SEARCH & FIND
761 items found for ""
- Legal Hold & Defensible Disposition
By Rian Kennedy. If you haven’t been living under a rock for the last few years, you’ve noticed that how companies store and dispose of their data has come under increased scrutiny by regulators and opposing counsel. Further complicating the requirements are data sovereignty laws, privacy acts, and legal hold compliance. These elements combine to demonstrate the need for programs in place to defensibly dispose of data to avoid fines and sanctions. In the legal world, when there’s pending litigation or expectation of litigation, the duty to preserve related data becomes necessary regardless of a company’s normal retention schedule. There are two parts to compliance: 1) notification to custodians; and 2) preservation of relevant data until the matter is resolved. If not met, risk of spoliation and sanctions from courts loom large. Often corporations do not have a formal or automated process to link both legal hold and regulatory retention, resulting in monetary and legal sanctions. Legal Hold Compliance Technology is finally here to help inter-departmental communication and collaboration by centralizing controls. Legal departments can now take advantage of legal hold platforms, like Hold360, to automate and centralize legal hold compliance: from sending preservation letters to preserving potentially responsive Electronically Stored Information (ESI). API integrations between your legal hold platform and source data repositories like Google Workspace, Office365, Slack, and more, enable corporate legal departments to automate preservation of data related to active custodians. Another area of note is the ability to create workflows for holds on employee assets (company-issued laptops, phones, etc.) for current as well as terminated employees who may still be subject to a legal hold. Technology is now available to solve for this problem as well by having Human Resource Information Systems (HRIS – like Workday or SAP SuccessFactors) communicate with the legal hold platform to inform IT of active legal holds for exiting employees in order to mitigate the risk of spoliation. Data Classification - Retention & Disposition By integrating your legal hold platform with your company’s data classification platform, once custodians are released from a legal hold their data can automatically rejoin the general population of data subject to your company’s retention schedule. Given the scale of enterprise data volumes, more and more companies utilize data classification tools (like Classify360), document management systems (DMS) and other data governance tools to help manage retention and defensible disposition in a programmatic and auditable manner. It is vital that both legal hold software and data classification software communicate. The old strategies of “keep everything just in case” and “just make a copy of it” are becoming increasingly unsustainable given the costs to procure and maintain hardware and software to store data. Data volumes necessarily trigger significant costs as it relates to litigation and eDiscovery (including collection, review and export), and risk profiles increase as data footprints expand in light of evolving privacy and data sovereignty regulations. Where possible, managing data in place is a much more viable option. Many matters do not move forward to discovery and never have a need to collect and review all the data identified within a legal hold. To be able to identify data as “On Hold” in your source data and/or DMS ensures compliance while limiting spend and risk. Inter-departmental Coordination The most well-crafted retention policies may sometimes overlook inter-departmental alignment with stakeholders across the enterprise, which can compromise the enforcement of preservation compliance and defensible disposition. Available technology can enable greater alignment and coordination between departments. Centralizing and coordinating how data decisions are made in a single platform can be a reality for companies. Coordination is a key issue and is often difficult as each department is focused on their own goals, many of which do not necessarily overlap or may even be at odds with the goals of other departments: Information Technology is interested in ensuring that their systems run well and that they regulate proper access and maintain the integrity of data, but not necessarily make decisions on the value of the content of data. If an exited employee’s laptop is made available, they want to wipe it and reassign it to a new employee. Unfortunately, IT may not always be aware that data on the laptop is on legal hold—risking spoliation of that data. From IT’s perspective, it is merely an efficient, cost-effective use of assets. Information Security is interested in identifying sensitive or risk content (PII, PCI, PHI, etc.) and ensuring it is properly secured or deleted. They, again, may not realize regulatory retention requirements or legal hold compliance constraints resulting in mishandling of data and potential sanctions without a coordinated effort with other departments. Legal departments are aware of legal requirements and want to mitigate risk. They don’t necessarily hold the keys for the systems of where potential evidence resides. Without a legal hold platform that performs in-place preservation, like Hold360 and others, they may not be able to control the deletion of relevant data. Unless Legal is at the table for data classification, they may not realize policies are in play that undermine regulatory and legal retention. Information Governance Automation There is an absolute necessity to have legal counsel and consultants assist with retention