Using Data Mapping and Assessment to Minimize eDiscovery Cost and Risk

Last week Dennis Kiker contributed an interesting article to Law Technology News entitled How To Manage ESI To Rein In Runaway Costs. At the heart of the problem is that we’re a country of corporate data hoarders. We keep data past its expiration; we don’t have a good system in place for categorizing and managing it, and are overwhelmed when a legal request necessitates identifying and collecting data relevant to a case. Dennis states:

Despite the high cost of its painstaking preservation and storage, much of this data will never be relevant to any legal case. Indeed, according to a 2009 survey by Framingham, Mass.-based IDC, 60 to 80 percent of the information retained by corporations in America has no value from a business or legal perspective.

Legal departments have historically focused on the ‘right side’ of the Electronic Discovery Reference Model (EDRM) – the analysis and review stages. However, if the quality of collected data in the review platform is unnecessary, insufficient, spoiled, or irrelevant; this significantly increases an organization’s legal cost and risk.

Kiker goes on to say… the best approach for many companies is to get serious about cleaning up their information environments. By “taking out the trash” in a major way, companies stand to make big cuts in their annual data-storage bills, which can also run into the six figures. This also enables them to more quickly and more accurately identify potentially relevant information for the attorneys to sift through during a review process, potentially lowering their legal bills.

Legal teams are increasingly realizing the business value and ROI from strengthening their company’s ‘left-side’ EDRM capabilities and understand that sound information governance practices result in highly targeted and effective eDiscovery.

The article points out that shrinking the overall stack of data is a good start to minimizing eDiscovery costs, but companies also need to find all the relevant information contained in their data. He says:

Data mapping offers a way to solve this problem. The basic idea is to create a master index that spells out exactly where content is stored. Surprisingly, many companies have never taken this critical information management step.

In fact, Barry Murphy was reflecting on the Carmel Valley eDiscovery Conference and commented in his blog: Get specific. Know where data lives and do the data maps.  It’s impossible to preserve data if you don’t know where it is.

At StoredIQ we couldn’t agree more. To prove it, during the month of August, StoredIQ is extending a promotional offer for our data assessment and mapping service. The first 10 qualified companies will pay only $10,000, a savings of $5,000 off list price.

StoredIQ Data Assessment Services provide unprecedented visibility into the unstructured data across the enterprise. This invaluable service quickly gives organizations critical understanding of their business content to make more informed decisions about the management, retention, and disposition of their data.

To learn more about this offer and to take the first step toward managing your escalating ESI-related costs and risk – contact us today!

Texas’ Personal Information Data Breach Becomes Personal

Last week both my husband and I received letters from the Texas Comptroller’s office informing us that we were among the 3.5 million Texans who’s personally identifiably information (PII) including: Social Security numbers, birth dates, driver’s license numbers, addresses and other personal information was severely compromised because this data was posted to a publicly available server for more than a year. I anticipated getting the letter since first learning of the breach, but it still hurt to see it in black and white.

eWeek covered this story in a recent article and noted that once the data was in the hands of the comptroller, internal procedures were not followed, which caused the information to be left on a server accessible to the public and not be purged as required by internal procedures, according to the office.

So how appropriate that Diane Carlisle’s article in last week’s ARMA newsletter was entitled “Texas PII Massacre”…great symbolism Diane. In the article, she offered up suggestions from ARMA’s Generally Accepted Recordkeeping Principles® (GARP) for helping companies mitigate just this type of occurrence, including:

• Establish firm policies and procedures to ensure information is properly protected against inappropriate exposure.
• Train employees on the policies and procedures so everyone understands their responsibilities.
• Use technology to ensure only personnel with the appropriate level of security / clearance can access sensitive information
• Utilize encryption and other security protocols to protect information at all times.
• Conduct periodic audits and reviews to ensure established procedures are being followed.

A timely article this week in Law Technology News entitled “States Take Practical Steps to Respond to Data Breaches”, provides a good overview of state-specific PII data breach laws, describes best practices that have developed in response to them, and addresses the calls for a federal data-breach law. I noticed that Texas wasn’t included.

Here at StoredIQ, my job in marketing is to write about the benefits of our eDiscovery and information governance solutions, which provide organizations with a comprehensive, secure and efficient approach to meeting their governance and compliance needs. StoredIQ can help protect business-critical information and personally identifiable information assets such as account numbers, social security numbers, credit card numbers, as well as trade secrets, financial records, strategic business plans and IP/source code.

Don’t I wish that the Texas Comptroller’s office had StoredIQ in place. They could have proactively identified content that did not comply with their corporate governance policies – like storing me and my husband’s personal information on a publicly available server – helping to ensure that potential issues like this are addressed before they become legal issues.

StoredIQ Helps Companies ‘AIIM’ for Information Intelligence at Info360 Conference

StoredIQ will be a conference presenter as part of the eDiscovery track during next week’s AIIM Info360 conference. The AIIM Info360 conference focuses on helping companies find new ways to capture, store, analyze, access, and deliver enterprise information.  AIIM Info360, will be held March 21 – 24, at the Walter E. Washington Convention Center in Washington, DC.

As part of the AIIM Info360 eDiscovery conference track, StoredIQ will be discussing the risks and costs of inefficient information management. Our goal is to help attendees understand the value of information intelligence across all their data sources, so information can be organized and managed according to specific policies and leveraged as an asset for eDiscovery, records management, governance and compliance.

WHERE: Walter E. Washington Convention Center —Washington, DC

WHEN: Wednesday, March 23 from 1:00 PM – 1:40 PM ET

TOPIC: Synchronize Your Approach to Information Management

DESCRIPTION: Organizations are forced to deal with vast and increasing amounts of unstructured information. IT departments have to operate on tighter budgets, and managing data is overwhelming. Organizations take a siloed approach to information management, dealing with eDiscovery, compliance and data storage separately; resulting in higher cost and increased business risk. Join StoredIQ vice president of field operations, Ellis Ishaya, as he discusses:

• How a synchronized approach to records and information management enables organizations to cut costs and gain more insight and control over their critical data needs, especially in today’s highly-regulated business world.
• How to properly find, classify and manage all information according to business value and risk.
• How to ensure a comprehensive, secure and efficient approach to meeting their governance and compliance needs.
• How to automate retention rules according to existing records retention schedules.

In addition to presenting, StoredIQ will exhibit our information intelligence solution at booth 1633 during the three-day event. Booth visitors can register to win a free data assessment service. Attendees that would like to schedule a meeting in advance should contact Jacqui Galow at info@storediq.com or +1 512-334-3156. For more information about AIIM Info360 or to register, visit www.aiimexpo.com.