Organizations Under Siege: How Proactive Governance Can Meet the Challenges of Information Management, Data Security and ediscovery
Agenda 1 2 3 4 5 What are the Drivers for Information Governance? The Challenges of Information Governance Best Practices for Implementing an Effective Information Governance Plan Key Takeaways Resources & Reference Material 2
What are the Drivers for Information Governance? 3
I Believe an Integrated Information Governance Strategy is Critical to Reducing Costs and Risks: 1. Strongly Agree 2. Somewhat Agree 3. Neutral 4. Somewhat Disagree 5. Strongly Disagree 4
Why Information Governance? What were once disparate issues information management, ediscovery, and data security are rapidly coming together due to the explosion of electronically stored information and the on-premise and cloud-based technologies that deliver and disseminate it. Organizations are increasingly demanding that these issues be addressed in a unified way through information governance. Brian Dye Vice-President, Information Intelligence Group Symantec Corp. 5
Courts Expect Effective Information Management 6
The Hon. Francis Allegra, United Medical Supply v. United States, 77 Fed. Cl. 257 (2007). [The Department of Justice] was ill-served... by document retention and preservation policies that were and may still be antiquated and inadequate... One would think that document retention policies involving contract materials would consider, inter alia, the applicable statute of limitations on contract actions. 7
The Hon. Richard Linn, Micron Technology, Inc. v. Rambus Inc., 645 F.3d 1311 (Fed. Cir. 2011) Where a party has a long-standing policy of destruction of documents on a regular schedule, with that policy motivated by general business needs, which may include a general concern for the possibility of litigation, destruction that occurs in line with the policy is relatively unlikely to be seen as spoliation. 8
Data Security in the Age of Social Media 9
DWS identifies, fires 2 employees over immigration list, KSL.com, July 20, 2010 The Utah Department of Workforce Services has identified and fired two employees it says are responsible for compiling the list of more than 1,300 supposed illegal immigrants and disseminating that list -- along with their personal information -- to the media and law enforcement officials. 10
The Hon. Gerald Rosen, Flagg v. City of Detroit, 252 F.R.D. 346 (E.D.Mich. 2008). Twitter is a social networking service that permits users to post pithy messages using short communications called tweets, and to read the tweets of other users. Users can monitor, or follow, other users tweets,... can permit or forbid access to their own tweets, [and] send messages to a single user or repost other users' tweets. 11
Biggest Social Media Concerns: Compliance & Retention Symantec Social Media Protection Survey While Social media is widely used, less than half of survey respondents feel protected Survey respondents named the following as the top two concerns: Compliance with information retention policies (45%) Management of ediscovery (37%) 12
Addressing The Concerns: All Talk, No Action? Less than one-fourth have implemented the following to address information retention or ediscovery concerns: Social media policy (24%) Employee training (22%) Processes to capture confidential/proprietary data (21%) Data Loss Prevention solution (21%) Technology to manage data (20%) Collect and archive sensitive business information (18%) 13
Governments Have the Same ediscovery Duties as Other Organizations 14
The Hon. Gerald Rosen, Flagg v. City of Detroit (E.D. Mich. Oct. 5, 2011) In today s world of litigation, any major municipality that fails in these basic obligations owed as a litigant, and that fails to establish a legal department capable of guiding municipal employees in understanding and fulfilling these obligations, can expect to confront major difficulties in the litigation process to say nothing of a very unhappy citizenry that must ultimately foot the bill. 15
Advisory Committee Note, Utah Civil Procedure Rule 26 (2011 Amendments) The 2011 amendments seek to reduce discovery costs by requiring each party to produce, at an early stage in the case, and without a discovery request, all of the documents and physical evidence the party may offer in its case-inchief and the names of witnesses the party may call in its case-inchief, with a description of their expected testimony. 16
U.C.A. 1953 63G-2-204 (The Government Records Access and Management Act) After receiving a request for a record, a governmental entity shall... as soon as reasonably possible, but no later than 10 business days after receiving a written request, or five business days [for an expedited request]... approve the request and provide a copy of the record 17
What Information Governance Challenges Are You Facing? 18
Which Processes Fall Under the Umbrella of Information Governance? 1. Email/Records Retention 2. Data Security and Privacy 3. ediscovery 4. Data Storage 5. Compliance 19
Which Department is Responsible For Information Governance Within Your Organization? 1. Legal 2. Compliance 3. IT 4. Records Management 5. Other 6. Unknown 20
Does Your Organization Have Budget to Fund its Information Governance Strategy Over the Next 12 Months? 1. Yes 2. No 3. Unknown 21
Best Practices for Implementing an Effective Information Governance Plan 22
Best Practices: Information Management Develop & Implement an Effective Process Determine Who Owns The Process Secure Funding Deploy the Right Technologies 23
Best Practices: Social Media Develop a Global Social Media Plan Maps out communication strategy Provides for required supervision of employees Accounts for compliance with government requirements Provides for internal audit process Education and Training Educate employees on organization social media policies Train employees regarding the content that may be posted to social networking sites and the internal process for doing so 24
Best Practices: ediscovery Establish an Effective ediscovery Process Ensure ediscovery Process includes Integration with Information Management and Data Security Use Technologies to Facilitate ediscovery Process 25
Key Takeaways Determine Who Owns the Information Governance Process Obtain Budget for Retention, Security & ediscovery Tools Ensure Integration of Reactive ediscovery Process with Applicable Data Sources (Email, Cloud Content, Social Media and Unstructured Data) Confirm Compatibility of Supporting Technologies 26
Resources & Reference Material Visit Our Website http://go.symantec.com/ information-governance-global 27
Resources & Reference Material VISIT OUR BLOG http://www.clearwell systems.com/ediscovery-blog/ 28
Thank you! Philip Favro, Discovery Counsel, Symantec Corp. philip_favro@symantec.com @philipfavro Copyright 2012 Symantec Corporation. All rights reserved. Symantec and the Symantec Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be trademarks of their respective owners. This document is provided for informational purposes only and is not intended as advertising. All warranties relating to the information in this document, either express or implied, are disclaimed to the maximum extent allowed by law. The information in this document is subject to change without notice. 29