 By Karthik Kannan With the growth of knowledge workers, ubiquity of content creation tools and subsequent explosion of electronically stored information, new challenges have arisen in the early case assessment phase of eDiscovery and corporate governance enforcement. Initially, identifying all data sources and creating an organizational data map was an enormous challenge. But with that issue better understood now, how does a corporation move tens of thousands of documents and multiple terabytes of information to a central repository to preserve it for litigation, the process referred to as “legal hold”? Does all data need to be moved to a central legal hold repository? How does a corporation identify a confidential or privileged document and lock it down throughout the entire network quickly and swiftly to avert an information leakage crisis? The big question becomes how legal and IT teams can place a hold on relevant information at the source or “in-place” for a rapid assessment, investigation and/or IT policy enforcement while maintaining the chain of evidence and allowing business operations to proceed. Unfortunately, the status quo will not work; change is needed. The traditional approach copies all data and replicates it, which requires more storage and expense and does not protect the document in native formats. This also leads to the classic problem of over-collection and retention, which is not only expensive from a storage and network utilization standpoint but also from a liability management standpoint because the corporation is now required to maintain the entire dataset under legal hold in a pristine fashion. Further, without a proper legal hold technology, data and meta-data are prone to spoliation during the process of movement to a repository. A proper legal hold strategy needs technology in-house, in addition to process and people, to implement, manage and enforce the policy in order to ensure no spoliation occurs. People and process alone cannot guarantee fool-proof legal hold capabilities. Protecting documents and information, as well as maintaining the chain of evidence for defensibility is the highest priority for the eDiscovery process. The legal hold technology must be a disruptive technology that guarantees data and meta-data integrity and must be able to prove that the data and meta-data did not change during the course of the litigation. Legal hold is an entire workflow that should be well integrated with the overall eDiscovery process; it cannot be a point solution that is detached from the rest of the litigation support solution. The main components of legal hold are: • Policy, or the process established by corporate legal team; • Notification to custodians of their documents relevant to the legal hold process; • Implementation and enforcement of legal hold to prevent modification or deletion; • Release, or the removal of legal hold as required by policy, such as if the information is determined not to be relevant or when the case matter is closed; • Legal hold workflow, meaning the process of identifying the custodian, custodian data, assigning the data to a particular case and establishing a docket number; and • Legal hold dashboard and reporting, which is the detailed reporting of legal holds by custodian, case and other categories. Legal hold solutions need two key capabilities: “in-place legal hold” and “target legal hold,” which allow legal and IT teams to place a legal hold on documents at their source, such as the file server, email server, desktop, laptop, and/or storage systems, and then copy or move relevant documents to secure target repositories for litigation preservation. This capability greatly minimizes the risk associated with data and meta-data spoliation. The combination of in-place legal hold and target legal hold constitutes the best practice for corporations and legal service providers in order to maintain the highest levels of defensibility and spoliation prevention. The first feature, in-place legal hold, places a lock on any potential material information where it resides on the network and modifies file permissions, so only the legal hold owner has access. It is considered a “transient” process to protect content while early decisions are being made. For example, potentially relevant information on a laptop in Asia, desktop in Europe, or server at corporate headquarters can be frozen on the device on which it is found with all metadata and content preserved intact. In-place legal hold provides an immediate lockdown of potentially relevant electronically stored information with a click of a button. In-place legal hold is released just as easily as it was set. This feature delivers a powerful early case assessment capability without the over-collection and retention challenges. The second feature, target legal hold to secure repositories, executes a “copy or move” to a secure repository, then performs a data integrity and verification test to ensure chain of evidence preservation. This feature provides extensive defensibility and auditability for eDiscovery by ensuring no spoliation of data and no modifications to metadata attributes of files and emails. Legal holds can be released as soon as deemed appropriate per the legal staff’s discretion. In addition, legal hold solutions need advanced defensibility mechanisms to not only prevent data and meta-data spoliation but also preserve a chain of custody across the legal hold process. Integrated data verification and audit logging are necessary to guarantee and prove a forensically sound legal hold process. Further, they must provide ample reporting capabilities to show legal holds across custodians, data sources, cases, etc. Some of the key benefits achieved through optimum usage of the legal hold capabilities of an eDiscovery solution are: • Rapid early case assessment: The process enables legal and IT teams the ability in real-time to identify information, lock it down in-place, review potentially relevant information quickly to determine litigation exposure or IT policy breach, and then move relevant information to target secure repositories for preservation. • A defensible and auditable process: In-place legal and target legal hold deliver a robust capability to preserve and maintain all relevant document content, as well as metadata content, to provide the highest possible defensibility and auditability for litigation and corporate governance policy enforcement. • Reduction in cost and infrastructure workload: In-place legal hold institutes a legal hold of electronically stored information at the informational source, which reduces the need to move data to a central repository thus reducing network bandwidth and storage system space. About the Author: Karthik Kannan is vice president of marketing and business development at Kazeon and has more than 15 years experience in high tech. Kannan is responsible for setting the Kazeon’s outbound marketing strategy as well as establishing a healthy partner ecosystem. Prior to Kazeon, Kannan provided independent consulting services to clients in the storage and related spaces and remains on the advisory board of two storage startup companies. Page: 1 of 1 pages for this article
|
|
|---|
