IT Confidential: Supreme Court Says, Show Me The DataIT Confidential: Supreme Court Says, Show Me The Data
As of Dec. 1, federal regulations will require companies to inventory all their data. Are you prepared to dig out that incriminating E-mail string? If not, you'd better have a good reason or a lot of extra cash.
November 9, 2006
I received several E-mails asking for more information about the new federal rules for records management that I mentioned in this column last week. So I sought out several experts in the area. I spoke with Michael Gold, a senior partner, and Stan Gibson, a trial attorney with Jeffer Mangels Butler & Marmaro; Gold and Gibson are also co-chairmen of the firm's discovery technology group. I also spoke with Tom Aleman, head of the analytic and forensic technology group at Deloitte Financial Advisory Services.
Last April, the Supreme Court approved amendments to the federal rules of civil procedure that address the discovery process for electronically stored information, known as ESI. The federal courts are trying to make it easier (on themselves) to figure out what information companies have in their electronic records that might be relevant to litigation they're involved in. (They're also trying to stop companies from spiking incriminating E-mails, but nobody will say that explicitly.) According to Aleman, the new rules stipulate that parties involved in litigation must present to the judge, within 99 days of the filing of a complaint, an inventory of the relevant electronic information, "what data needs to be collected, harvested, and moved forward for processing." They need to show where the information is stored and how accessible it is. Noncompliance could mean hefty fines. The amendments take effect Dec. 1.
Sounds simple enough. Well, maybe not simple, but straightforward. However, the impact on corporate America should not be underestimated. "This is a sea change in the discovery process," Gibson says. "It's mandatory in all federal cases. In order to comply, companies must know where their electronic information is and how to get to it."
What kind of information are we talking about? "The acronym ESI is deliberately broad, and it means everything, whether it's an Oracle database, E-mail, or an Excel spreadsheet," says Gibson. It refers to data in financial systems, human resources systems, and sales systems, including "active and inactive server files, document stores, backup tapes," Deloitte's Aleman says.
An important concept here is accessibility, how easy it is to make certain data available. The new rules take into account "how burdensome, how costly, and how much time it will take to make that happen," Aleman says. If data is available only on backup tapes buried in a mountain somewhere as part of a disaster recovery strategy, for instance, it may be considered inaccessible.
Many companies are aware of the new regs, but a lot aren't, and that will be made obvious over the next several months. "It's a corporate cultural change, and it will take a fair amount of time to work out," says Gold. "In the meantime, some companies will skip around their obligations. And it's likely judges will make examples of certain cases."
What does this mean for IT managers? First, a giant headache. But it could also be a golden opportunity to grab that seat at the executive table. "An information governance team is very, very important," says Aleman. IT will need to work closely with top execs, in-house counsel, and business unit managers on "policy, process, and the technology the company will put into play for purposes of its records management program."
Oh, and you can thank the Supreme Court.
Just don't send them an E-mail. If you do, be sure to spike it. Copy me first, though, and include an industry tip, to [email protected], or call me at 516-562-5326.
About the Author(s)
You May Also Like
Cybersecurity Forecast for 2024
The Definitive Guide to Understanding IP Addresses, VPNs and their Implications for Businesses
Solution Brief: Fortinet FortiFlex Delivers Usage-Based Security Licensing That Moves at the Speed of Digital Acceleration
Three Ways Fortinet Hybrid Mesh Firewalls Secure Edge Networks
The 9 Traits You Need to Succeed as a Cybersecurity Leader