Friday, February 7, 2014

Jason Atchley : Data Security : Taking Conrol of Dark Data

Jason Atchley

Taking Control of Dark Data

Dark data is an organization's backlog of digital material that is not easily accessible.
, Law Technology News


Binary code
Dark data is an organization’s backlog of digital material that are not easily accessible: saved in obsolete formats or old programs. The folders of email in a now-unused email client, old backup tapes and old hard drives: dark data is material sitting in the dark, and at many companies, it’s unclear who is responsible for it, if anyone.
Such data is a potential liability: if the company still has the data—no matter the format—they may be ordered to sort through it for litigation. In such a case, the simple act of recovering the data—never mind the discovery itself—can require a tremendous amount of time and money, from bringing in recovery specialists to purchasing old hardware on eBay.
When should dark data be deleted? When should it be kept? What makes this material a potential liability, and when does that liability outweigh the potential benefits of keeping this material? These questions were addressed at the LegalTech panel “Jumpstart Your Information Governance Strategy by Taking Control of Dark Data.”
Led by Chris Surdak, HP Autonomy’s information governance subject matter expert, the panel represented a variety of viewpoints on the issue: panelists included Magistrate Judge Craig Shaffer, U.S. District Court for the District of Colorado; Brad Ellis, assistant general counsel and corporate vice president of legal services and physician services, Scripps Health Care; Robert D. Owen, partner at  Sutherland, Asbill & Brennan; and Dan Regard, managing director, iDiscovery Solutions.
How worried should companies be about this data? Surdak began the panel by citing some recent high-profile cases in which litigants faced heavy sanctions for the spoliation of electronic evidence, which has brought the question into greater prominence. Judge Shaffer noted that sanctions in high-profile cases are relatively rare, and that fear of such litigation should not prompt companies to rash action. 
Yet all of the panelists agreed that companies do need to make decisions about dark data, and put in place policies for dealing with it. Ellis acknowledged that “it’s anxiety-provoking to address these problems—what if you delete things you need later? But you need to do it.”
Shaffer said that as a judge, he kept to a standard of “reasonableness” and evidence of a company’s “good-faith” decision-making in their data management and deletion polices. He said that companies should not be expected to be absolutely infallible in keeping every single relevant document, but should aim for a reasonable standard of defensibility in deciding what to delete. He said that if a company in court could provide a reasonable explanation of what was done, “that goes a long way towards defensibility.”
Owen agreed with Shaffer about the standard for “reasonableness” noting that advocates should have ability and courage to say “let it go” about information that will “never be foreseeably required for a reasonable lawsuit.” He added, however, that companies should not overly rely on a judge being “reasonable,” and should therefore carefully consider their policies, and keep data of what was deleted, when, and their logic in having deleted it. He also added that on occasion, such data was useful to companies for their own benefit, citing a copyright case in which a company’s own decade-old data was used for their defense.
Regard suggested that a company should define what to keep was a first step: without such guidelines, then people don’t feel comfortable wiping old hard drives or clearing out old email folders. He suggested a relatively bold approach overall: “Once the systems of record are there, then you can clear out the rest,” recommending a “whiteboard” model for data retention: “If it doesn’t say ‘do not erase,’ then you can erase it.” Unused mailboxes, tape that was originally supposed to be a temporary storage solution, now used as a permanent archive: Regard asserted that there is “no upside” to keeping quantities of such data, and that it was only a liability: “You should delete by default, but in order to do that, you have to do some additional work. In order to get to a culture of save what you need to save and delete what you don’t, you need to understand what you need to save.”
Owen was more cautious, noting that “The lawyer will never be criticized for saying ‘keep everything.’ ” His perspective was to “Be reasonable, and put the client’s interest first,” asking “Could you stand up in court and defend the data deletion policies, in good faith and vigorously?”


Read more: http://www.lawtechnologynews.com/id=1202641794738/Taking-Control-of-Dark-Data#ixzz2seJabA3X


No comments:

Post a Comment