IT Confidential: Supreme Court Says, Show Me The Data
As of Dec. 1, federal regulations will require companies to inventory all their data. Are you prepared to dig out that incriminating E-mail string? If not, you'd better have a good reason or a lot of extra cash.
I received several E-mails asking for more information about the new federal rules for records management that I mentioned in this column last week. So I sought out several experts in the area. I spoke with Michael Gold, a senior partner, and Stan Gibson, a trial attorney with Jeffer Mangels Butler & Marmaro; Gold and Gibson are also co-chairmen of the firm's discovery technology group. I also spoke with Tom Aleman, head of the analytic and forensic technology group at Deloitte Financial Advisory Services.
Last April, the Supreme Court approved amendments to the federal rules of civil procedure that address the discovery process for electronically stored information, known as ESI. The federal courts are trying to make it easier (on themselves) to figure out what information companies have in their electronic records that might be relevant to litigation they're involved in. (They're also trying to stop companies from spiking incriminating E-mails, but nobody will say that explicitly.) According to Aleman, the new rules stipulate that parties involved in litigation must present to the judge, within 99 days of the filing of a complaint, an inventory of the relevant electronic information, "what data needs to be collected, harvested, and moved forward for processing." They need to show where the information is stored and how accessible it is. Noncompliance could mean hefty fines. The amendments take effect Dec. 1.
Sounds simple enough. Well, maybe not simple, but straightforward. However, the impact on corporate America should not be underestimated. "This is a sea change in the discovery process," Gibson says. "It's mandatory in all federal cases. In order to comply, companies must know where their electronic information is and how to get to it."
What kind of information are we talking about? "The acronym ESI is deliberately broad, and it means everything, whether it's an Oracle database, E-mail, or an Excel spreadsheet," says Gibson. It refers to data in financial systems, human resources systems, and sales systems, including "active and inactive server files, document stores, backup tapes," Deloitte's Aleman says.
An important concept here is accessibility, how easy it is to make certain data available. The new rules take into account "how burdensome, how costly, and how much time it will take to make that happen," Aleman says. If data is available only on backup tapes buried in a mountain somewhere as part of a disaster recovery strategy, for instance, it may be considered inaccessible.
Many companies are aware of the new regs, but a lot aren't, and that will be made obvious over the next several months. "It's a corporate cultural change, and it will take a fair amount of time to work out," says Gold. "In the meantime, some companies will skip around their obligations. And it's likely judges will make examples of certain cases."
What does this mean for IT managers? First, a giant headache. But it could also be a golden opportunity to grab that seat at the executive table. "An information governance team is very, very important," says Aleman. IT will need to work closely with top execs, in-house counsel, and business unit managers on "policy, process, and the technology the company will put into play for purposes of its records management program."
Oh, and you can thank the Supreme Court.
Just don't send them an E-mail. If you do, be sure to spike it. Copy me first, though, and include an industry tip, to firstname.lastname@example.org, or call me at 516-562-5326.
To discuss this column with other readers, please visit John Soat's forum.
To find out more about John Soat, please visit his page.
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Infographic: The State of DevOps in 2017Is DevOps helping organizations reduce costs and time-to-market for software releases? What's getting in the way of DevOps adoption? Find out in this InformationWeek and Interop ITX infographic on the state of DevOps in 2017.
Digital Transformation Myths & TruthsTransformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.