Define solid processes for records retention and employee devices

Litigation readiness is critical to your business’s success. This is the second post in our eight-part blog series that explores defensible corporate ediscovery best practices.

Poor Policies Hurt Information Governance

Setting clear ESI data governance and employee device policies can make or break a case. If your business doesn’t have strong, well-thought-out policies governing electronically stored information (ESI), it’s only a matter of time before an ediscovery crisis erupts. That’s because without knowing where ESI lives, what it says, and who owns it, you can’t reliably preserve, collect, review, and produce it on demand.

For example, you may have employees installing and using new applications every day, generating data the legal department doesn’t even know about — which means you can’t put a legal hold on it when litigation crops up. Or, if there’s no defensible plan in place for records retention, you may be either keeping information that has outlived its usefulness or deleting records you actually need. And, if you don’t have a thorough and clear bring-your-own device (BYOD) policy, your employees may not realize they must preserve business-related data on those devices when they’re subject to a legal hold.

Inadequate policies like these are disasters waiting to happen. When you don’t set rules around how employees engage with, store, and share data, you’re jeopardizing your ability to confidently respond to litigation when it arises.

Shore up Your Information Policies

Start boosting your litigation defenses by revisiting your policies that govern ESI creation, use, and deletion. Survey your employees to find out if they’re generating data through applications and which devices they use for business communications. Talk with your IT department about how to prevent installation of unapproved applications. As part of the best practice of data mapping, identify the ROT — redundant, obsolete, and trivial data — and devise a strategy to defensibly delete unnecessary ESI. Your process may involve simply updating your existing policies or creating entirely new ones.  

Once new information governance policies are vetted, train your employees on what’s required of them and why these policies matter. You’ll also want to embed a process for enforcing policies over time. Continue checking with employees and IT about what apps or devices are being used, and be careful to treat all violations equally rather than letting “minor” incidents slide.

Top Tips for Essential Policies

  • Application use policy. Many companies restrict the installation or use of non-standard applications on company computers or mobile devices. If you allow some freedom to adopt new applications, create a notification and approval pipeline that lets employees advise IT and legal about applications they want and need to use.
  • Records retention policy. Data is not free – especially during ediscovery. In fact, data processing, hosting, and review costs are estimated at $18,000 per gigabyte. You can’t afford to retain everything, but you also can’t run the risk of recklessly or randomly deleting important information. To be defensible in court, ensure your information governance policies are consistent and reasonable.
  • Bring-your-own-device (BYOD) policy. If your company allows the use of personal mobile devices such as phones and tablets for business communications, then establish a clear delineation between what employees can and cannot do with their own devices. Your policy should also explain what data belongs to the company and what employees should do when they’re under a legal hold.

Want to see all eight best practices for an airtight litigation response? Get your copy of the the ‘Eight Best Practices for Litigation Readiness’ strategic insights paper.

Questions about corporate information policies?

We’re here to help you manage your ESI and master ediscovery, from litigation readiness planning to a confident response. If you need a hand or have questions, please contact us.