» Archive for the 'Compliance' Category

It’s 10 p.m. Do You Know Where Your E-mail Is?

Friday, April 13th, 2007 by Jonathan Spira

E-mail Practices in the News.

Although we often hear complaints of “too much e-mail” (a topic perhaps for another day), in the news this week, the topic of e-mail was in the headlines after it was revealed that White House officials under President Bush may have improperly used their Republican National Committee (RNC) e-mail accounts to conduct official government business.

Why is this a problem?  After all, many people think nothing of using their personal Gmail or Hotmail e-mail accounts for work-related purposes.

They should think again.

Knowledge workers who use personal e-mail accounts for company business are possibly violating their company’s usage policies but are also placing valuable knowledge in a container that will not be accessible to anyone months down the road.

By using non-governmental e-mail for government business, some communications that are required to be preserved under federal law may have been lost – a fact the White House acknowledged yesterday.

Deputy Press Secretary Scott Stanzel advised that the administration has begun its own inquiry and that the policy governing the use of RNC and other political e-mail accounts was somewhat vague.  He also acknowledged that the White House had not been aggressive enough in monitoring the use of such e-mail systems and that some people who had RNC accounts did not follow official policy close enough.

“Some official emails have potentially been lost,” said Stanzel, although he added that the president had instructed the White House counsel’s office to attempt to retrieve lost e-mail messages.

Basex has had a very clear e-mail usage policy for well over a decade.  One tenet of the policy is that only Basex e-mail is to be used for Basex business.  We view e-mail messages as a treasure, a resource that holds knowledge that may very well need to be retrieved years later.  Our policy predates the current trend of retaining e-mail for governance and compliance purposes.  It was just common sense back then and it remains so today.

Jonathan B. Spira is CEO and Chief Analyst at Basex.

Electronically Stored Information – or What to Do With Those 2.5 Billion E-mails

Friday, December 8th, 2006 by Jonathan Spira

Newly-amended Rules of Civil Procedure concerning electronically stored information (ESI) take effect in all federal courts on December 1, 2006.  This impacts a large number of constituencies, ranging from CIOs to records managers to lawyers and judges.

These rules came about because 95% of records are created and stored electronically and, as a result, all discovery is now e-discovery.  It will be no surprise to regular readers that the volume of ESI is exponentially greater than the volume of stored paper records (which we will refrain from calling SPRs).  E-mail is perhaps the main culprit.  A single knowledge worker can easily generate 25,000 e-mails per year; a company with 100,000 employees could find itself with 2.5 billion e-mails in its archives.

The mass of e-mail is one of several reasons for the new rules.  Another is that electronic information is dynamic; a lot of it changes without operator intervension.  In addition, ESI is much more difficult to destroy when compared with SPRs.  (oops! sorry)

Perhaps of greater significance is that electronically stored information may need to be retrieved or restored – and therein lies the rub.

But there’s more.  (Disclaimer: I am only going to be able to scratch the surface here – an in-depth analysis of the new rules and their impact on knowledge economy companies would require far more space than allotted here.)

New Rule 26(f) requires parties in proceedings to discuss “any issues relating to preserving discoverable information.”  The need to preserve evidence has to be balanced, according to an Advisory Committe Note, with the need to continue routine activities because halting the operation of a computer system could put a company out of business today.

Rule 34 adds ESI as a separate category of information, stipulating that the Rule covers all types of information, regardless of how or where it is stored.  The Advisory Note makes it clear that this is not mean to create a “routine right of direct access to a party’s electronic information system, although this might be justified in some circumstances.”

But for me the most interesting part is found in Rule 26(b)(2)(B), covering inaccessible data.  As noted many times in this space, what we create today may not be accessible at some point in the future.  The Rule addresses ESI that is considered inaccessible, given the undue burden and expense of retrieving it if this is even possible.  A party is not required to provide discovery of ESI from sources that it identifies as not reasonably accessible (due to the undue burden and cost that would be incurred) unless the requesting party can demonstrate “good cause.”

Unfortunately, the Rule does not define the term “inaccessible” which may turn out to be a good thing.  (It also fails to identify sources, which we can infer to be a place where data (or information) is stored.)  What is “inaccessible” today might – with a change in technology – very well become accessible tomorrow; moreover, what IS indeed accessible today might not be accessible tomorrow.  Sources that might be considered inaccessible at a given point might include backup media and deleted data.  One thing is clear: if a document or data point is regularly accessible in the normal course of business, a party may not make it “inaccessible” to avoid producing it.

I’ll conclude with a look at the safe harbor provision for ESI loss.  New Rule 37(f) prohibits a court from imposing sanctions for failing to provide ESI lost as a result of normal system operations.  This means that, since IT systems may routinely modify, overwrite, and delete information, companies need not worry about such lost ESI.  The only time a company must intervene is if litigation is reasonably anticipated, at which time a litigation hold would serve notice to all records custodians that the normal operation of the system must be suspended.  Keep in mind that, in the knowledge economy, everyone is his own records custodian.

This general overview is not meant as a substitute for the advice of a qualified attorney; only an attorney can provide you with the legal advice you need to ensure that you are complying with the new rules.

Jonathan B. Spira is CEO and Chief Analyst at Basex.