Security Manager's Journal: E-discovery Prompts a Second Look at Data Retention

How much data is too much? New e-discovery rules burden IT with searching archived information.

By Mathias Thurman

November 26, 2007 12:00 PM ET

. What's this?

Computerworld - Trouble Ticket

Issue: New e-discovery rules have implications for data retention.

Action plan: Consider doing a lot less, or come up with a plan for searching through it all.

I was called to our general counsels office to discuss electronic-discovery laws that went into effect last year. I was glad, since addressing this topic is long overdue for us.

Top executives often come to recognize important issues in ways that are less than ideal. In this case, our attorney had attended a dinner conference sponsored by a vendor that suggested to its guests that its product was the answer to their e-discovery worries. The attorney described it as an elegant dinner you would expect fine wine, but he apparently had drunk the Kool-Aid.

We are not required by any current industry certification, attestation or regulation to retain data, other than our financials, which is a Sarbanes-Oxley Act and IRS requirement. But we nonetheless retain a lot of data, and e-discovery regulations are a good reason to re-evaluate our retention policies.

Im not a lawyer, but heres what I understand about the e-discovery amendment to the Federal Rules of Civil Procedure. Say, for example, that an employee accuses a supervisor of harassment. The human resources and legal departments could then anticipate that there might be some sort of legal action. Under the new rules, the IT department would have to begin collecting all digital communications that the parties involved had sent or received. We would take similar action if the company was subpoenaed and ordered to collect relevant communications.

There are many more instances that could trigger the e-discovery provisions, but the key thing is that retention is not required before some triggering event occurs. But if you have retained data, that is also subject to e-discovery.

So, if we didnt have a retention policy, we wouldnt have any archived data to search and provide to the authorities. We wouldnt have to expend resources to search through archived data. And were talking about a lot of resources, both in time and money, with the money going to pay for a product like the one our general counsel had heard about at the dinner. Thats why we need to decide whether to adjust our data retention policy.

Retention Issues

As I said, we retain a lot without being required to do so. And our company is hardly unique. We back up certain data repositories source code, design documents, service manuals and device configurations to handle various disaster recovery and business continuity issues.

Comments ()

What is Tech Briefcase?

TechBriefcase is a new, free service where IT Professionals can Search, Store and Share IT white papers and content like this. Learn more

Bookmark content

Speed up your research efforts with content across the web.

Search and Store

Find the white papers you need. Create folders for any topic.

View Anywhere

Open your briefcase on your iPhone, tablet or desktop. Share with colleagues.

Don't have an account yet?

Additional Resources

WHITE PAPER

Enter the Security KnowledgeVault

Security is not an option. This KnowledgeVault Series offers professional advice how to be proactive in the fight against cybercrimes and multi-layered security threats; how to adopt a holistic approach to protecting and managing data; and how to hire a qualified security assessor. Make security your Number 1 priority.

Read now.

WHITE PAPER

Cut Communications Costs Once and for All

New IP-based communications systems are being deployed by small and midsized businesses at a rapid rate. Learn how these organizations are enabling faster responsiveness, creating better customer experiences, speeding office or mobile interactions, and dramatically reducing existing communications costs.

Read now.

Top Stories

Free Insider Guide

Excel 2010 Cheat Sheet: Register for this Computerworld Insider Cheat Sheet and gain access to hundreds of premium content articles, guides, product reviews and more.

Security White Papers

Driving Secure Enterprise File Sharing and Syncing in the Enterprise: GroupLogic's new activEcho is the industry's only secure Enterprise File Sharing and Synching solution that balances the need for simplicity for the end...
The Enterprise File Sharing Option: Enterprises and IT departments need to address several critical security issues when considering file sharing and syncing products. Many of today's solutions do...
Security Strategies to Virtualizing Internet-Facing Applications: The IT organization at Intel has set a goal to transition their enterprise to a private cloud for their Office and Enterprise applications....
Cloud Security Planning Guide: Cloud security considerations span protecting hardware and platform technologies in the data center to enabling regulatory compliance and defending cloud access through different...
Cloud Security Vendor Round Table: This vendor round table guide will help you to evaluate different cloud technology vendors and service providers based on a series of questions...

Security Webcasts

Live Webcast Data Privacy and Protection in Production Environments: New Research from Ponemon Institute: Date: Wednesday, June 13, 2012, 1:00 PM EDT / 10:00 AM PDT

In a recent study conducted by Ponemon Institute, fifty-five percent of respondents...
Data Privacy and Protection in Production Environments: New Research from Ponemon Institute: Date: Wednesday, June 13, 2012, 1:00 PM EDT / 10:00 AM PDT

In a recent study conducted by Ponemon Institute, fifty-five percent of respondents...
Security Certifications 101 - BlackBerry and all those acronyms what do they mean and why they matter?: FIPS, Common Criteria, CAPS, AISEP, NFC, NIST, Fraunhofer SIT, CESG, DSD - these are just some of the government and industry certifications which...
BlackBerry PlayBook OS 2.0 Security Overview: The presentation provides an overview of BlackBerry PlayBook OS 2.0 security capabilities and features, including: BlackBerry® Balance™ technology, BlackBerry® Bridge, data-at-rest protection, and...
BlackBerry NFC Security Overview: The presentation on NFC security will provide an overview of the security protections built into the BlackBerry platform to protect users, application developers...
Playing Defense: Staying on Top of Your Disaster Recovery Game: When it comes to disaster recovery, rapidly growing data volumes, distributed computing models, and new technologies all combine to present an ever-changing playing...