Several recent events have been unsettling for many IT Managers. The recent collapse of banks has led to FBI investigations in the States, and groups of shareholders in the both the States and the UK have threatened litigation. At the time I write, there is evidence of criminal activity but not enough for prosecutions. There have also been price-fixing investigations by the UK’s Office of Fair Trading.

All these investigations have required the ‘production’ of documents. I’ve taken part in several of these, and they can be extraordinarily frustrating and time-consuming, even when there is no question of a cover-up. I’ve also had to find data for MI5 as part of terrorist investigations. It is, of course, the duty of IT management to ensure that all electronically-held data is easy to find and conforms with the company’s ‘Retention Policy’.

Retention Policy?

In businesses, there is a huge amount of electronic data kept. This is mostly done in case of litigation, but corporate lawyers are generally reluctant to give clear guidance about this. When litigators seek ‘production’ of documents from an opponent, as they have every right to do, the confusion and duplication in document archives can make life very difficult for the legal department. There have been numerous court cases that have generated serious sanctions when legal counsel and their clients failed to produce documents during this ‘discovery’ process or worse, pretended that they had been destroyed, or had never existed.

‘Discovery’ is an expensive business, and the costs of litigation are enormously increased if lawyers cannot get hold of all the relevant documents.

It is not enough just to store everything. In fact, it can make matters worse because of duplication. Everything has to be read by someone who is aware of the legal ramifications of what has been written. To be able to cope, business must specify in their ‘Retention Policy’ what needs to be retained in terms of  business risk, Business continuity, regulatory requirements, legal compliance, and statutory guidelines and requirements. These Policies must clearly state what data and documents can be discarded, and must be consistent across the enterprise.

There may be business needs that may exceed those requirements due to the potential historic, intrinsic or enduring value of the information. If the information has met all of these needs and is no longer considered to be valuable it must be disposed of in a way that protects  privacy and confidentiality.

Any data can become the subject of a legal hold, which means that its retention must be indefinite until the legal hold is removed.

Emails cause unique problems because users rely on them for tracking projects and workflow. This makes any arbitrary ‘disposal date’ impossible. They also must be stored in such a way that they can be scrutinised. There can be no such thing as ‘private emails’ in the workplace. There have been several investigations where an email has proved to be the key evidence that has led to a criminal prosecution or the resignation of a politician

ILM Applications are worse than useless without a consistent policy for the retention and access of documents. Automating a confusion will just make the confusion faster. The policy has to be enforced and tested to make sure that, in an emergency, all necessary documents can be found.

I hope you never have to be involved in the litigation process. If you do, then the only way to cope is to have an effective policy, a way of disposing of all irrelevant or duplicate data, and the technology to search your data rapidly and effectively.