eDiscovery and Records Management, a Perfect Storm?

Mark Mandel

Community Topic(s):

Keywords: federal rules of civil procedure, records management, ediscovery, lifecycle, litigation, ESI

By Mark Mandel, RM Practice Manager at Open Text Corporation

September 02, 2011 - 12:09 PM

Current Rating:
(0 ratings)

I have internalized a concept about Records Management and eDiscovery for several years, but it has been made evident to me from working on recent projects that this view of the world of RM is not universally shared.

Because of the changes to the Federal Rules of Civil Procedure some years back, Electronically Stored Information (ESI) is now discoverable in court cases, regardless of whether it is being treated as an official business record of the organization.  So, rather than having RM become an afterthought it needs to effectively deal with as much of the ESI landscape as possible. 

The ultimate objective is to accomplish these critical functions:

  1. Effectively classify and categorize ESI so that eDiscovery is less costly, less resource intensive, and more complete.
  2. Provide mechanisms to search for relevant ESI and place it on litigation hold, culling it to package all that is required for court cases.
  3. Provide mechanisms to destroy ESI according to published retention policy, in a manner that will stand up in court.
  4. Accomplish all of this in the most effective and efficient manner, with the least impact on end users.
  5. Do this while at the same time addressing IT needs to ensure optimum performance of production systems such as Email, document management and tracking systems, and reducing the storage footprint for electronic and physical records.

This means that RM records schedules should expand to encompass all electronic records throughout their lifecycle. In practical terms, this means adding one or more “Transitory” records series to your records schedule, and capturing record metadata as soon as ESI is created or ingested by having a seamless, integrated document management and records management system, deployed at an enterprise level.

All too often I see RM treated as a kind of stand-alone repository, where documents are “declared” as records to be managed only through their final disposition periods.  In this paradigm, which includes electronic documents, email, and many other types of electronic content, only a small percentage of the overall ESI in an organization is addressed.  So when it comes time to perform discovery for a litigation, users must search many different repositories outside the RM infrastructure, making discovery very costly and inefficient.  And there is no mechanism to purge the transitory information in a defensible manner since it is not governed by the RM system that contains those mechanisms.

The ideal solution is one where you have an enterprise library that stores all content throughout its lifecycle, managing capture, storage, use through multiple versions, final publication, and event, calendar, or role-based disposition and archiving.  This includes drafts, non-business content, email, instant messages, and so on.  Those items that are considered transitory or non-business are classified as such and are purged according to the retention rules.  All policies are governed by a single records management ruleset. 

This is the approach I have been working towards for several years.  Getting to this ideal is not easy, given the IT landscape and legacy at every organization, including rampant use of file shares, PST files, flash drives, laptops, multiple ECM repositories, multiple email systems and archiving solutions, various eDiscovery tools, and so on.  Therefore in a pragmatic sense you must make compromises in the short term while moving towards a long term strategy that meets organizational objectives.  However, you should recognize where you are making compromises and where your short term gotchas are.

I am interested in your feedback about this approach and whether you agree that it is the right one, and any assessment you might have about whether current ECM and eDiscovery products are positioned to meet this goal.

Report

Rate Post

You need to log in to rate blog posts. Click here to login.

Add a Comment

You need to log in to post messages. Click here to login.

Comments

Todd Partridge

Nice piece

Submitted by Todd Partridge September 02, 2011 - 9:51 PM

I've always believed that there is, and has been for a long time, lots and lots of technology to implement what you describe. I think your position is spot on and organizations should absolutely look to classify everything, including the transitory, and instill the processes necessary to cull and/or dispose content objects at a later date documented in their formal ESI/records strategy...that's what a court will be looking for first. And, it can be done without serious impediment to end user experience.

Unfortunately, it too often takes an extremely expensive litigation for companies to realize that having such a strategy in place ahead of time is far less costly than a summary judgement not in you favor.
Report
Was this helpful? Yes No
Reply

Bob Zagami

If only . . . . .

Submitted by Bob Zagami September 03, 2011 - 11:11 AM

Mark,

This is a great discussion for cocktail parties but a difficult one in corporations and organizations today. You are correct in your thought process, but we just don't find many companies capable of having this utopia with today's challenging economy. We have too few people trying to do too many things, and that is not going to change for quite some time. However, that does not mean that we should not start the discussion, develop the plan, and take small steps each year so that an end point is obtainable to get to where you would like to see RM in every company and organization.
Report
Was this helpful? Yes No
Reply
Mark Mandel

If only . . . . .

Submitted by Mark Mandel September 06, 2011 - 3:13 PM

In DC there is marketing group Digital Government Institute (DGI) who hosts a series of seminars for the federal community called eDiscovery and Records Management, here is a link: http://www.digitalgovernment.com/Knowledge-Centers/E-Discovery-Records--Information-Management.shtml

Last year the ARMA Northern VA chapter co-sponsored the seminar, which drew 330 attendees. Our chapter helped with the seminar agenda and I was fortunate to speak. The speakers included Jason Baron, NARA Dir of Litigation and US Magistrate Judge John M. Facciola as keynote. In the federal space this issue is in the forefront and many agencies are moving to this model. So it is very real in that space. Many agencies have adopted a "big bucket" retention schedule and some have eliminated PST files, file shares, and implemented email management.

At the conference, which occurs once or twice each year, the attendees listen to the latest case law and horror stories, and the convergence of eDiscovery and RM is a continuing theme.

Outside the government space it is a lot less consistent, however those industries that are highly subject to lawsuits are more likely to be advanced in this area.
Report
Was this helpful? Yes No
Reply
Mark Mandel

DGI Conference

Submitted by Mark Mandel September 06, 2011 - 3:47 PM

Forgot to mention that John Mancini was the opening speaker for the conference last year...
Report
Was this helpful? Yes No
Reply

Mike Alsup

Ideal Solution

Submitted by Mike Alsup September 04, 2011 - 3:10 PM

You said that the "ideal solution is one where you have an enterprise library that stores all content throughout its lifecycle, managing capture, storage, use through multiple versions, final publication, and event, calendar, or role-based disposition and archiving. This includes drafts, non-business content, email, instant messages, and so on. Those items that are considered transitory or non-business are classified as such and are purged according to the retention rules. All policies are governed by a single records management ruleset."

We are knee deep in building solutions such as this. What we have found is that the ideal solution is one where you have an enterprise information lifecycle that includes the records management rules and you map this lifecycle and its’ rules to the multiple repositories involved. These might include SharePoint, Exchange, Share Drives, Open Text, Documentum, paper and others. The concept that large organizations are going to consolidate and collapse their repositories into an enterprise library has largely gone away. Some organizations have tried to virtualize or federate their libraries to present content from multiple repositories in response to a single query.

I have seen more progress in this area in the last year than I have in recent years.
Report
Was this helpful? Yes No
Reply

Jeff Hoffman

Great idea . . . now if only we could get management to pay attention

Submitted by Jeff Hoffman September 05, 2011 - 3:27 PM

All too often management chooses to ignore the handwriting on the wall regarding to potential vulnerability their organizations face by doing nothing. For far too many organizations data management consists of paying lip service to it and then buying a few more servers to hold all of the data they just keep throwing on the heap called "shared storage". Sad to say, what we really need is a couple of real horror stories to catch their attention.
Report
Was this helpful? Yes No
Reply
Mark Mandel

Great idea . . . now if only we could get management to pay attention

Submitted by Mark Mandel September 06, 2011 - 2:57 PM

Jeff - yes, true - but as Records Management professionals we should hopefully unite on the scope of RM and preach the same message. That's what is so disconcerting to me, that many RM professionals still have the old paradigm ingrained and have not embraced the "new normal."
Report
Was this helpful? Yes No
Reply

Silke Dannemann, ECMm BPMp

Look to the future

Submitted by Silke Dannemann, ECMm BPMp September 13, 2011 - 2:06 PM

An approach would most likely begin by applying RM to select content such as email or select repositories first. To bring about an ideal solution, I believe the focus should be on federation, interoperability and/or portability.
Report
Was this helpful? Yes No
Reply

Marcus Ledergerber

Big Data. Big Picture.

Submitted by Marcus Ledergerber September 15, 2011 - 8:03 AM

This aspirational goal is achievable. An approach involving a unified records management system will move organizations forward in the right direction.

To enable visualization of this big idea, the Information Governance Reference Model (IGRM) provides a common, practical, flexible framework (big picture) to help develop and implement effective and actionable information management programs.

As a communications tool the IGRM is a roadmap that helps to foster collaboration between IT, Legal, Compliance, RM, and other stakeholder groups within organizations. The IGRM provides a "big picture" reference that promotes cross-functional dialogue about how to achieve optimal ECM effectiveness, meet eDiscovery and compliance-related obligations.

Here is a link to the Information Governance Reference Model (IGRM) Project: http://www.edrm.net/projects/igrm
Report
Was this helpful? Yes No
Reply

Randy Moeller

Nice to dream but

Submitted by Randy Moeller September 15, 2011 - 8:28 AM

Bob is all to correct. The vast majority of executives do not jump when a company is fined $500M in fines, sanctions or whatever. Simply because it is a very, very small amount of companies who do. Cost is the number one driver and until costs like that are felt to be a real threat, little action will be taken.

That's why less than 20% of companies use a email management system on top of their email application. If your email system is operating at .06 cents a person then anything you do must maintain the cost or lower it. That includes litigation or any other reason. That mindset persists until (and if ever) a major issue takes place whether litigation, security breach, etc.

It's a shame, for the issues of storing, sharing and security of ESI are considered back end where cost comes first. That does not stop the import of technology where cost/increased revenue will be proven. But in other areas, well there are many companies still using IE6 as a browser until they finally move to Win7. Guess why.
Report
Was this helpful? Yes No
Reply

Marty Heinrich

Great concept, but...

Submitted by Marty Heinrich September 15, 2011 - 4:05 PM

In order to classify all that ESI into the correct record series for RM and discovery purposes, our solutions need to use clever methods to make this happen without much (or any) user participation. As much as we communicate the risk and value prop to our stakeholders, we still will hit the wall when we ask them to enter or select categories(think lawyers and others who haven't bought in and are empowered say 'no thanks').

On the bright side, there are solution providers who are doing their best to provide automated classification using defaults, user profiles and other means.
Report
Was this helpful? Yes No
Reply

Brooke Martin

prefect storm

Submitted by Brooke Martin September 16, 2011 - 5:45 AM

great blog, I add to the challanges of RM and discovery. Corporations and their employees (I include myself in this)are using many cloud solutions/services to store and manage ESI. example Drop Box, but there are many more

This sits out side the firewall and out of the hands of any RM/ECM tool set.

Report
Was this helpful? Yes No
Reply

Bruce Bailey

Context first...

Submitted by Bruce Bailey September 16, 2011 - 7:39 AM

I believe your approach works if we can create a context for it.
We make a presumption of being able to manage the reality of electronic information. We will never be able to do so, even with massive amounts of time and money. It is time to intellectualize the process. We should work towards mutually agreed upon parameters, which will, by definition not be perfect management of information, much less records, but rather be a consensual basis of commerce and law that reflects the fuzzy electronic universe as it is.
Agreement upon acceptable parameters of information governance allows action and could get us out of the current quagmire of litigation-based shortsightedness that chokes the industry. If we continue to waste our time and resources in trying to micro-manage the flow, we miss many opportunities.
Report
Was this helpful? Yes No
Reply

Mark Mandel

Different Perspectives

Submitted by Mark Mandel September 16, 2011 - 8:49 AM

My initial post was intended to generate discussion, that has worked well. Many of the comments come from different perspectives and they are quite valid:

1. The Scope of RM - this was my perspective, that you need to expand the scope of RM to include all ESI, or you are not in confluence with eDiscovery. And you need to have integrated DM and RM at the enterprise level in order to be successful.

2. Executive buy-in for this approach, that most exec teams do not appreciate this issue until it is too late, therefore they do not fund it. This is very true in many industries - those that are highly regulated and subject to frequent litigation tend to prioritize the reduction in discovery costs, so this topic is more meaningful. Also in government the message is more consistent, propogated by NARA and industry conferences - however moving to the enterprise level is still a challenge for most agencies.

3. How to accomplish this ideal, with cloud based content in the mix, email and so on. What standards to use to be consistent across the industry, etc. I like the IGRM, that is a step in the right direction. Cloud based solutions that are outside the purvue of the Records Manager are a very big issue. Hopefully user demand can drive these solutions to be compatible with a federated RM solution, or to at least have the basic tools for litigation holds, retention schedules, disposition and so on. This will not happen, however, unless we send a united message to companies such as Google.

Email management is another area where there are lots of solutions but no perfect one. This will evolve over the next few years and hopefully we can arrive at a consistent approach that meets RM and eDiscovery needs while addressing production operation needs as well.

4. User involvement in the records classification process. Ideally RM happens in a way that is transparent to the end user. Content is classified automatically when ingested or created, or when filed into a subject file (e.g., contract, case, project etc), either manually or via workflow. When RM is integrated with DM and the system tracks content all the way through its lifecycle this becomes much easier. Auto-classification and role based classification also helps a lot.

User based classification is very problematic (getting users to do it at all, then to do it consistently), and there is case law that makes this approach questionable. Sometimes it is impossible to avoid, however system design should minimize this approach as much as possible.

All great comments, keep 'em coming...
Report
Was this helpful? Yes No
Reply

This post and comment(s) reflect the personal perspectives of community members, and not necessarily those of their employers or of AIIM International

Blog email facebook linkedin Rss Twitter Youtube

Copyright © AIIM 2013 Privacy Policy