Lucky Seven: My Top Document Management Tips
Managing your company’s data is a struggle that grows harder each year instead of easier. According to a recent report by Forrester Research:
–The average organization will grow their data by 50 percent in the coming year.
–Overall corporate data will grow by 94 percent.
–Database systems will grow by 97 percent.
–Server backups will expand by 89 percent.
Managing these documents as an ongoing business challenge is enough of a struggle, but once you add in the risk of dealing with such large amounts of data in potential future litigation, the challenges can become daunting. Preserving, collecting, and reviewing vast amounts of e-discovery is an expensive endeavor and it’s even more costly when companies haven’t effectively managed their electronic discovery before they become involved in litigation.
While each organization is different, I’ve seen enough of the same mistakes repeated to compile a list of the top document management tips I’d share with my clients if I could travel back in time to an earlier age (before there was anticipation of litigation, of course):
(1) Implement document retention and destruction policies before any reasonable anticipation of litigation. This sounds obvious but apparently it isn’t – too often employees have twenty years of emails and documents sitting on their hard drives or servers when there’s no good reason to keep them.
(2) Know where your date is stored and store it there intentionally. Being fully aware of where data is stored allows you to ensure that any and all preservation duties are met. Consciously choosing where your data is stored also allows you to evaluate the costs and benefits of storing data internationally, which can have serious legal ramifications (e.g., if data that is stored overseas is relevant to U.S. litigation, you may have to balance competing legal obligations).
(3) Address the use of personal devices in any document management policy. Thanks to iPhones, Droids, and the use of personal laptops for work purposes, you may have company data that isn’t within your possession, although a court may find that you still have control over that data and legal responsibilities as a result. Therefore, it’s in your best interest to address personal devices (a.k.a. Bring Your Own Devices or BYOD) in any document management policies and take them into consideration when determining where company data is stored.
(4) Make one person or one team responsible for ensuring that legal obligations are met. Companies often have to retain documents for a number of different reasons, such as ensuring legal preservation and security obligations are met. While legal or compliance departments may know about the various legal obligations, ensuring that those obligations are met can often be a piecemeal job (e.g., one in-house counsel is responsible for one litigation hold, while the compliance officer is responsible for ensuring a statutory requirement is met). If there is one central point through which all retention policies flow, then business managers, IT, legal, and compliance will all know who to turn to when there’s a question as to what data can be destroyed. A line of communication between IT and such a point person is particularly important, as mistaken destruction can often result when IT isn’t aware of all preservation duties.
(5) If you have project or code names – make them unique and discrete. While keyword searches aren’t favored by all e-discovery experts, they’re still used as a preliminary step in culling documents for review and production by many law firms in litigation. As a result, you can reduce the number of irrelevant documents that attorneys have to review if you don’t use code names that are common names (e.g., Project Phone) or allow code names to go on too long (e.g., Project Phone represents a series of inventions lasting over ten years). Stay away from numbers for project names, too, as they can also pull numerous irrelevant documents.
(6) Always identify privileged communications. An attorney’s legal advice may often be relayed to multiple employees within an organization, via email, presentations, or memos. While the information may still be protected, the privilege might be waived because it’s not clear that the advice being communicated is from an attorney. To avoid that, try to cut middlemen out of communications wherever possible, and educate employees about clearly identifying legal advice as coming from an attorney whenever conveying that information to other employees.
(7) Keep talking to your employees about these data issues. These policies and practices can’t be a one-time thing – otherwise they’ll quickly be forgotten or ignored. Instead, you need to explain what you’re doing and why, including the fact that these proactive steps are taken in part to avoid problems down the road if litigation were ever to occur. The discussion should also be an ongoing one, incorporated into other meetings and presentations whenever appropriate.