It’s easy to get lost in the abyss of technical jargon when discussing Electronically Stored Information (ESI). However, good information governance, which is one of the cornerstones of data privacy and security, doesn’t have to be complicated. Adherence to a few simple “good housekeeping” principles will go a long way toward minimizing the creation of extraneous data, organizing existing data, and eliminating out-dated data, all of which will make any data breach response or e-discovery process that much easier.
- Have a written record retention policy…and enforce it. A record retention policy is only as good as the people behind it. Make sure your organization has an up-to-date policy (one from 1999 isn’t going to do the trick), and encourage a culture of compliance.
- Out with the old: The temptation to keep data past its useful life is high. What if you need to remember what was said at that meeting back in 2007? While those notes may help jog your memory they take up valuable space and could expose you to liability or embarrassment (think, Sony emails).
- Draw a map: It’s important to know where your data is. If you don’t, have your IT department map out all possible repositories of data and identify what type of information resides there. In the event of a breach, this will give you an immediate sense of what was compromised. In e-discovery, it can greatly reduce the scope of collection. And if you don’t have one, it’s one of the first things your lawyers will be asking you do if either of the above situations occur.
- Bring Your Own Device (BYOD) policies are your friend: Personal devices being used for business purposes is the new normal. Develop policies surrounding the practice so you know where your data is and can ensure that it is secure.
- Litigation holds are not forever: Litigation holds are serious business, but they don’t have to endure years beyond the conclusion of a dispute. Consult with your attorneys to determine when it’s appropriate to lift the hold and purge that dated information.