Eight is Enough! Eight Considerations for Defensible Deletion, Part Two
Written by Doug Austin, Editor of eDiscovery Today
Last week, I covered the first four considerations to minimize your organization’s Redundant, Obsolete and Trivial (R.O.T.) data effectively, while tying them to the classic 70’s TV Series Eight is Enough. This week, I’ll cover the remaining four considerations while tying into quotes from great American philosophers (if you’re a movie fan, that is).
Get An Assist From Technology
With more data being managed by organizations, it’s more difficult than ever to manage it through just through human tracking and best practices. Historically, in discovery, we’ve seen data move to the technology and the tendency has been to collect broadly, then cull downstream to identify potentially responsive ESI for review and possible production. But, with so much data these days, we’re starting to see the technology move more to the data to help organizations better understand what they have up front and only collect what’s potentially responsive.
Index-in place technologies are becoming more prevalent to not only enable organizations to perform In-Place Preservation, but also to help organizations identify R.O.T. outside of a preservation obligation to enable them to get rid of that R.O.T. before litigation happens, potentially saving them as much as $1.5 to $3 million per terabyte eliminated from potential discovery.
Keep Your Records Retention Policy Current
Your organization surely has a records retention policy by now, right? If you said “yes”, good (if you said “no”, re-read the first four considerations from last week). Regardless, having a policy and keeping it current are two different things. Just two years ago, neither GDPR nor CCPA was in effect, so the data privacy landscape was considerably different than it is today. The collaboration application Slack has ten times the number of users it had just a few years ago. The data within your organization and your obligations for maintaining and protecting that data are regularly changing, so it’s important to keep your records retention policy up to date with those changes. As the great American philosopher Ferris Bueller once said “Life moves pretty fast. If you don’t stop and look around once in a while, you could miss it.” This is true for data considerations within an organization as well.
Extend Defensible Deletion to BYOD Devices
As I wrote a few weeks ago, it’s important to have a strong Bring Your Own Device (BYOD) policy in your organization to minimize security risks or you could be facing potential spoliation sanctions. And, those BYOD devices have potential R.O.T. in them too. But, does your organization establish expectations for its employees with regard to defensible deletion of R.O.T. in BYOD devices? And, before you ask “how much ESI could there be within a mobile device?”, it’s worth noting that the default retention period for texts in iPhones is forever. So, it’s important to tie your BYOD policy to your records retention policy, establish expectation for employees in complying with both policies and follow-up to enforce adherence to both policies. Otherwise, you could have a lot more data to potentially review during discovery. Setting an expectation with employees up front that their BYOD device is subject to retention policies with regard to company data is more important than ever.
To paraphrase the great American philosopher Tyler Durden, the first rule of defensible deletion is: Document Thoroughly. The second rule of defensible deletion is: Document Thoroughly. Whatever your practices are, document them as thoroughly as possible. The more you do so, the less likely you’ll be on the hook for potential significant sanctions due to spoliation of ESI. There is no way to totally eliminate the potential of spoliation of ESI when a duty to preserve hits your organization, but a thorough approach to documentation and an earnest effort to know when to hold ‘em and when to release ‘em will show the courts your organization is doing its best to meet its preservation obligations, while enabling it to minimize your organization’s R.O.T. to minimize exposure from a compliance perspective and reduce costs during discovery.
For more educational topics from Doug Austin related to eDiscovery, cybersecurity and data privacy, feel free to follow, eDiscovery Today! And as part of the continued educational partnership between Ipro and eDiscovery Today, he’ll be here in the Ipro Newsroom next week with more educational content!