proactive information management in...

28
Produced by Proactive Information Management in Government Cost-Effective Strategies to Store, Manage and Discover Your Information FOIA Requests | E-Discovery | Internal Investigations

Upload: others

Post on 23-May-2020

2 views

Category:

Documents


0 download

TRANSCRIPT

Produced by

Proactive Information Management in Government

Cost-Effective Strategies to Store, Manage and Discover Your Information

FOIA Requests | E-Discovery | Internal Investigations

© 2009 Government Technology. All rights reserved.

NO WARRANTY. The information contained in this document is being delivered to you AS-IS, and without warranty as to its accuracy or use. Any use of the information contained herein is at the risk of the user. This document may include technical or other inaccuracies or typographical errors, and may be changed or corrected without prior notice. The information contained in this document is provided for informational purposes only and is not legal advice. The information may or may not reflect current legal developments. This information is not intended to constitute legal advice or to substitute for obtaining legal advice from an attorney licensed in your state, and is specifically not intended to provide advice or counsel on compliance recommendations for the Freedom of Information Act, the Federal Rules of Civil Procedure, or other regulatory requirements. No part of this publication may be copied without the express written permission of Government Technology, 100 Blue Ravine Road, Folsom, California 95630.

For additional copies or to download this document, please visit:

www.govtech.com/ediscovery

� Proactive information management in government |

Table of ContentsInformation Management: Why It Matters ....................................................... 4

Risks and Challenges ......................................................................................... 8

Where to Start ................................................................................................. 15

Strategies ......................................................................................................... 20

Proactive Information Management in Government

� | Proactive information management in government

Government has many critical responsibilities. Among them is making information available to the public. It’s a basic duty of government — one that hasn’t always been observed as well as it should be.

E-discovery, the Freedom of Information Act (FOIA) and internal investigations are all compelling subjects in this new era — an era in which government is expected to provide more transparency and accountability than ever before.

A NEw AttItuDE In January 2009, President Barack Obama — almost immediately upon taking office

— issued an executive order calling for increased diligence on the part of government when it comes to making information available to the public.

“All agencies should adopt a presumption in favor of disclosure, in order to renew their commitment to the principles embodied in FOIA, and to usher in a new era of open government,” the memo stated.

The president’s order clearly expressed a new attitude. “A democracy requires accountability, and accountability requires transparency,” it read. That means transparency for the greater good. “The Freedom of Information Act should be administered with a clear presumption: In the face of doubt, openness prevails,” the order also stated.

New federal policies, such as the American Recovery and Reinvestment Act, extend this push toward transparency for government organizations. Accessibility to government information at all levels is becoming more and more of an expectation among citizens.

What does this mean for government? It means there is work to do. Government agencies must be ready to respond in this new environment. Currently FOIA applies to federal agencies only, but certain state and local governments have implemented their own laws similar to FOIA, making them responsible for providing information to the public.

To be prepared to respond, government organizations must understand and master the

world of electronic data. Electronically stored information (ESI) has replaced paper as the primary format for government record-keeping. And the variety of formats within ESI is growing. E-mail, instant messaging, digital photographs, tweets — the list is longer than ever and will continue to grow, as will the list of devices available to contain this information.

E-mail alone can be a huge challenge. It has rapidly become the primary means of conducting business every day. As such, the majority of business-critical information is contained in e-mail. As e-mail repositories grow, so does the time and effort required to

Information Management: Why It Matters

Information Management: Why It Matters

“A popular government, without popular information, or the means of acquiring it, is but a prologue to a farce or a tragedy, or perhaps both.”— James Madison

� Proactive information management in government |

search those repositories pursuant to a request for information. In addition, significant challenges arise in determining what information should be retained as a record. Who’s in charge of keeping or deleting e-mails? End-users? Let’s hope not. A system that goes across the enterprise and takes decision-making out of the hands of end-users may help streamline the information management process and reduce risk.

Governments today face many challenges when addressing e-discovery and FOIA readiness. Chief among these are budget constraints. Money is scarce, yet government is expected to do more for citizens. Responding to requests for information is a requirement, not an option. Any increase at all in record requests can place an increased strain on resources that are already stretched thin. So agencies must find the most cost-effective way to prepare.

CONFRONtINg thE NEw ERAE-discovery has become a major focus of the litigation process in recent years, and that

trend will likely continue. New requirements place a greater burden on those who must fulfill e-discovery requests. Experts agree that a good defense is to proactively prepare before litigation arises.

In addition to the challenges that arise in responding to requests for information, government also should have discovery and retention capabilities in place for its own business purposes. Regulations and public expectations are strong drivers, but information should also be managed within the organization to support the work being done on a day-to-day basis.

While e-discovery, FOIA and internal investigations have much in common, there are also differences. Government is usually required to act more quickly on a FOIA request than on e-discovery. And e-discovery can apply to all kinds of data, whereas FOIA applies to information in the public record.

While internal investigations are different from FOIA and e-discovery requests, there are common methods involved and similar challenges — and solutions — for all. The crossover among these three different areas is helpful. For example, a technology solution for e-discovery will certainly aid a government agency in responding to FOIA requests as well.

A BEttER AppROAChTraditionally government has taken a reactive approach toward e-discovery and FOIA

requests. Given recent legal and regulatory changes, government simply can no longer act as it has in the past. It must now be accountable to a greater degree than ever before. And the challenges, too, are greater.

“Information is the currency of democracy.”

— Thomas Jefferson

Information Management: Why It Matters

� | Proactive information management in government

Information Management: Why It Matters

NASCIO, E-Discovery and FOIA

Are e-discovery and records requests important to state CIOs? They certainly are, according to the National Association of State Chief Infor-mation Officers (NASCIO). The organization has done much work in recent years around these topics. E-discovery has often been on the group’s yearly top-10 list of policy and technology priorities for state CIOs. For 2010, No. 3 on the list pertains to content and records management, including repository, archiving and digital preservation.

NASCIO is always looking at e-discovery.“It’s certainly a big concern. It’s an issue that’s brought a lot of challenges,” said Doug Robinson, executive director of NASCIO. “I think the No. 1 challenge is probably the explosion of digital content.”

In addition to the volume of data, Robinson said the variety is also a big challenge. “It’s no longer electronic document or e-mail only; it’s now a long list of content beyond traditional documents and databases,” he observed. “You have digital recordings, digital video. You have instant messaging and text messaging, and tweets from Twitter. You have this wide variety of content that is primarily unstructured — some of it informal, but all of it can represent the business of government.”

Robinson added that the complexities of e-discovery warrant CIOs taking a hard look at the risks involved. He said the cost of litigation is incentive to have e-discovery solutions in place that minimize the risk of lawsuits. “I think we all know what the cost of litigation is, right? It’s extremely costly,” he said. “And discovery, whether it’s e-discovery or any other kind, is a significant part of the legal process that both parties involved go through.” NASCIO believes states need to find ways to handle e-discovery more efficiently. “We’ve urged the consideration of enterprise solutions,” Robinson said.

NASCIO also believes states need to get e-mail under control. “The first thing the lawyers go after is e-mail because it’s a treasure trove of information,” said Robinson. “There are major problems there because in many cases you’re relying on end-users to make subjective decisions (about what to keep and what to delete).”

As NASCIO continues to help CIOs with these issues, more challenges are sure to arise. A recent development — the use of Web 2.0 technolo-gies — is yet another. “Think about this in terms of e-discovery,” said Robinson. “Not only do you have the platform that you own, you now have hosted solutions. For example, state information posted on Twitter; many states have Facebook accounts now. Is all of that part of the discoverable nation? The lawyers would tell you yes.”

� Proactive information management in government |

Technology can provide significant benefits in addressing these information management challenges. Using the right tools, organizations can automate policies and improve efficiencies and response times. Trying to accomplish what needs to be done without an automated solution may be unworkable in this digital age.

The right technology can improve the situation on a number of fronts. In addition to actually reducing the infrastructure costs for IT systems, it can also reduce operating expenses involved in responding to e-discovery and FOIA requests. And it benefits citizens by giving them the information they need at the lowest possible cost.

Governments are working to adapt to President Obama’s directive regarding openness. And bills aimed at more transparency are in the works. Some would add more detail around how the federal government should manage e-mail (and state and local governments often follow the federal lead).

While e-mail gets most of the attention in e-discovery, government agencies also should protect themselves by making sure they can access other types of electronic communications as well. Instant messages, text messages, SharePoint files and other formats can all contain information that may be subject to FOIA requests, e-discovery or internal investigations. Can you find these things if you need to? For many government agencies, the answer is “maybe.” Even if the answer is “yes,” how long will it take? How much will it cost?

A government’s ability to provide information to its citizens is critical to earning citizens’ trust. Openness is a requirement. With a proactive approach to information management, government is better able to respond to FOIA requests, e-discovery and internal investigations, and can better do its duty, admirably, for the good of all.

Information Management: Why It Matters

� | Proactive information management in government

Risks and Challenges

If not proactively managed, the creation and disposition of information can create increased risk and exposure for government. And it’s becoming increasingly challenging to stay on top of this ever-evolving situation. The amount of electronic information created and stored has exploded in recent years, e-discovery requirements have become more stringent, and the number of FOIA requests has grown. Budget problems and staff cutbacks certainly don’t help government when it comes to dealing with all this. But these are serious challenges, and they require real action in response.

Governments often plan for disaster recovery. Today they must plan for legal disasters too. That means being prepared for e-discovery before a legal issue arises. The same goes for FOIA requests. FOIA requires that government turn over information in the public records requested by its citizens. What if government isn’t able to do that? Governments and companies alike have gotten themselves into legal trouble by not being prepared. In today’s environment, it’s too risky to be lax about preparation. Embarrassing headlines and expensive litigation have repeatedly driven that point home.

RISkS AplENtyNearly every lawsuit involves ESI. Many governments don’t have a thorough response plan

in place, which can make the production of needed material time-consuming and costly. Furthermore, when information cannot be found or it takes too long to locate, public opinion can turn against you. The public will assume a government that can’t produce needed records is hiding something.

Newspaper headlines have blasted out the word, time and again, about government agencies that couldn’t provide e-mails upon request, or lawsuits that hinged on the content

of electronic data. When Alaska was hit with hundreds of FOIA requests

regarding then-vice presidential candidate Sarah Palin, the Alaska Governor’s Office reportedly gave quotes as high as $15 million to fulfill some requests, and even then, the office said it would take many months for it to round up and provide the information. No government wants to be in that position.

Proactive preparation can help organizations be ready for these instances. In a widely publicized case, a U.S. citizen traveled outside the country despite being diagnosed with tuberculosis — denying that health officials advised him not to travel. When a newspaper requested documentation, the government health agency involved found nearly 200 pages

Risks and Challenges

“Sunlight is said to be the best of disinfectants.”— Louis Brandeis, U.S. Supreme Court Justice, 1916-1939

� Proactive information management in government |

of e-mail related to the case within 90 minutes. The e-mails showed that the agency had done its job and indeed advised the patient not to travel.

What if it had gone differently? The media would have been camped out on the agency’s doorstep, waiting for results. The agency would have opened itself up to possible litigation. And it would have sent a message to the world that it didn’t have its affairs in order, thus becoming an easy target.

The public nature of FOIA requests can expose a government’s lack of organization in these instances. A FOIA request can quickly become a very public matter. If the public becomes aware of vulnerability, the agency could be hit with numerous lawsuits by people with all kinds of agendas.

Government really needs to ask: What’s the cost of not being prepared? In addition to the costs listed above, the financial costs of e-discovery can be extreme. What if a journalist requests to see all e-mails related to the governor, the mayor or the director of a federal agency? How difficult would it be, and how much would it cost?

ChAllENgINg tImESFor a government that wants to improve its ability to respond to FOIA requests and

e-discovery, there are many challenges. And with increased federal emphasis on transparency and accountability, it’s likely more regulations are coming. Governments should keep an eye

when E-Discovery works

Fulton County, Ga., clearly has its e-discovery response plan in place. In 2007, the county’s Department of Health and Wellness was drawn into a highly publi-cized controversy. The department’s part in the story essentially ended when it instantly found and produced nearly 200 pages of e-mail correspondence related to a medical case that was getting national attention.

A patient from Atlanta, Andrew Speaker, had been diagnosed with drug-resistant tuberculosis. County health officials advised Speaker not to travel, as his condition put other people at risk. He flew to Europe anyway, traveled from place to place there, then flew to Montreal, and drove back into the U.S. across the Canadian border. Upon re-entering the U.S., he became the first American quarantined by the federal government since 1963.

When the county health department received a FOIA request from The Atlanta Journal-Constitution, it produced the e-mails discussing the case within 90 minutes. Fulton County has 7,000 e-mail boxes. Officials said that without Symantec’s Enterprise Vault and Discovery Accelerator, the county would have needed weeks or even months to find all the applicable e-mails. The county estimates it saves more than $120,000 per year in labor costs in fulfilling information requests with the Symantec solution.

Risks and Challenges

10 | Proactive information management in government

Risks and Challenges

on continuing developments. But there are many pressing challenges now.

Digital Demand — It’s no longer about paper. Experts have estimated that more than 95 percent of work-related information is now electronic. And around 70 percent is never even printed. That can certainly make it harder to find things. The shift to electronic records has also resulted in a move-ment of responsibility for this information from the records management department to IT.

Internal Investigations — Governments should be ready for ESI requests related to internal investigations. It’s not always a third party that’s driving the need to do e-discovery. It could be an employee claiming harassment by another employee, for example. Or it could be a number of other internal issues.

Amount of Information — Most IT systems were not set up with e-discovery in mind. Yet, the demands of e-discovery are growing. More types of electronic data are sought during litigation, and the

amount of information being created is growing exponentially. The average worker’s ability to generate new data is at an all-time high. The amount of data has grown faster than experts had predicted, and it’s not likely to stop.

Government agencies must get control of their data. If they don’t, it will drag down system performance. That costs productivity time and money, every day. It’s made more difficult by the fact that much information is stored externally. Personal storage table (.pst) files, for example, are files that end-users save off the system. Thus the organization has no visibility to them. How do you recover those when a court demands it?

Endpoints Extended — What about government data that exists outside the organiza-tion, such as e-mails sent to an employee’s personal address? Or e-mails sent to an indepen-dent contractor working for government outside the office? All of these new ways of working make it harder to find things later.

Record vs. Non-Record — When it comes to FOIA, there is sometimes a question about whether something is a “record” or a “non-record.” A letter containing official business is a record, while a copy of correspondence on which no action is recorded or taken could be a non-record. The line that separates the two is not always clear, and different guidelines apply depending on which category an item belongs in.

11 Proactive information management in government |

Variety of Formats — Data also presents a challenge because it exists in an ever-growing variety of formats. Audio recordings, video files, photographs, text messages, voice messages, tweets and other types of files are all fair game for e-discovery, FOIA and internal investigations. And who knows what’s next?

more Devices — All this data resides on many more devices than ever before. More and more work is being done in a mobile fashion, so government information is being spread throughout rising numbers of laptops, PDAs, smart-phones, USBs and other devices.

unstructured Data — The biggest rise in stored data is unstructured — data that doesn’t fit neatly into a database because it’s text in Word documents, e-mails and other free-form types of communication. Unstructured data is harder to control than structured information.

Variety of messages — While e-mail poses the biggest challenge because there’s so much of it and it contains valuable information, other types of data must be managed too. Politicians have lost careers over indiscretions via instant message. Inappropriate text

E-Discovery Is Expensive

Due to the amount of information that must be processed, government agencies often must outsource e-discovery to private-sector specialists and vendors, or outside counsel. The process includes steps such as collection, searching, filtering, review and production. Some typical costs:

Collection:$200+/hour$200-$2,000/HDD$750/GB network files

processing /Culling:$850-$4,000/GB$.03-$.12/page

Review:$130+/hour (40 items/hour)$1,000-$2,000/GB

Collection is often overly broad so nothing is missed. The subsequent processing of extra data causes incremental increases in costs.

Risks and Challenges

12 | Proactive information management in government

messages have done the same kind of damage. These are extreme examples, but they show how important any kind of electronic data can be to government — and to the public.

BIg pICtuRE REquIREDDifferent types of electronic information should be accounted for within the

organization’s environment. That may include instant messages, texts, SharePoint servers, the file system environment, e-mails, .pst files and more. Government has to take a big-picture view of it all. Attorneys already have figured out that there’s a wealth of information that goes beyond e-mail, and they’ll be asking for more instant messages and other communications in the future.

Getting control of e-mail alone, however, is still an important hill to climb. More and more official business is conducted via e-mail. And the content can be multiplied greatly

and altered quickly and often. Just one e-mail sent to a workgroup instantly creates multiple copies. Recipients often forward e-mails to others, adding new information when they do.

How can you possibly track all that? Do you save everything? Some organizations do, out of fear of losing pertinent information, but that leads to e-mail boxes becoming overloaded. Server performance suffers and storage costs escalate. Making sufficient backups of all this becomes problematic as well. Saving everything creates numerous headaches for IT.

tOO muCh pOwER tO thE pEOplEE-mail quotas — where users can only keep

so much information in their e-mail inboxes and sent boxes — reduce storage requirements for individual users, but when they hit their quotas, users either delete content that should be saved or drive archiving “underground” by creating personal

stashes of .pst or .nsf (Lotus Notes data) files. This only shifts the burden from e-mail to storage. Once there, the data still requires money and staff to address it.

While .pst and .nsf files are off the e-mail system, they still can have a huge impact on storage and backup systems. They’re often filled with duplicate data that takes more space than it deserves. Multiplied by the number of employees in an organization, it can have a significant negative impact on IT system performance.

Risks and Challenges

13 Proactive information management in government |

Furthermore, a laptop containing .pst files that is lost or stolen can be a serious security risk. And .pst files are prone to data loss and corruption.

Without a solid retention system in place, governments are relying on end-users — including contractors outside the organization — to determine which e-mails are kept and which are discarded.

Getting control of e-mail is a big undertaking, but it’s extremely important. Government needs the ability to manage, store and discover content in e-mails — along with everything else.

EVEN mORE ChAllENgESIn addition to the data, device and technology issues, there

are several related to processes and people. For example, when it comes to e-discovery, attorneys and IT staff often don’t speak the same language. In fact, they come from completely different worlds. Getting them to communicate well is not always easy, but it must be done.

That’s important, especially given the growing number of lawsuits, investigations, third-party subpoenas, information requests and internal investigations. The litigation picture has been changing, often in the direction of requiring more

Amendments to the Federal Rules of Civil procedureThe Federal Rules of Civil Procedure (FRCP) define the protocol to be used

for civil legal suits within U.S. federal courts. Amendments to the FRCP at the end of 2006 placed a higher importance on the management of electronically stored information during the discovery process. Courts now recognize that ESI is likely to be a substantial part of many lawsuits.

Proper e-discovery methods have become more important since the FRCP changes took effect. Organizations involved in lawsuits must identify and produce relevant ESI in an efficient manner. They must know much more about their ESI much earlier in the discovery process. In meet-and-confer, litigants must discuss relevant ESI sources, search criteria, data locations, accessibility and production formats. With meet-and-confer now occurring earlier in the process, legal and IT teams have less time to prepare than before.

Since the amendments, e-discovery teams have found that they — and their technologies — need to be sharper than ever. That’s because the courts now have higher expectations around the production of electronic data.

Risks and Challenges

14 | Proactive information management in government

what’s a legal hold? why Is It Important?When it looks like an organization will be involved in a lawsuit, a legal hold

— also called a “litigation hold” — is often declared. From that point on, the organization is responsible for taking action in an effort to ensure that no infor-mation related to the case is destroyed. The legal hold applies to information within both paper and electronic files.

The legal hold is typically communicated to employees by the organization’s legal department. Legal and IT departments often work closely to ensure that the hold is being observed by employees. Hiding or destroying any pertinent information, called “spoliation,” can result in severe penalties against the organization responsible.

With proper planning and the right technology, the legal hold can be executed smoothly and efficiently — greatly reducing the risk of penalties against the organization.

work on the part of government. It’s all pointing to government’s need to be proactive regarding e-discovery.

Changes to the Federal Rules of Civil Procedure in 2006 put more emphasis on the discovery of ESI. Legal holds are another challenging requirement. Government must implement legal holds quickly and efficiently. Lost time can lead to lost data, and the courts will certainly not appreciate that.

In fact, an employee who accidentally loses data under a legal hold can be accused of “virtual shredding.” Any such missing information can be looked upon by the courts as information that would have been detrimental to the offending party’s case, which can impact judgments and rulings.

Government agencies have a lot of work to do. While the challenges are many, there are ways to get the job done. Numerous strategies appear on the pages that follow.

Risks and Challenges

15 Proactive information management in government |

Where to Start

With the federal push toward more transparency and accountability, and increased litigation activity, state and local governments are working to improve their ability to respond to FOIA and open-access requests as well as e-discovery needs. So how do governments achieve this goal? Governments must be proactive and take charge of the situation — sooner rather than later.

Information management is the key. Any government agency that wants to be in control needs to have a strong policy for information management. Creating a good policy — and then following it — will result in better access to information, lower costs and less time wasted looking for things.

You need to understand the nature of your data, where it’s located and who’s responsible for it. You also have to get the right people on board and set up the best possible processes. Getting people, processes and technology working together will enable government to quickly search for and retrieve information, whenever it’s needed.

Every organization’s information-management policy will look different, based on the functions and business needs of each. But no matter what the business of a government agency, it will need to craft a policy that satisfies the numerous challenges involved, while also fulfilling its own FOIA and e-discovery needs.

Technology will play a big role. Automation and policy-based actions will help tremendously. And they’ll give government agencies the peace of mind that comes with knowing they’ll be ready for anything. Following are several strategies.

make the Case — Start by building consensus and getting buy-in from the high-level players. Convince others of the importance of being smart about data management. Don’t buy the argument that “we keep everything, so we don’t have to worry about it.” Keeping everything helps you go broke buying storage. Having everything makes it harder to find the one thing you need. And you’d waste a lot of electrical power and storage space hanging onto everything forever.

Another claim might be that real e-discovery and FOIA capabilities are not affordable. That’s not true; proper archiving can actually bring IT costs down, which benefits the organization in numerous ways.

Some might argue that they need more time to study things before developing a policy. Meanwhile the FOIA requests keep coming in, and the agency is still trying to play catch-up. Getting information into an archive where it can be managed is a good first step. Once in the archive, the data is searchable and accessible while you move on to the next step.

Where to Start

It is the policy of this state that all state, county and municipal records

are open for personal inspection and copying by any person. Providing

access to public records is a duty of each agency.

— Florida Statute, chapter 119.01

16 | Proactive information management in government

Where to Start

Assess your Current processes — Look hard at your current processes. Determine what your data-creation structure looks like. Think about your record-keeping processes. Look at employees and how they work — how they create their information, share it with others and communicate. Is it all Word? Excel? How much do they use instant messaging? How do they handle records versus non-records? Looking at your current processes is a vital first step in the information management process.

the Sunshine State and its Sunshine lawsFlorida has long been known as a leader among states in providing public access

to government meetings and records. In 2009, the state celebrated the 100th anni-versary of its “Public Records Law,” Chapter 119 of the Florida Statutes.

The state’s Government-in-the-Sunshine Law, which was passed in 1967, gave the public more access to meetings of boards, commissions and other state and local governing bodies. Florida is showing no signs of slowing down in its quest to provide more information to its citizens. In 2007, Florida Attorney General Bill McCollum and the University of Florida’s Brechner Center for Freedom of Information launched the Government Accountability Project (GAP).

GAP is studying public access to records at the local government level. The goal is to encourage and help local governments to provide informa-tion that their citizens need but have difficulty obtaining. The Office of the Attorney General is also providing easy access to much information on its own Web site, including its budget, contracts, audit reports and more. It’s one of many examples of the state putting extra effort into pushing information out to its citizens.

Over the years, Florida voters have shown their support for sunshine laws at all levels of government. Other states can look to Florida as a model of govern-ment openness and accountability.

17 Proactive information management in government |

Build your team — When creating your information management policy, consider setting up a steering committee, working group or other such group that involves representatives from several key departments such as IT, legal, records management and others who should play a role. It will depend on the kind of business your agency does, of course, but it’s often helpful to have as varied a group as possible. You may also want an executive who has a high-level view, and knows quite a bit about how the agency’s daily work is getting done. Since different functions are represented, there will likely be some disagreements. Team members simply need to work through those to come to the decision that’s best for the organization.

The bulk of the discussion often comes down to legal and IT. While those two groups often have entirely different viewpoints, they can find common ground and agree on a plan. Some say there’s more cooperation today than there was in the past, since the 2006 changes to the Federal Rules of Civil Procedure have forced the two sides to work more closely together.

Create a Data map — You need to know as much as possible about your electronically stored information, including what it is, where it is and who’s responsible for maintaining it. One way to do this is to create a data map, which is a written record of this informa-tion that helps clarify things for everyone involved. A data map can be very helpful to legal counsel when it comes to strategizing how best to respond to discovery requests. It also makes business sense because it gives you a clearer picture of the structure of your information. It helps an organization understand what information is being created every day by its employees, and what systems they use to do that.

The level of detail in a data map can vary, depending upon the organization’s needs. While it’s not a quick and easy process, creating a data map can be very important to an agency’s effort to have better e-discovery and FOIA request readiness. It can lead to faster retrieval of needed data. It enables faster decision-making when it comes to analyzing risks and deciding whether to settle or go to court. There are other benefits as well. For example, knowing more about your data will help you see opportunities for more efficiency and cost savings.

It’s also important to keep the data map updated as changes occur. Consider appointing one person to be in charge of this. This person can then pull updates and information from others to keep the data map as accurate as possible. It’s especially important because things change so often within IT systems.

Archive — Having a comprehensive archiving system helps an organization store, manage and discover its data. Automated, policy-based archiving is the state-of-the-art

“Let the people know the facts, and the country will be safe.”

— Abraham Lincoln

Where to Start

18 | Proactive information management in government

Where to Start

way to simplify the information management process. That includes easing the way for e-discovery, fulfilling FOIA requests and conducting internal investigations. (For more information on archiving, see the final section in this document.)

Define your Retention policy — To be prepared for FOIA and e-discovery requests, you should start with the right set of data. That means keeping all the right things and throwing out the rest. To accomplish this, consider implementing a data retention policy. The policy will define what types of information must be retained and for how long. It will also outline when information can be expired or destroyed. Using technology to automate retention activities is a good way to have everything you need.

One factor that will help determine a retention policy will be the applicable regulatory guidelines. In government, some types of information must be kept longer than others. In addition, each agency will also have its own business drivers that help it determine its retention policy.

It’s usually best not to have too many retention categories. The more complicated the policy is, the harder it is for employees to comply with it.

19 Proactive information management in government |

Once the retention policy is set, it should be documented thoroughly and updated as necessary. If it’s not, valuable data could be lost, and that could turn out to be a big problem for the organization.

After it has been defined, enforcement of the policy becomes key to maximizing its effectiveness. To that end, the policy should be communicated across the organization. People should be educated as to what is expected of them and why. Often when users are educated about these guidelines, they tend to create new information in a manner that aligns with the retention policy.

After all these steps have been taken by a government agency, that agency should be confident that it has greatly reduced its risk when it comes to responding to FOIA and e-discovery requests.

Don’t Forget Destruction — Destruction of information pursuant to the organization’s retention policy is an important part of the information life cycle. Keeping unnecessary data results in higher costs — both for maintaining the data, and also for sifting through it when responding to specific requests to produce.

The amount of information held by any government is constantly growing. Keeping data around when it’s no longer required harms the performance of IT systems and puts unnecessary strain on resources and budgets. In addition, it impedes e-discovery, FOIA response and internal investigations. Information should be expired pursuant to a well-thought-out retention policy based on legal and regulatory requirements.

prepare for legal hold — Implementing a legal hold is the first step when an organi-zation reasonably anticipates litigation. As such, it can be helpful to establish a repeatable legal hold process. The process can help ensure that any potential destruction of data is immediately suspended. Automated technology can assist with this process and ensure that potentially relevant information is retained.

“Knowledge will forever govern ignorance, and a people who mean

to be their own governors must arm themselves with the power which

knowledge gives.”— James Madison

Where to Start

20 | Proactive information management in government

Strategies

IT plays a critical role in responding to e-discovery requests, FOIA requests and internal investigations. These are three important areas fraught with many traps and complex issues. It’s more complicated than it looks. To store, manage and discover both structured and unstructured information across an entire organization is a big job.

If things aren’t done properly, heavy penalties can ensue and the public is disappointed. Government owes it to the public to have the processes in place that allow it to respond quickly and efficiently. And it has to be able to do that at a reasonable cost.

By practicing proactive information management, government agencies can be ahead of the e-discovery and FOIA game. Litigation is always a difficult affair. Even

cases that are settled and don’t make it to court can be trying and time-consuming. Having the right e-discovery processes in place can make all the difference.

SImIlAR pROCESSESE-discovery, FOIA activities and internal investigations all require similar proce-

dures for an effective response. Time frames vary however; while FOIA requests must be fulfilled by federal agencies within 20 business days, states responding to records requests have varying time requirements. For court cases, respondents often have up to 120 days.

Several tools can help manage the data, including e-mail and general content archiving. Be sure to choose a tool that will help with your organization’s overall business objectives, not just e-discovery and FOIA needs.

With the proper information management processes and technologies, organizations can be better prepared. They can operate

more efficiently at lower cost, free up staff to work on other projects, and always be ready when FOIA and e-discovery requests arise. Following are some strategies.

Choose Comprehensive Archiving — A good archiving system can be the foundation of an organization’s e-discovery process. It’s a central, comprehensive way to bring data together in an automated fashion, from numerous formats. Policy-based archiving helps organizations stay consistent with their overall information management strategy.

Strategies

“A nation that is afraid to let its people judge the truth and falsehood in an open market is a nation that is afraid of its people.” — John F. Kennedy

21 Proactive information management in government |

Basic Steps in E-DiscoveryThe Electronic Discovery Reference Model (EDRM) establishes guidelines and

standards for e-discovery. It’s a reference model to help organizations address e-discovery challenges. The model was built by more than 300 e-discovery experts, vendors and end-users from more than 125 organizations. EDRM has helped e-discovery consumers and providers reduce the cost, time and manual work associated with e-discovery. Following are the basic steps in e-discovery, as described by the EDRM (www.EDRM.net):

» Information managementGetting your electronic house in order, to mitigate risk and expenses should electronic discovery become an issue, from initial creation of electronically stored information through its final disposition.

» IdentificationLocating potential sources of ESI and determining its scope, breadth and depth.

» preservationEnsuring that ESI is protected against inappropriate alteration or destruction.

» CollectionGathering ESI for further use in the e-discovery process (processing, review, etc.).

» processingReducing the volume of ESI and converting it, if necessary, to forms more suitable for review and analysis.

» ReviewEvaluating ESI for relevance and privilege.

» AnalysisEvaluating ESI for content and context, including key patterns, topics, people and discussion.

» productionDelivering ESI to others in appropriate forms and using appropriate delivery mechanisms.

» presentationDisplaying ESI before audiences (at depositions, hearings, trials, etc.), especially in native and near-native forms, to attempt to persuade or elicit further information.

Strategies

22 | Proactive information management in government

Strategies

Archiving also reduces IT infrastructure and long-term storage management costs. It helps tremendously with data retention, so the system knows what data to keep and what to let go. That gives you a smaller data universe to deal with — and it’s easier to know that universe well. Archiving can really help an organization get a handle on its data, which is a huge advantage when responding to requests for information.

With less data to look through, searching for and collecting data for e-discovery is much less time-consuming. Automated archiving also helps ensure that end-users

themselves aren’t making decisions about what to keep and what to delete.

Implementing, updating and terminating legal holds can be a much simpler process with proper archiving in place, as things can be done from a centralized loca-tion. Archived information is fully audited, which helps with quick review for internal investigations and early case assessment for legal actions. Results can be easily marked and tagged by reviewers, or according to rules set by the organization.

Data can also be exported more efficiently to a third party for review. Archived data in general is easier to produce for other parties, whether it’s for in-house legal departments, outside reviewers or opposing counsel.

Archiving results in lower costs for search and retrieval. It helps apply centrally managed retention and records management policies across unstruc-tured data. An indexed, centralized data repository

means the archive is the first place to search for needed content. It also helps identify seldom-used information, which can then be moved from high-

cost disks to lower-cost storage areas, while still maintaining accessibility. Archiving can also help eliminate all .pst and .nsf files, further lowering costs.

Archiving improves performance, reduces costs and simplifies information manage-ment. It also reduces your risk of being unable to find critical content. There are many advantages. It’s a long-term proposition, though, so choose your system carefully. Think about scalability and future needs.

Designate a leader — An effective e-discovery or FOIA response effort needs a leader. You need a person to be the main contact for your agency. This person leads the response from start to finish, so it should be someone with good project-management and leadership skills. It needs to be someone who can work across several different departments. Having someone own this process can be very helpful throughout.

23 Proactive information management in government |

Determine what Information might Be Needed — Evaluate the data your organi-zation has, and try to determine what might be requested. If there have been requests in the past, this will help you to gauge that. The past level of detail can also help indicate how much detail might be needed in the future. Data often needs to be produced quickly. Thinking about the possibilities ahead of time can give you a head start.

Be prepared to Defend the process — Think about any potential weaknesses in your processes. How would you defend them if you were required to do so in court? Even if you’re not called to do that, being prepared for such an event can only help your readiness in general. By looking at your processes from a legal opponent’s perspec-tive, you can shore up any weaknesses and have the peace of mind that comes with knowing your process is as good as it can be. That will also benefit you during any future e-discovery events.

Archiving

Better Information Management Through ArchivingArchiving improves the ability to manage information in several ways. It helps enforce retention policies, implement legal holds, prepare early case assess-ments, review data and numerous other key functions. It gives an organiza-tion more confidence in its ability to manage e-discovery, FOIA requests and internal investigations. Archiving also reduces costs, improves performance and condenses storage.

Migration

Compression

Deduplication

Transparency

Retention

Expiration

Preservation

Auditing

Search and Review

Export

Supervise

Analyze

STORE MANAGE DISCOVER

Strategies

24 | Proactive information management in government

use the Right tools — Many organizations aren’t prepared for e-discovery and FOIA. Often that’s partly because they don’t have the right technologies in place. A FOIA request, for example, will often seek very specific information regarding a certain event

or issue. That can be a tall order if an organization doesn’t have its data organized. If it involves e-mail, for example, IT staff might have to pull backup tapes for the entire e-mail system, and look through e-mails to and from the entire staff. That will obviously cost a lot of time and money. The right archiving solution can go right to what’s needed.

Reduce the Amount of Data — The less information you keep on your systems, the less work required to manage it. With less information, searching, collecting and review will all move faster. Archive systems can look at content in messages and archive those with certain keywords, such as “pandemic,” for example. Things could be archived according to file size or age as well. The system can take param-eters such as these and clear items off your active systems, streamlining what’s left. Anti-spam technologies, too, can help by keeping junk mail out of your e-mail systems. Look at all your data and see how you can limit what you keep — without deleting items that are truly needed.

migrate .pst/.nsf Files — Any .pst and .nsf files that employees set up can be a drag on your system. Explore ways to get control of these personal storage files. Fortu-nately automated technologies can help you find these files, archive the content within

them properly, and then get rid of the problem alto-gether. Letting employees set up their own .pst and .nsf files opens an organization up to several risks. Critical business data could be lost. Courts could find the organization noncompliant when it comes to producing needed information for cases. Spolia-tion charges could arise. There are many reasons for eliminating these types of files, including lowering your costs for e-discovery. The right system will even let you prevent .pst and .nsf files from being created in the future. Letting employees handle their own archiving may not be the best way to do things, especially for government.

understand Spoliation — In a legal case, destroying evidence — or hiding, withholding or altering it — is known as spoliation. Whether it’s done intentionally or not, it can lead to serious

“Government ought to be all outside and no inside.”— Woodrow Wilson

Strategies

25 Proactive information management in government |

consequences. In some instances, the court may issue an adverse inference or instruct the jury that the spoliated evidence is information that would have harmed the case of the party that ruined such evidence. The possibility of such an adverse inference underscores the need for government agencies to promptly institute legal holds when called upon to do so, and to take the utmost care in dealing with any information that may be relevant to a pending legal matter.

plan your legal hold process — When a legal hold comes your way, you have to take it seri-ously. Being proactive by having a plan in place ahead of time is a good strategy. Know who’s in charge of responding to a legal hold for your organization. Make sure everyone knows their role should a legal hold be issued. Automating the process is often a good idea; archiving software makes it easier to track your data and ensure relevant data is not destroyed or altered inappropriately. Additionally you should ensure systems can handle multiple legal holds. Any organization could be hit with more than one, and sometimes the timing of them may overlap. Over time, continue to refine and improve your legal hold process.

Once a specific legal hold is declared, identify the people and data that may be affected by the hold. The legal department should notify various key personnel, such as the IT department, the records management department and other custodians of specific data related to the case. If a routine expiration schedule normally would destroy any of the relevant data, that schedule must be suspended and the data preserved. As the case evolves, modifications to the hold may be made, and certain other types of data may be included. Changes should be documented.

Enable Early Case Assessment — When you’re involved in a lawsuit, you want to know as much information about the matter as you can, as soon as possible. The scope of the e-discovery work required will be one important factor you will need to know about. Early case assessment helps you determine which cases to fight and which to settle. Since archived information has already been indexed and collected, you quickly have visibility into what you need to know. You can conduct a fast search and analysis, and potentially eliminate expensive and time-consuming manual data collection. Early case assessment also gives an organization insight into the severity of the matter and the key issues involved. It can also help your team prepare for the meet-and-confer process with opposing counsel. Early case assessment is a very important part of e-discovery. And if

Strategies

26 | Proactive information management in government

the issue at hand isn’t a legal one, but an internal human resources or audit problem, for example, your early case assessment capabilities will help with that too.

Be thorough with Data Collection — If data collection is not done properly, it can come back to haunt you. Faulty data collection can jeopar-dize the admissibility of data in court, which can adversely affect your ability to resolve legal issues favorably. Accuracy and integrity of the data are essential. Be sure to have a system that preserves metadata. Maintain detailed documentation on all data that’s collected, for the life of the case. This chain-of-custody file should record the action anytime anyone touches the data. Chain of custody

is important because digital data is easy to change. Once an internal investigation or e-discovery process has begun, it’s critical that any access to data is documented. It’s often best to automate collection, so nothing is missed, and the process is completed quickly and efficiently.

process the Data — After the data has been collected, it may be processed in several phases. These include indexing, deduplication (disposing of unneeded duplicates), SIS (single-instance storage, or storing only one copy of items), password cracking, importing relevant .pst files and other steps. Archiving software that can automate these things will of course be extremely helpful.

Review and Analyze — You must be able to review and analyze all data before sharing it with opposing counsel. Specific items can be marked for further review, and with the right system, you can export data directly to analytics vendors or other third parties.

understand Backup tape policy — Make sure you know how your backup system works and fits into the e-discovery process. Many organizations make the mistake of using the backup system as an archive. That can be too cumbersome when you need to pull specific data out. Backups should be for disaster recovery only. Archiving should be used for e-discovery.

Communicate and Cooperate — Because legal and IT departments are so different, make an extra effort to get these people talking with one another early and often. Both the legal and IT worlds are complex in their own unique ways, and few people fully understand both. Get the right people communicating directly, especially when trying to sort out technology compatibility issues.

Strategies

For additional copies or to download this document, please visit:

www.govtech.com/ediscovery