Do you know how much info you must manage?
Content proliferation creates e-discovery headaches
The amount of time it takes for people to write something directly correlates with the responsibility and care they take with the content, or so says Mark Diamond, president and CEO of Contoural Inc., a records management and litigation readiness services provider.
“When we used to go out and write stuff on paper, we tended to take care of what we wrote. Now, people are firing off tweets and Facebook statuses without thinking at all,” Diamond said.
That also is true for content written under the auspices of other collaboration tools and technologies, such as text messaging, e-mail messages, wikis and internal message boards, he said. When you couple the user’s lack of care with the IT department’s equally as disturbing lack of litigation readiness, it becomes fairly clear why some government entities are spending millions on e-discovery costs.
“Government entities need to be very concerned about e-discovery, or what we call litigation readiness,” Diamond said. “You need to know what you have and where it is if you’re going to be successful with litigation. A lot of people in government feel like it doesn’t apply to them because they don’t have to follow [the] Sarbanes-Oxley [law] or that litigation doesn’t happen in the public sector, but it absolutely does.”
Indeed, it’s become fairly clear that anything an employee posts in a collaborative forum, including Facebook or Twitter, might be subject to e-discovery or the Freedom of Information Act, said B.A. Boit, principal at professional audit, tax and advisory services provider KPMG’s forensic practice. “The way things are moving, SharePoint wikis and blogs are company records, and [the IT department] has to understand that they will lead to legal exposure if they are not managed correctly.”
There are several problems with the content. The first is that most IT organizations don’t know where these electronic documents reside, so they don’t have an efficient way of creating a legal hold or freezing everything in time and space so it can be produced in court.
Another problem is ownership. People don’t realize that anything they write that’s work-related can be subpoenaed. “Employees and some employers think something like a Facebook status is private, but the courts are saying that it’s not,” Diamond said. Finally, as the amount of data that’s being stored and archived explodes, there’s a problem with IT aggressively deleting texts, e-mail messages or other documents to make more space available. In some cases, it will shut down internal access to instant messaging. “But that will only drive the use off to the employee’s cell phone or private laptop,” Diamond said. “Instead of doing that, it’s much smarter to think about how to control it.”
Reining it in
Risks can be mitigated by putting careful governance policies and procedures in place, starting with assessing the appropriate level of risk that an organization can manage, Boit said. How likely is it that something an employee or contractor says could be exposed to the world, and what effect could it have from a legal standpoint? Once you know your risk, it’s time to invest in controls.
There are products and tools that lend themselves to properly archiving, logging and retaining wikis, text messages, e-mail messages and social media postings that include what’s placed on a Facebook or Twitter page. All sensitive data should be archived and maintained in a way so it can be searched and delivered if needed. If there’s any confusion, agencies should go to their vendors for help with controlling the different types of media that include archiving, surveillance and monitoring.
The next and often more difficult step will be implementing softer controls, such as employee training and consent agreements. “Employees must be put on notice that when they access wikis and collaboration tools not only can their work computer be reviewed but also the fact that their personal devices can be subpoenaed,” Boit said. “The same thing goes for instant messages and text chats, which can be logged and stored.”
And all these controls must be done in conjunction with the oversight of an in-house counsel, Boit said. “WikiLeaks opened everyone’s eyes in a big way,” he said. “With people posting confidential material on open data sources, this is not a trend that’s going to go away.”