated for review.
"What companies tend to do, in my experience, is to take new technology and configure it to old processes," Wolf contends. "And that makes it far more expensive and oftentimes unsatisfactory, because people never re-evaluate the way that they communicate."
Are we making maximum use of collaboration tools and document-management systems to limit the overuse of e-mail and IM?
Have employees been adequately trained on document and records-retention policies, and on how to use the tools needed to implement them?