Steps to avoid email archiving woes

On April 26, ProofPoint, a cloud email archiving provider (among other solutions), published a short but interesting article; “Steps to avoid email archiving woes” talking about incomplete email archives.

I must say I agree with the article in general and especially with the point that the archive needs to be easy to search for in eDiscovery. With that thought I also wanted to add that for really effective eDiscovery of your email data, a complete archive is essential. What you want to avoid is being forced to go to backup tapes because some potentially responsive email might reside only on your backup tapes; a costly situation.

If you’re going to archive your email with eDiscovery in mind, be sure you choose a vendor that can captures everything that could be asked for in eDiscovery.

It doesn’t it really matter where my organization’s ESI is kept…right?

Where companies store their electronically stored information (ESI) is of no concern to attorneys… right? Say what?

There’s an on-going debate over the question of where the “best” place is to store a company’s ESI for legal reasons; in the company’s own facility (on-premise) or in a third party’s  facility (hosted; also known as “storage as a service”, SaaS). The answer to this question really depends on several factors. There are three main questions to ask yourself when considering this question from a legal perspective; where’s the best place to store the organization’s ESI? The first question to ask is; is my ESI secure and can I prove it has not been altered in any way; in other words is it defensible? The second question to ask yourself is; can I access my ESI quickly enough to place legal holds and perform searches based on discovery requests? And the third question is; do I have access to the full ESI data set for ECA purposes and to insure I can fully respond?

Let’s review these topics you need to keep in mind when dealing with ESI in litigation. First, when litigation is reasonably obvious, you have a responsibility to immediately protect all ESI which could be responsive in the approaching civil case. This responsibility is an absolute requirement in U.S. Federal courts and most state courts. There are few if any excuses a Judge will swallow for a responder inadvertently deleting potentially responsive ESI after your legal hold responsibility has been triggered.

Second, the time frame you’ll have to fully respond to an eDiscovery request is generally much shorter now than in the past (pre 12/2006). Quick and complete access to all potentially responsive data is extremely important when responding to an eDiscovery request.

And third, good intentions can mean something to the court. A company that actually plans and documents their processes etc. for litigation hold and eDiscovery will mean something to the Judge (possibly) if you have an inadvertent ESI deletion.

2011 Seems to be the Year of On-Line Privacy Laws…Finally

One day after an internet privacy bill was introduced in the senate, one was introduced in the house. The senate bill called the Commercial Privacy Bill of Rights introduced by Sens. John F. Kerry and John McCain includes measures to address consumer concerns that their sensitive data could be misused. The senate bill does not however include the “Do Not track” provision asked for by many. The unrestrained collection and sale of our data and on-line habits to retailers and others have raised wide concern.

The house bill, referred to as “the Consumer Privacy Protection Act of 2011” was introduced by U.S. Rep. Cliff Stearns. The Stearns bill would require web sites to clearly state what personally identifiable information is being collected and how it is used. If a consumer opts out from having his information collected, the opt-out will last for five years unless the consumer changes his mind before then.

“The Consumer Privacy Protection Act of 2011” bill joins another House bill introduced in February by Congresswoman Jackie Speier, Democrat from California, that also targets privacy issues. Speier’s “Do Not Track Me Online Act of 2011” directs the FTC to develop a “do not track” mechanism that allows consumers to opt out of having their data collected, used or sold. The California State Legislature also is considering a bill at the state level that would give consumers more control over how their online behavior is tracked and shared with marketers and retailers.

What do these potential laws mean to consumers? Well, if one or more of them are finally passed into law, your electronic footprints, habits and on-line purchasing information will not be sold to organizations that you don’t know and don’t approve of. These types of laws need to be passed into law so the average consumer is not afraid to utilize all aspects and capabilities of our electronic frontier.