Archiving offers a range of benefits

e-discovery

One of the latest new responsibilities that organisations need to be aware of is the Federal Court of Australia’s new rule on the discovery of electronic documents, which is expected to apply to all proceedings commenced after 1 July, 2008.

The overriding requirement of the new Practice Note is to preserve relevant electronically stored information and be able to produce material, including emails and Instant Messages, in a timely fashion.

Most businesses in Australia would find it extremely difficult and costly to comply with these new e-discovery requirements in the event of any litigation.

Usually, once a request for electronic documents has been made, organisations have to produce them within a very limited period. Relying on back-up tapes for retrieval is not really a viable option in these instances.

With emails accounting for approximately 90 percent of business communication today, it is necessary to be prepared for any potential litigation involving these unstructured documents, which should be archived and managed in accordance with corporate policy like any paper-based business records.

Organisations need to ensure that records pertaining to a specific case or cases are preserved and managed in line with litigation hold orders and that an auditable chain of custody supports testimony requirements.

How these electronic records are retained has the potential to save a business an enormous amount of discovery and production time and possibly hundreds of thousands of dollars (or more).

Relying on backup tapes, which most organisations in Australia still do, creates all kinds of problems including:

• Documents and emails that are saved in this way can be deleted or altered – either inadvertently or deliberately; and

• Finding specific documents in the event of litigation is sometimes impossible or takes so long that recovery costs can be more than a legal settlement fee

• If organisations are unsure if they can find relevant records, how long the search would take and how much it would cost to retrieve them, an out-of-court settlement is often taken.

As we have seen from many high-profile cases, particularly in the financial services industry in the U.S, the reality of relying on backup tapes has been a very rude awakening. Morgan Stanley was one such case where the court took a dim view of the company not knowing where its records were and it cost them billions of dollars; and that’s from a firm recognised as having a sophisticated IT setup. It paints a vivid picture of how so many companies are running their business.

The White House issue

The current White House administration is another culprit caught up in email mismanagement. Emails sent in 2003 – around the opening days of the Iraq War – now appear to be missing. Critics blame the White House’s manual email archiving system.

It apparently dates back to when the White House decided to migrate its email system from Lotus Notes to Microsoft Exchange, a transition completed in 2004. The White House’s CIO claims that when the migration occurred, it did not use the Automatic Records Management System but chose a process called “journaling”, which involved manually copying files from one email folder, renaming them and saving them as a .PST file on a number of servers. Note that this journaling is different to the Journaling feature in Microsoft Exchange.

The risks to this method include: a high probability of lost emails, a perception of file mismanagement, virtually no user accountability and no guarantee of file integrity. However, many businesses have adopted a similar “archiving” method for years, resulting in the same devastating results.

The problem of lost or otherwise irretrievable electronic records remains a persistent headache throughout the corporate world, even among highly respected multinationals with state-of-the-art technology infrastructures. Ironically, just as with the White House, the need is greater than ever for every business, big or small, to be able to quickly and accurately find and preserve its electronically stored information.

Three key pieces of advice I suggest you offer to your customers are:

1. Email is your biggest risk, so fix it. Email should be the first candidate when it comes to managing information risk. Ensure the IT and legal departments (at a minimum) work together to establish records retention policies that reflect your regulatory obligations, business continuity needs and litigation risks. Make that your policy and stick to it. A retention policy is pointless unless it’s uniformly enforced. And note that backup tapes are no substitute for policy-based records retention and archiving.

2. Email is the tip of the iceberg. People don’t just communicate through email anymore. We’re using IM, texting, blogs, wikkis, etc. Ensure retention policies apply uniformly to all forms of electronic records, not just email.

3. Act now. Start to take preventative measures now so that, if faced with an investigation or litigation, you’re acting from a position of strength (versus scrambling to try and find an email). Remember, if you and your team are asked to produce records and you can’t, you either look incompetent or fraudulent.

Industry-best practices

Best practices have to be a combination of policy, technology and execution.

1. An organisation must establish policies (preferably enforced by senior management and/or the board and developed with the co-operation of IT, legal and business units) that define what is a corporate record and for how long those records must be retained.

2. Given the volume of records that organisations are dealing with as well as the complexities of mounting regulation and legislation, organisations should implement appropriate technology to electronically enforce those policies. The technology should be capable of managing and enforcing legal holds as well as support the orderly destruction of records.

3. Organisations should regularly review and test:

• Their ability to access, search and retrieve electronic records in the event of litigation. Special consideration should be given to the speed, accuracy and completeness of searches.

• Written policies and procedures for handling electronic records, and ensure that implemented technology can prove they consistently enforce them.