It’s easy to get lost in the abyss of technical jargon when discussing Electronically Stored Information (ESI). However, good information governance, which is one of the cornerstones of data privacy and security, doesn’t have to be complicated. Adherence to a few simple “good housekeeping” principles will go a long way toward minimizing the creation of extraneous data, organizing existing data, and eliminating out-dated data, all of which will make any data breach response or e-discovery process that much easier.

  • Have a written record retention policy…and enforce it. A record retention policy is only as good as the people behind it. Make sure your organization has an up-to-date policy (one from 1999 isn’t going to do the trick), and encourage a culture of compliance.
  • Out with the old: The temptation to keep data past its useful life is high. What if you need to remember what was said at that meeting back in 2007? While those notes may help jog your memory they take up valuable space and could expose you to liability or embarrassment (think, Sony emails).
  • Draw a map: It’s important to know where your data is. If you don’t, have your IT department map out all possible repositories of data and identify what type of information resides there. In the event of a breach, this will give you an immediate sense of what was compromised. In e-discovery, it can greatly reduce the scope of collection. And if you don’t have one, it’s one of the first things your lawyers will be asking you do if either of the above situations occur.
  • Bring Your Own Device (BYOD) policies are your friend: Personal devices being used for business purposes is the new normal. Develop policies surrounding the practice so you know where your data is and can ensure that it is secure.
  • Litigation holds are not forever: Litigation holds are serious business, but they don’t have to endure years beyond the conclusion of a dispute. Consult with your attorneys to determine when it’s appropriate to lift the hold and purge that dated information.
Print:
Email this postTweet this postLike this postShare this post on LinkedIn
Photo of Andrea Donovan Napp Andrea Donovan Napp

Andrea Donovan Napp is chair of the firm’s Electronic Discovery and Information Management Team. In addition to e-discovery, Andrea focuses her practice on complex commercial litigation, business torts, and market conduct cases, representing businesses, municipalities, and individuals in various jurisdictions. As chair of…

Andrea Donovan Napp is chair of the firm’s Electronic Discovery and Information Management Team. In addition to e-discovery, Andrea focuses her practice on complex commercial litigation, business torts, and market conduct cases, representing businesses, municipalities, and individuals in various jurisdictions. As chair of the Electronic Discovery and Information Management Team, Andrea coordinates Robinson+Cole’s use of the latest technology, such as Concordance, CaseMap, LAW, LiveNote, and various Web-based platforms, to achieve maximum efficiency and compliance for our clients. Andrea has significant experience in all aspects of e-discovery, including document retention and data management planning, development of defensible collection policies, and management of large scale reviews and production. She has managed several large, sophisticated e-discovery projects in government investigations and private litigation. Notably, she led United Technologies Corporation’s privilege review in the Department of Justice’s antitrust review of the largest-ever aerospace merger. She routinely counsels clients on the development of data retention policies, legal hold practices, and e-discovery response plans. Read her rc.com bio here.