edi 2014 getting to yes! dark data remediation
DESCRIPTION
Getting to Yes: Dark Data Remediation Corporations have warehouses full of boxes that contain paper files, backup tapes and who knows what else. Yet most companies continue to spend money on management of this dark data and risk producing this data during litigation. In this panel, you will hear how to build a defensible protocol to retire such dark data using a reasonable process that meets litigation standards.TRANSCRIPT
Getting to Yes: Dark Data Remediation
THE 2014 EDI LEADERSHIP SUMMIT | OCTOBER 15-17, 2014| FORT LAUDERDALE, FL
© 2014 The Electronic Discovery Institute
Alex Ponce de Leon
Discovery Counsel
Eileen CarlsonDir, Info Governance
Elizabeth W. Adkins
Sr Principal Info Gov
Douglas I.D. McLeanDir, Litigation
Dean Gonsowski, Esq.
AGC, VP Biz Dev
Introduction
The opinions and views expressed here are
entirely our own and do not necessarily
represent our employer’s positions,
strategies, or opinions.
Do not quote or paraphrase our remarks.
Panel Members• Dean A. Gonsowski (Moderator) - ACG, VP Business Development,
Recommind• Elizabeth W. Adkins - Senior Principal, Information Governance,
CSC• Eileen T. Carlson - Director, Information Governance, Baxter
Healthcare• Douglas I.D. McLean - Director, Litigation, Arbitration & ADR,
TransCanada Pipelines Limited• Alex Ponce de Leon - Discovery Counsel, Google Litigation Group
“Dark Data” DefinedDefinition 1: The information assets organizations collect, process and store during regular business activities, but generally fail to use for other purposes (for example, analytics, business relationships and direct monetizing).
Source: Gartner
Definition 2: Dark data is a type of unstructured, untagged and untapped data that is found in data repositories and has not been analyzed or processed. It is similar to big data but differs in how it is mostly neglected by business and IT administrators in terms of its value.
Source: Techopedia
Definition 3: Structured or Unstructured data that is not identifiable or readable. Content can not be easily identified and categorized for further use and/or retention.
Most Common Reasons Companies Don’t Remediate Dark Data
Myth #1: Information Governance = Defensible Disposition
• Information Governance is the activities and technologies that organizations employ to maximize the value of their information while minimizing the associated risks and costs. Source: Information Governance Initiative
• Information Governance is usually a Program or Framework which includes guidance on how to retain information
• Defensible Disposition is a legal process for disposing of data that is no longer needed for records retention or legal purposes.
• Employees need to understand and comply with the Policy.
Key Tenets of a Defensible Disposition Strategy
Myth #2: “Storage is Cheap” So Why Delete?
Cost of Initial Data Storage < Cost to Maintain Stored Data
• The average cost of data management is 3.5% of revenue – Forbes• But did you know that overall, 92% of the cost of a business is "data"? – WallStreet & Tech• The average consolidated data breach costs a company about $136 per lost record - in
healthcare industry the average cost could be as much as $233 per lost record – itbusinessca
Example: Target’s Data Breach could top 1 BILLION dollars - bizjournals
Initial Costs: Initial cost of a Terabyte of data = ~$80.00
Cost to Maintain a Terabyte of Data:• Legal Hold Costs• Legal Costs - Trial/Deposition• Cost to Protect / Prevent Risks• Possible Duplication of Data Costs (taking up “unneeded space”)• Data Management Costs (time to review content, etc.)• Additional Storage Costs once the initial Terabyte is at capacity
TOTAL Data Maintenance Cost = Potentially Billions of Dollars
Consequences of “Storage is Cheap”
Decision local storage on “C” drives was cheaper than network storage• Lead to 12 TB of email being stored in PST files on local hard drives• The local hard drives are not always accessible for collection and search• 12 TB is the equivalent of 945 million pages of documents
Decision to maintain large collection of backup tapes• Lead to a collection of 4500 LT03 tapes• LT03 tapes store from 400 to 800 GB depending upon file compression• At 400 GB per tape the 4500 LT03 tapes equate to 154 Billion pages of documents• At 800 GB per tape the 4500 LT03 tapes equate to 304 Billion pages of documents• Tape catalogue is only very high level making searching difficult
Myth #3: All Data is Valuable!
• Data actually becomes a risk over time.• Not all data is created equal.• Dark data has little immediate value, but does have risk.
Every Minute of Every Day ...
Source: Domo.com
Myth #4: Archives + Policies = Defensible Disposition
• Ongoing and robust legal review is necessary. An anticipation of litigation analysis may be necessary when undertaking even routine disposition that is targeted towards a specific team or group.
Myth #5: I Need OC To Defensibly Delete!As long as you are following your policies and can show compliance through education/training records or acceptance of policies by employees you don’t need outside counsel.
FRCP 37 (e) “Safe Harbor” “Absent exceptional circumstances, a court may not impose sanctions under these rules on a party for failing to provide electronically stored information lost as a result of the routine, good-faith operation of an electronic information system.”
Myth #6: Disposition is Risky Because it Clashes with Legal Hold Program
• The technology and processes in place for disposition need to work well with the Legal Hold program.
• Legal Hold items are a carve out from the regular retention schedule/policy.
• Data not subject to Legal Hold should be able to be deleted unless there is a regulatory need.
• At conclusion of Legal Hold data reverts swiftly to regular retention policy.
Myth #7: Disposition Has No ROI!
• Storing, reviewing, and producing irrelevant materials costs millions of dollars and can cause unintended exposure and risk.
• The inconvenience of answering questions regarding old materials.• Expensive attorney time needed to review irrelevant and useless documents.• The possibility that written materials can be misinterpreted.• The costs of IT infrastructure needed to store useless materials that have no
business need.
The DuPont Case Study:In a well publicized experiment, DuPont’s legal department conducted an internal cost
assessment of a three-year response to a single legal discovery request. DuPont reviewed 75 million pages of text during the three-year period, and found more than 50 percent of the documents were kept beyond their retention period. The cost of reviewing those documents past their retention periods amounted to $12 million.
Myth #8: There is no case law justifying defensible deletion!
Micron Technology, Inc. v. Rambus, Inc., No. 00-792-SLR (D. Del. Jan. 2, 2013)• Several Rambus patents declared unenforceable.• Document retention policy was put in place.• First shred day was conducted.• Spoliation sanctions.
FTC v. Lights of America (C.D. Cal. Jan. 2012)• Plaintiff's 45 auto delete policy found to have been crafted and implemented in good-faith.• Automated process documented by established written policies.
Absent a regulatory requirement, business need, limitations issue or notice of an actual or potential claim, disposition of data, ESI or paper, should be possible without adverse consequences especially if done in good faith in accordance with established corporate retention/disposition policies.
Myth #9: It Takes Too Much Time From Employees• Provide employees with policies and tools to simplify the process of
dealing with data on an on-going basis.• Set up systems with ‘auto delete’ capability.
• As long as that capability can be turned off!• Archiving systems requiring employees to select category for disposition
(ie. immediate, 90 days, 3 yrs,etc.).• Many companies have an ‘Annual Clean Up Day’ for employees to wear
jeans and clean out paper and electronic files (post Retention Schedules/Policies).
• But need robust and consistent legal review.• Cleanup of built up “dark data” will require a dedicated team.
Myth #10: You Can’t Defensibly Delete Unknown Content
• Establish a set of business criteria for data obsolescence. • Review with stakeholders and business leaders.• Review any associated metadata for possible relevance before deleting.• When in doubt, conduct a sampling (if possible).
CSC Case Study
CSC Case Study
Cumulative Total of Boxes Destroyed
Q&A
Look for our most recent
version of the slides on
Thank You!
http://bit.ly/discovery-slides
THE 2014 EDI LEADERSHIP SUMMIT | OCTOBER 15-17, 2014| FORT LAUDERDALE, FL
Getting to Yes:
Dark Data
Remediation