Coming Together: A Shared Interest for Legal and IT

11
Aug
2010

Steve Akers

This column is part 2 of "Bridging the Gap Between Legal and IT"

In the first part of this article, we talked about the obstacles organizations face for both IT and the associated processes around ediscovery governance. Now, we’ll discuss what requirements are bubbling to the surface and how the right IT platform can address these issues.

A common vision for control and governance of email and documents that will satisfy legal requirements and address cost and feasibility concerns from the IT department is slowly emerging. The publication of the Electronic Discovery Reference Model (EDRM) has helped a great deal by codifying the common components that the legal department needs and that IT must provide.

With the documentation of a process for legal discovery, other regulatory departments are finding that they share common criteria with the EDRM. This has let IT focus on what it does best: find scalable solutions that meet the needs of a business process at minimum cost. This is starting to happen as the requirements are better understood as IT and legal are brought to the decision-making table. 

Emerging Requirements
The vision of a solution to the problem of legal discovery and regulatory governance is solidifying. Having the problem solved by the use of IT infrastructure is also a concept that is solidifying. Both the legal department and the IT group realize that they need a solution that supports reactive, proactive and ongoing (continuous) electronic discovery. The first step toward the “total solution” is to start with a more proactive approach than has ever existed. This is simply seen as adding a capability to index and represent more data on more systems than has ever been possible. This approach is a step along the way to true information governance.

The ongoing vision to obtain an automated system that identifies certain types of data and “informs” the appropriate officers and technical staff of the existence of the data is probably the third and final step that corporations will take to achieve total business governance. Everyone involved understands that the path to the best solution starts with technology that can give management insight into vast quantities of content and do it in a way that does not require much (if any) manual effort. Getting there will vary according to the needs of each individual company, and many will choose an approach that gives them total visibility into their data sources. Whatever solution is obtained will have certain base principles however.

The main points behind a solution to this problem include:

1. The organization must be proactive and understand what is contained in vast quantities of information. The organization can no longer afford to wait until a large scale discovery is necessary to begin placing data into indexes so that it can be evaluated. This reactive approach cannot satisfy the tight timeframes under which data must be discovered and produced. Furthermore, the ad hoc collection of data introduces too much risk of error into the process by missing or spoiling the evidentiary value of data.
2. Evaluation of data must be an ongoing process; automation and sophistication of analysis will be important. For example, finding data with certain characteristics early so that action to retain or destroy it can be taken and regularly is very important. Implementing this capability without large amounts of manual labor being required is of course vital to the success of such a process. There are certain types of confidential data that must be identified and properly secured or an organization can receive heavy fines. Failure to recognize that certain types of data exist within large storage systems is unacceptable for many organizations.
   1. Systems with capabilities like “saved searches” (saving the logic behind some number of analytic steps such as searching, classifying or tagging data) that meet certain criteria and running these at regular intervals to alert IT to the existence of certain types of information will be important. These types of capabilities are generally new to IT and legal and are becoming recognized as being vitally important to both groups.
3. Analysis and reporting capabilities that allow information attributes to be obvious to administrators. For example, the types of information that exists in various systems (“data mapping” to some) and how often the data has been accessed or modified in a given period of time is a part of reactive electronic discovery, proactive electronic discovery, and ongoing diligence actions within an organization. These capabilities are becoming recognized as the cornerstone of a good governance or electronic discovery process.
4. An ability to perform policy-based actions on data is more critical than ever. Searching and obtaining data is one thing, being able to identify, tag, move and secure data is another. One system that can perform all these activities without the invocation of multiple tools by multiple people is a critical component of an overall governance strategy.

The Answer
It is clear that major corporations are moving toward an understanding that information discovery, retrieval and management are now (or soon will be) standard business processes. It may take a while for a common standard for a platform solution to emerge, but the concept of a single platform to handle many of these functions is a strongly desired component of IT infrastructure.

The total solution to this problem may be emerging but a platform that can extend across most if not all enterprise data sources is a common requirement.  The ability for one system to provide insight, analysis and control of data makes the electronic discovery process simple to achieve. Extending many of the mandated ediscovery capabilities across the platform also enables vertical applications for storage management and records management. 

A Different Approach
Capabilities to identify and manage textual data in unstructured form or structured databases are also mentioned by legal IT professionals. These are embodied in a “Virtual Governance Warehouse” that gives legal IT professionals one console for preparing and viewing and then managing the data found within the enterprise. Instead of several products (one for the archive, one for storage, one for SharePoint servers) each with their own search capability, the marketplace is asking for a single window into all enterprise data and a set of capabilities to analyze, classify and tag the data appropriately.

Figure Two (click to enlarge) shows what the platform should look like to handle all major unstructured sources of data within the enterprise as well as structured databases containing text fields and documents. This is the Virtual Governance Warehouse being requested by IT staff and the legal and regulatory professionals requiring access to information on a frequent basis. Once corporations realize why current solutions aren’t ideal and that there is a critical need for a better tool that is technologically advanced and geared toward legal professionals, ediscovery and governance will become a much more simple and accurate process.