Skip Records Management and Start Governing Your Information

Are Your Information Governance  Policies Still Based On This?

2014 © Cary J. Calderone

Since 2007, in spite of my best efforts, I have watched as organizations lost control of their electronic data and struggled to implement classification systems and other good information governance protocols. And yet, it might not be entirely their fault.  I routinely see advertisements from "expert" consulting groups that offer a “solution” for records and information management based on the ancient approach of retention policies and schedules. This is like having a modern steel and glass building and hiring a carpenter with wood and nails to help you expand. The usual advice starts with “the foundation” that includes a records plan or policy and then attempts to expand it to cover electronically stored information (ESI).   Why?  Is it because existing records programs have been performing so well?  I doubt it.  Ask employees at most organizations about the adequacy of their current records policy and you will receive the same response, “what records policy?”   So, if it really was not working for paper, why would consultants suggest that you just update it to handle ESI? Classification and retention programs that achieved barely adequate to horrendous results historically with paper, are not going to work with your expanding email, instant messaging, social media, and new media applications.    How about an approach that will work? 

Review of Data Crush-Sometimes You Can Judge A Book By Its Title

By Cary J. Calderone, Esq.

My quick summary of the book:  Either crush, or be crushed.  The amount of data is growing faster than ever.  Data Crush by Chris Surdak explains why this is happening and provides a roadmap for keeping your business on the right side of the tidal wave of data.   A key observation Surdak shares is that:

The Internet used to be a tool for telling your customers about your business. Now its real value lies in what it tells you about them.

 In other words, you either take advantage of new technology and new data, or, your competitors will, and you may be out of business.  

I Was So Wrong-My Review Of "The Plugged-In Manager"

by Cary J. Calderone, Esq.

It is difficult for anybody to admit they were wrong.  Perhaps even more so for an attorney skilled at arguing to the contrary, but I have to admit it now because the more I learn, the more I realize just how wrong I was.  Flash back to the year 2000, when I was becoming friends with author Dr. Terri L. Griffith.  She explained that the focus of her work was around "Organizational Behavior" and "Virtual Teams."   She even described it as arguably the most critical part of the MBA curriculum.  Are you rolling your eyes?  I know I sure did.  She went on to say that while in school, MBA students believe Finance and other core subjects are the most important.  However, once they graduate and have been out in the workforce for a few years, their opinions change.  Then, OB and VT courses have the highest priority and are the first they take when they return for Executive Education.  Apparently, the MBA students were initially wrong too.  As I read her book, I could not help but reflect on my past seven years of record and information management counseling and just how much more my "organizational behavior" skills and knowledge  outweighed my legal skills when it came to getting results.  

Geek vs. Geek-What Do You Mean Backup?

© 2013 By Cary J. Calderone, Esquire

Geek vs. Geek

This is the first in a new series of blog posts that will illuminate the communication gap between Legal Geeks and Technology Geeks.  For these "Geek vs. Geek" posts, the basic assumptions will always be the same:  1) Both types of geeks, T-Geeks and L-Geeks, are pretty darn smart. 2)  Both know quite a bit about their own unique tasks, tools, and responsibilities.  3)  Both can be a bit defensive, if not downright surly, when they sense a challenge to their authority coming from a competing "Geekdom."  Now that we have the ground rules, the sample hypothetical for this post is about the company Backup or Disaster Recovery Policy.  Do you have one?  Do you think it is being followed?  Maybe.  Maybe not.

Who are you talking to? You talking to me?

by Cary J. Calderone, Esquire

Here comes a little rant.  I try to be nice, really I do.  But it is very frustrating when my energy and efforts to help a client are thwarted or, challenged by more aggressive and "less informed" consultants and sales representatives posing as consultants.  Attorneys, sales reps and consultants usually have different education backgrounds, different experiences, and different motivations.  So I wanted to devote this blog post to summarize and distinguish these three professionals who may be employed to assist you with your DRED project. 

First, there is the sales representative who makes some or all of their salary by making a sale.  They have to get you to say "yes" to their product or service in order to earn their commission.  Accordingly, they are not the most motivated when it comes to telling you how their product might fail you or how over-simplified their "form data retention policy" might be.  Most seasoned customers recognize the motivation of the nice and helpful sales rep and view their information as potentially inaccurate. 

Next there is the consultant, (and not one that is really tied to a specific product which makes them a sales rep disguised as a consultant) offering you "best practices." The consultant needs to make you happy with the service and/or product they select so getting you to say "yes," is not always enough.  If it doesn't work out as advertised, you probably will not want to pay for it.  So, where a sales rep might proclaim a product definitely can handle your needs, the experienced consultant will hedge a bit, to avoid possible fallout later on.  I get quite a few questions from "consultants" asking me to explain some point of law to them so they can explain it to their client. I typically do not help them.  It is their intention to take complex legal points and simplify them because, "that is what their clients like." Needless to say, simple is not accurate and frequently will cause their client more harm than good.  A little information truly can be a dangerous thing.

Lastly, there is the attorney (cue dramatic background music).  The attorney is risk-adverse and picky about simple statements of the law.  We learn that words have meaning and appreciate that even when sales reps and consultants use our words or case law appropriately, they often find a way to mess up the scope or analysis of the legal principle. While attorneys are often derided for making the simple seem complex, in our defense,  frequently things that appear simple, are simply not.  And, when it comes to your legal obigations, we attorneys are the ultimate and best source to evaluate your legal hold, data retention and eDiscovery policies and procedures.  Most good sales reps and consultants agree with this.  even if they occasionally forget it while they try to "help" their client.

So, who are you talking to?   When it comes to legal points, I hope it is your very wise and well-informed attorney. Can you hear me now?

New E-Discovery Rules in California: What does this mean for you?

by Cary J. Calderone, Esquire

With no fanfare our Governor, Arnold Schwarzenegger, signed into law AB 5, the California Electronic Discovery Act ("CEDA") (Full Text). The only surprise to those of us who practice in this area was that it did not get signed into law last year. Most believe it was delayed solely due to California's pressing budget problems. California is the home of Silicon Valley and the High Tech industry so the laws in our state typically lead the way when it comes to considering their effect on technology and business. In California email correspondence has been legally enforceable as a "written instrument" since the mid 1990s. It made no sense that one state after another, except California, was adopting rules to mirror the e-discovery rules contained in the Federal Rules of Civil Procedure and thereby, acknowledging that business disputes were now dominated by Electronically Stored Information ("ESI") such as email, word-processed documents and databases etc. These states recognized the importance of having specific discovery rules around ESI and yet, California did not. Now that California has acted what does this mean for your company when it operates in, or is subject to legal proceedings in state courts in California?

First, all those stubborn attorneys who used to tell me that they did not need to worry about Legal Hold Notices, Email Procedures and Record Retention Schedules, because they never were involved in Federal disputes, no longer have that weak excuse. It was a weak excuse because under the old California discovery rules, litigants and their lawyers were affirmatively charged with the duty to protect potentially discoverable materials. In most cases, destroying "evidence" can be charged separately as a crime. There was never any exclusion for emails and ESI and in fact, emails and ESI have been critical pieces of evidence in many criminal and civil matters for at least a decade.

Second, not only is that lame excuse gone, the California rule requires that attorneys from all sides of a litigation matter will need to "meet and confer" 30 days prior to the Case Management Conference. This means they will need to discuss ESI and what/how it will be preserved and exchanged during the discovery process for state legal matters, just like they already must do for Federal matters. Do you know how much ESI you have on your network and in other places you control? Do you know where it is? Can you search it? You should be able to answer a resounding "YES" to these questions. Otherwise, it means you may end up litigating from a weakened position.

Some commentators believe the CEDA modifies the Federal Rule around "inaccessibility" of data as it may be used to defend from producing materials in a litigation matter. I believe the CEDA merely does a better job of explaining the real world arguments that occur in front of the judge. Namely, the judge will ultimately decide whether or not the information is "reasonably accessible" on a case by case basis. Judges have never been fans of an attorney conducting a cost escalating "fishing" expedition during discovery, but if there is a likelihood that important information is only available in one location, there are very few circumstances when a judge will not want that information to be retrieved and searched. The idea is that "Justice" is about finding the truth, not about being able to hide the truth from the judge.

Now it pains me to admit this, but in some ways, if your company has procrastinated and delayed having an Assessment Report and updating its ESI policies and procedures, you have benefited in that the software programs and procedures for accomplishing these tasks are better now and, in some cases, even cheaper. The bad news is that you have at least 2 more years of data to organize, review and remediate. So the longer you wait, the more likely the process will become more difficult and more costly. Will your company be like so many others out there that waited until they got tagged by losing a legal matter or got sanctioned for mishandling ESI? Or, those that had to settle a matter because they could not find their evidence to prove their case, or, they could find it but it would be cost-prohibitive to produce it in a defensible manner? Or, will your company need to feel the sting of a hefty discovery sanction to be motivated to organize their ESI? In a prior post, I mentioned performing a Google search for "million dollar discovery sanctions." There are even more now than there were the last time I mentioned it!

Industry Blurb Follow Up: Symantec Discovery Attorney Annie Goranson

by Cary J. Calderone, Esquire

Last summer I commended the move by Symantec Corporation to create a Discovery Attorney position in their Enterprise Vault applications group (See, Smart Move by Symantec). From my own personal experience, the often used phrase, “bridging the gap” does not adequately describe the lack of understanding between the Legal and Information Technology departments. In many organizations, the “gap” looks more like the Grand Canyon. After applauding the fact that Symantec recognized that someone with a legal perspective, Annie Goranson, could be a useful addition to a technology team, I wanted to take the opportunity to discuss some real world experiences with her. After all, she has now served in the position of Discovery Attorney for approximately eight months and indicated she was ready to describe some of her findings, both good and bad, learned from her attempts to help bridge the gap between Legal and IT.

Calderone: Why was the position of Discovery Attorney created? Goranson: It was determined that there was a need to add an electronic discovery educational resource on the sales side to better explain general legal issues around email archiving and the e-discovery process. In the past, before e-discovery was the driving force, sales was driven by IT and Legal was out of the loop. Now that has changed. Legal may be the driving force for the sale, and legal compliance is a critical component to satisfying the customer with their implementation of Enterprise Vault.

Calderone: What interested you in the position? Goranson: I thought it would be fun to help customers understand the bigger issues and the different ways they might accomplish their goals with Enterprise Vault. I also wanted to help the sales team understand some of the bigger legal issues as well.

Calderone: Any general comments on what you learned working with customers? Goranson: While they often ask about “Best Practices” around legal compliance, in reality there is a huge range of sophistication in the way technology is used and employed from customer to customer. This depends on how the legal department is structured and the frequency with which it is involved in litigation or investigatory matters.

Calderone: What surprised you the most in dealing with customers? Goranson: Many customers just think it is a good idea to keep everything forever. They are really afraid to delete something they may want to look at in the future.

Calderone: What retention or electronic discovery issue was present most often? Goranson: Customers really struggle with retention requirements questions. They would like a simple Best Practices answer but I cannot answer that for them. We try to raise issues that should be considered, but at the end of the day, every organization will have unique considerations, so we refer them to their own Legal Departments or outside counsel or e-discovery consultants to develop their processes.

Calderone: Any other issues you noticed frequently? Goranson: Having good Legal Hold processes is a big driver for email archiving, due, in large part, to the many court cases in the news recently where there were big discovery sanctions awarded. But, similarly to retention practices, customers may not realize that good Legal Hold strategy is about the tools, the processes, and the training, and not simply having a written Legal Hold policy.

I wish to thank Annie Goranson, for taking time to answer some interesting questions and to provide her perspective as a Discovery Attorney, to this Document Retention and Electronic Discovery blog. Her opinions are a welcome addition to the insights of others (not just my own) that have been published here.

A Shout-out to Records Managers: Don’t forget the lecords and becords

by Cary J. Calderone, Esquire

No, this was not an attempt to increase my Blog’s page visit time by using a few strange typos in the title. Rather it is my well-intentioned plan to add some new words to our Electronic Discovery language. Records managers have been using the term RECORD for decades to separate a mere copy, draft or scribble from an important company document that needs special attention. The RECORD copy was subject to retention schedules and possibly higher security and archiving protocols as well. Non-RECORDS were largely considered unimportant. Two things have changed to make Record and Information Managers' (RIM) jobs a bit less fun.

Firstly, we have the introduction of the desktop computer as an office productivity tool and with it, email. RECORD and Non-RECORD distinctions simply do not work very well with email. For example, does an email that has a RECORD attached to it, or a copy of a RECORD attached to it, and may discuss the subject matter of the RECORD, get the same treatment under the Retention Schedule? Secondly, the lawyers got involved (do we ever make things any easier?) and have been directed by State Courts and the Federal Rules of Civil Procedure to work with Electronically Stored Information (“ESI”). To the Courts and the litigants what is important is not whether an email is a RECORD or non-RECORD but whether it might be a “business record” or “legal record.” If it falls in either of those two categories a company may need to preserve it as part of its reasonable computer record keeping practices. This is especially true when a particular industry is highly regulated or the company is preserving data pursuant to a Legal or Litigation Hold. Hence, I thought it was time for newly invented ESI Retention words to use because when legal discovery documents refer to “Records” they mean lecords (legal records) and becords (business records).

These new words work well with the modern rule that says anything that documents how a company makes business or legal decisions, i.e., lecords and becords, are determined by content and not whether they are a word document, an email message or an old fashioned piece of paper. They may even include telephone voicemail messages that are stored on a computer or PDA. Also, lecords and becords may include all copies that appear to be identical and previously would have been distinguished and separated from the RECORD copy but now need to be treated as potentially important evidence. Sometimes this is because of the content and the distribution list, but other times copies may be important because they contain hidden meta-data that reveals things like who opened or edited the document and when. The world of RIM was never designed to capture this type or volume of information. Even a separate log document to determine who checked out or edited a RECORD will not work nearly well enough.

Moreover, thinking about lecords and becords helps one to understand why an Instant Message, where one co-worker asks another co-worker out to lunch might be important enough to keep. There is not RECORD category for seemingly innocent chit chat between co-workers. There is no Retention Schedule covering Instant Messages about lunch dates. However, if the message said, “want to get together for lunch to talk about why we might miss our quarterly numbers” it may certainly be considered a becord. Or, if it was the 4th IM from the same employee asking out another employee who complained to a supervisor about sexual harassment, then it would be a lecord. As a becord or lecord there could arguably be a duty to preserve these messages, even if according to the rules of RECORDS and non-RECORDS and the Retention Schedule, these messages do not merit special attention. By thinking about becords and lecords, a company can stay a little safer. I have used both these examples with Records managers to illustrate my point, and while they do not necessarily like the new perspective, and obligations it creates, it does make sense to them given our usage of email and IMs.

In my dealings with Records Managers, this has been a very difficult distinction to comprehend and appreciate. I understand their frustration and hope that the idea of RECORDS, lecords and becords may make their jobs easier. I want to keep Records Managers involved in the retention management process because there is nobody in a corporation, who has more experience tagging and organizing information. True, the tagging and organizing processes have changed from paper to the new world of ESI, but I believe RIMs will be the most important part of the solution moving forward.