eDiscovery for Small Business and Startups: Are You An Organized Data Saver?

eDiscovery for Small Business and Startups: Are You An Organized Data Saver?

Author: Eric Everson, MBA, MSIT-SE, JD Candidate*

Data touches every small business and startup alike.  While there may be a few outliers, generally every business today generates and collects data.  The founders of most startups and small businesses that I meet are primarily concerned with growing their businesses and generally do not have time to stop and concern themselves with the possibility of some future litigation.  As it turns out, preparing for the possibility of litigation can be as simple as establishing a value added electronic records management (ERM) solution for the business.

Let’s face it, as prices have come down, data storage hardware is cheap.  Today you can pick up a terabyte of external storage for under $100.  With all of this digital storage readily available, it is easy as a business manager to adopt a “save it all” mentality when it comes to data archives (email, documents, spreadsheets, reports, databases, etc).  This is where we begin our eDiscovery for startups and small businesses… become an organized data saver!

Perhaps you’ve never heard of eDiscovery or are new to the idea of data preservation in anticipation of litigation.  The truth is, many business owners learn about eDiscovery for the first time when it is raised by their attorney in response to a litigation hold notice.  As computers have streamlined business practices, an area of technology law called eDiscovery has blossomed.  In effect, eDiscovery rules subject business owners to very strict penalties for purposely deleting, damaging, or withholding data.  In eDiscovery, data is often referred to electronically stored information (ESI) and there is an abundance of legal procedure and case law that requires responsible preservation and production of this data.

One way a small business owner can protect themselves against eDiscovery penalties is to become an organized data saver.  What this requires is often simple, which is creating some organization and methodology to the data your business saves.  Some businesses are required by law to save certain kinds of data for many years and yet some data can be discarded routinely.  What you want from your ERM solution is organization that allows you to search effectively through the data that you archive and to establish a reasonable data retention policy that prevents you from creating a data landfill.  Do not simply dump your data into a hard drive and forget about it, keep it organized either by date, transaction, project, or some other criteria that fits your business.

When organizing your data retention policy consider things like whether the data is required to be stored by law for a statutory period (i.e. number of years for personnel files after termination), who created the data, how long are other companies keeping the same kind of data, what criteria is used to sort data, who is responsible for the data management and cleanup?  There are many similar questions to ask, but these few examples will get you started as you begin to become an organized data saver.

A quality ERM solution is not expensive to establish, but they do require active management which is an operational cost that every business manager should anticipate.  Not only will becoming an organized data saver help if you ever face a lawsuit, but it will also help you strategically streamline your data to grow your business today.

                                    ---------------------------------------------------------------------------------

*About the Author:  Eric Everson is a 3L law student at Florida A&M University – College of Law where he will graduate in May 2013.  Prior to law school he earned an MBA and Masters in Software Engineering while working within the U.S. telecommunications industry.  The views and opinions presented in this blog are his own and are not to be construed as legal advice.  Eric Everson currently serves on the Board of Governors for The Florida Bar Young Lawyers Division Law Student Division and is the President of the Electronic Discovery Law Student Association at Florida A&M University – College of Law.  Follow @iamtechlaw

Technology Law and Defensible Deletion: When Is It OK to Hit Delete?

Technology Law and Defensible Deletion: When Is It OK to Hit Delete?

Author: Eric Everson, MBA, MSIT-SE, JD Candidate May 2013

In today’s Big Data environment, most data center managers would tell you that you have to delete data in order to maintain scalability in volume management.  In contrast to this, eDiscovery advisors around the country are warning you about huge penalties that deleting data may subject you to.  So what’s the correct path? When is it okay to hit Delete?

From the onset, the truth is, there is no single answer here as every situation requires at minimum a Defensible Deletion Analysis (DDA).  A Defensible Deletion Analysis (a.k.a. DDA) is a comprehensive assessment of target data and associated metadata in comparison to the corresponding hold requirements and litigation risks.  A DDA will at minimum identify the spectrum of risk associated with deleting certain data.  When I perform a DDA, the first few questions I identify are:

·         What kind of data is it? (Personal info, financial, health-related, archived emails, essential/ non-essential)

·         What are the storage standards of this data type? (How long are you required to keep it and on what authority?)

·         What are the risks? (Identify the risks and degree to which each may exist)

·         What is the recommendation?  (Is this the type of data that can be defensibly deleted?)

Generally, what I am seeing is that businesses rarely have blanket deletion policies in place, but in so many instances there are certain data types that get deleted more regularly than others.  Archived email is a good example of data that often gets deleted, but as a result can carry profound legal consequences.  It is important to have a data preservation policy in place that not only identifies the data type, but also one that assigns a priority scheme to the data.  In such a scheme an email from a C-level employee would be assigned higher priority than perhaps an email from a non-customer facing subordinate employee.

The bottom line here is that it is okay to delete data, but at minimum conduct a DDA every time as part of your defensible deletion strategy.  In today’s preservation sensitive legal system, deleting data has become a very risky business, so be sure to take the appropriate steps before you delete anything.  As the case law demonstrates, this is just as important for start-up businesses as it is for well established industry titans.  We have but just entered the threshold of the Big Data environment and in this kingdom Delete is a 6-letter word with serious consequences.

#eDiscovery

Are you on Twitter?  Follow me @IntleDiscovery

---------------------------------------------------------------------------------

About the Author:  Eric Everson is a 3L law student at Florida A&M University – College of Law where he will graduate in May 2013.  Prior to law school he earned an MBA and Masters in Software Engineering while working within the U.S. telecommunications industry.  The views and opinions presented in this blog are his own and are not to be construed as legal advice.  Eric Everson currently serves on the Board of Governors for The Florida Bar Young Lawyers Division Law Student Division and is the President of the Electronic Discovery Law Student Association at Florida A&M University – College of Law.  Follow @IntleDiscovery        

Tags:  ESI, Defensible Deletion, eDiscovery, Delete, Preservation, Big Data, Data Risk, Data, Defensible Deletion Analysis, Archived email, data types, technology law, Preservation Policy, data center, data center management     

In-House eDiscovery and Data Preservation: Litigation Hold, Where is Your Data?

In-House eDiscovery and Data Preservation: Litigation Hold, Where is Your Data?

Author: Eric Everson, MBA, MSIT-SE, J.D. Candidate May 2013

Perhaps the most frightening phrase in-house counsel can hear today is “litigation hold.”  Where do you start? Who do you call? How do you preserve all of the data? How will this impact operations? … before you go into full blown meltdown, let’s start with the most important question first: Where is your data?

 

When approaching a litigation hold, understand that data management is a profession within its own right.  In an age where data fragmentation and cloud computing can quite literally have data scattered methodically all around the world, the first step in complying with a litigation hold is understanding where the data actually is.  This is likely to result in a different answer every time you encounter it, so take the time to understand your data and its location at the frontend of each litigation hold.  To best understand where your data is, you should start by seeking answers these core questions:    

Who manages the data?  This will be different for all organizations.  Some organizations may have a smaller IT team that handles all matters of data storage and archiving whereas, other Big Data companies may have entire business units or third-party service providers that help manage the data.  It is important to identify who “owns” or otherwise has the principle responsibility for the data that is the subject of your litigation hold.  Finding this person or team can be a process, but often nothing beats some old fashion telephone calls.  As a matter of developing credibility within your IT organization, I recommend contacting your local IT personnel first and working through contacts by way of internal referral.  This will get you more acclimated to the IT lingo and will help you the next time you have a litigation hold too… there will always be a next time. 

What data is to be included in the hold?  The biggest mistake in-house counsel can make is overreacting to a litigation hold.  Remember that the best defense A litigation hold does not validate you standing atop the desk declaring “Stop the Presses!”  Be cognizant that what you are seeking 99% of the time when processing a litigation hold is considered archive data (as compared with real time data).  This means that you never need to bring operations to a screeching halt, but rather must identify the data with a degree of particularity that is the actual subject of the litigation hold.  Know what you are seeking.  This means familiarizing yourself with more techie lingo like file types, indexing, and often understanding your Database Management System (DBMS).  This will all help you in exploring your preservation options and will help you hone in on where the data is actually located.      

Where is the data actually located?  Don’t get frustrated when personnel from IT makes a statement like, “The data is everywhere man.” or “Dude, it’s somewhere in the cloud.”  As frustrating as this may be as in-house counsel, this may be a very accurate statement depending on the physical structure you are facing in your company’s data management.  In fact, it may be a very telling observation for instance, if your company is using distributed data centers and applies a data fragmentation strategy to better protect the data.  What you need to ultimately get to, is where the data is physically located.  The data will be easy enough to identify by its IP address (which is essentially like saying its digital location) but it is best if you can drill deeper and identify down to the physical building, rack, and shelf that the physically stores the data.  Knowing where you data is will help you better manage its preservation.

Now that you have answered these core questions, you are on your way to better executing the litigation hold.  A litigation hold is not something to take lightly, but if systematically approached each time it can be a much less overwhelming process.  To improve this process looking forward, you may also seek to implement a data management policy that outlines defensible systematic data archiving and removal protocols.

 

 #eDiscovery

Are you on Twitter?  Follow me @IntleDiscovery

---------------------------------------------------------------------------------

About the Author:  Eric Everson is a 3L law student at Florida A&M University – College of Law where he will graduate in May 2013.  Prior to law school he earned an MBA and Masters in Software Engineering while working within the U.S. telecommunications industry.  The views and opinions presented in this blog are his own and are not to be construed as legal advice.  As a software engineer, turned law student, Eric Everson currently serves on the Board of Governors for The Florida Bar Young Lawyers Division Law Student Division and is the President of the Electronic Discovery Law Student Association at Florida A&M University – College of Law.  Follow @IntleDiscovery        

Tags:  Preservation, Litigation Hold, Data, Data Center, DBMS, eDiscovery, Data Storage, Big Data, eDisclosure, in-house counsel, data fragmentation, Archive, File type, technology law, Eric Everson