information management

eDiscovery Cost Reduction Strategies

Bill Tolson eDiscovery, Information Management, records retention , , , , , ,

In these still questionable economic times, most legal departments are still looking for ways to reduce, or at least stop the growth, of their legal budgets. One of the most obvious targets for cost reduction in any legal department is the cost of responding to eDiscovery including the cost of finding all potentially responsive ESI, culling it down and then having in-house or external attorneys review it for relevance and privilege. Per a CGOC survey, the average GC spends approximately $3 million per discovery to gather and prepare information for opposing counsel in litigation.

Most organizations are looking for ways to reduce these growing costs of eDiscovery. The top four cost reduction strategies legal departments are considering are:

  • Bring more evidence analysis and do more ESI processing internally
  • Keep more of the review of ESI in house rather that utilize outside law firms
  • Look at off-shore review
  • Pressure external law firms for lower rates

I don’t believe these strategies address the real problem, the huge and growing amount of ESI.

Several eDiscovery experts have told me that the average eDiscovery matter can include between 2 and 3 GB of potentially responsive ESI per employee. Now, to put that in context, 1 GB of data can contain between 10,000 and 75,000 pages of content. Multiply that by 3 and you are potentially looking at between 30,000 and 225,000 pages of content that should be reviewed for relevancy and privilege per employee. Now consider that litigation and eDiscovery usually includes more than one employee…ranging from two to hundreds.

It seems to me the most straight forward and common sense way to reduce eDiscovery costs is to better manage the information that could be pulled into an eDiscovery matter, proactively.

To illustrate this proactive information management strategy for eDiscovery, we can look at the overused but still appropriate DuPont case study from several years ago.

DuPont re-looked at nine cases. They determined that they had reviewed a total of 75,450,000 pages of content in those nine cases. A total of 11,040,000 turned out to be responsive to the cases. DuPont also looked at the status of these 75 million pages of content to determine their status in their records management process. They found that approximately 50% of those 75 million pages of content were beyond their documented retention period and should have been destroyed and never reviewed for any of the 9 cases. They also calculated they spent $11, 961,000 reviewing this content. In other words, they spent $11.9 million reviewing documents that should not have existed if their records retention schedule and policy had been followed.

An information management program, besides capturing and making ESI available for use, includes the defensible deletion of ESI that has reached the end of its retention period and therefore is valueless to the organization.

Corporate counsel should be the biggest proponents of information governance in their organizations simply due to the fact that it affects their budgets directly.

The coming collision of “free to the public cloud storage” and eDiscovery

Bill Tolson Cloud Storage, eDiscovery, Information Management, Technology , , , , , , , , , , , , , , , , , ,

The discovery process is tough, time consuming and expensive. What new problems are corporate attorneys facing now with the availability of “free to the public cloud storage”?

First, what is “free to the public cloud storage”? For the purposes of this blog I will define it as a minimum amount of storage capacity offered by a third party, stored and accessible via the internet made available to the public at no cost (with the hope you purchase more). The cloud storage offerings I’ve already mentioned do not limit the types of files you can upload to these services. Music storage is a prime target for these services but many, like myself, are using them for storage of other types of files such as work files which can be accessed and used with nothing more than a computer and internet connection, anywhere.

Examples of these cloud storage offerings include Dropbox, Amazon Cloud Drive, Apple iCloud, and Microsoft SkyDrive. I looked at the Google Cloud Service but determined it is only useful with Google Docs.

A more detailed comparison of these services can be found here.

The only differences between the four offerings stem from the amount of free capacity available and how you access your files. For example, my Amazon Cloud Drive as seen from my Firefox web interface:

Figure 1: The Amazon Cloud Drive web interface

The advantage to users for these services is the ability to move and store work files that are immediately available to you from anywhere. This means you no longer have to copy files to a USB stick or worse, email work files as an attachment to your personal email account. The disadvantage of these services are corporate information can easily migrate away from the company security and be managed by a third party the company has no agreement with or understanding of in reference to the third party will respond to eDiscovery requests. Also be aware that ESI, even deleted ESI is not easily removed completely. In a previous blog I talked about the Dropbox “feature” of not completely removing ESI when deleted from the application as well as keeping a running audit log of all interactions of the account (all discoverable information). The Amazon Cloud Drive has the same “feature” with deletions.

Figure 2: The deleted items folder in the Amazon Cloud Drive actually keeps the deleted files for some period of time unless they are marked and “Permanently Deleted”

The big question in my mind is how will corporate counsel, employees and opposing counsel address this new potential target for responsive ESI? Take, for example, a company which doesn’t include public cloud storage as a potential litigation hold target, doesn’t ask employees about their use and or doesn’t search through these accounts for responsive ESI…potential spoliation.

For Corporate counsel:

  1. Be aware these types of possible ESI storage locations exist.
  2. Create a use policy addressing these services. Either forbid employees from setting up and using these services from any work location and equipment or if allowed be sure employees acknowledge these accounts can and will be subject to eDiscovery search.
  3. Audit the policy to insure it is being followed.
  4. Enforce the policy if employees are not following it.
  5. Document everything.

For employees:

  1. Understand that if you setup and use these services from employer locations, equipment and with company ESI, all ESI in that account could be subject to eDiscovery review.
  2. If you use these services for work, only use them with company ESI, not personal files.
  3. Be forthcoming with any legal questioning about the existence of these services you use.
  4. Do not download any company ESI from these services to any personal computer, this could potentially open up that personal computer to eDiscovery by corporate counsel

For opposing counsel:

Ask the following questions to the party being discovered

  1. Do any of your employees utilize company sanctioned or non-sanctioned public cloud storage services?
  2. Do you have a use policy which addresses these services?
  3. Does the policy penalize employees for not following this use policy?
  4. Do you audit this use policy?
  5. Have you documented the above?

These services are the obvious path for employees to utilize over the next couple of years to make their lives easier. All involved need to be aware of the eDiscovery implications.

Encrypted and hidden files put eDiscovery at risk

Bill Tolson eDiscovery, Technology , , , , , , , , , , , , , , , , , , , , , , ,

There are some pretty nice freeware applications available which allow a user to encrypt and hide files/data/electronic records in plain sight on their computers. Can this pose a problem for IT and corporate legal?  Let me put it this way…how would you find and place ESI that’s encrypted or is both encrypted and made to look like something else on a litigation hold?

Does the fact that encryption applications present in a corporate infrastructure make claims of spoliation if the files can’t be found or decrypted more likely? Is this a problem you should even worry about?

It’s a stretch but in some circumstances this capability could significantly raise your eDiscovery risk. To illustrate this problem further I will specifically talk about an application called TrueCrypt which is a free open-source disk encryption software application for Windows 7/Vista/XP, Mac OS X, and Linux.

TrueCrypt is an application for creating and maintaining an on-the-fly-encrypted volume (data storage device as opposed to a single file).This means that you can create an encrypted volume capable of storing many encrypted files which to casual observers, looks like a single file. On-the-fly encryption means that data is automatically encrypted or decrypted right before is loaded or saved, without any user intervention. No data stored on an encrypted volume can be read (decrypted) without using the correct password or correct encryption keys. There are several encryption algorithms available in the application but the most secure is the AES 256-bit key algorithm, the same one used by the federal government in many instances.

Files can be copied to and from a mounted TrueCrypt volume just like they are copied to/from any normal storage device (for example, by simple drag-and-drop operations). Files are automatically decrypted on-the-fly (in memory/RAM) while they are being read or copied from an encrypted TrueCrypt volume.  Similarly, files that are being written or copied to the TrueCrypt volume are automatically being encrypted on-the-fly (right before they are written to the disk) in RAM.

Now, to make matters worse (or better depending) TrueCrypt also can create a hidden encrypted volume within the visible encrypted volume.

The layout of a standard TrueCrypt volume before and after a hidden volume was created within it. (Graphic from the TrueCrypt manual)

The principle is that a TrueCrypt volume is created within another TrueCrypt volume. Even when the outer volume is mounted and visible, it would be impossible to prove there is a hidden volume within it or not, because free space on any TrueCrypt volume is always filled with random data when the volume is created and no part of the (dismounted) hidden volume can be distinguished from random data. Note that TrueCrypt does not modify the file system (information about free space, etc.) within the outer volume in any way.

So to put it another way, an employee trying to hide data from a discovery search could first create an encrypted volume on their hard disk or some other removable device such as a USB stick and store encrypted data on it. Even more diabolical, they could move some innocuous data to it as a decoy and store the real data on the hidden volume inside the original volume. This capability provides the employee plausible deniability in the case of corporate legal or IT forces the employee to decryption the volume they can see.

So the big question is this; how would you as a discovery auditor even know of or find these hidden and encrypted data volumes? In reality it’s not easy. You have to go into it looking for hidden and encrypted data. There are some forensics applications that will at least find and flag encrypted files and volumes including the TrueCrypt format. I am unable to determine if these forensics applications can find and flag hidden volumes.

As a test, I setup a 10 GB TrueCrypt encrypted volume on this computer and named it “Attorney Communication” in a folder I named “contracts”. To the casual observer all they see is a large file in a folder called “contacts” (see below).

Within that encrypted “Attorney Communication” file I copied four decoy files to make it look like those were the important files I was keeping encrypted just in case I am forced to open the encrypted volume by legal (see below).

As you can see above, you can’t tell by looking at it that it contains the hidden 8 GB volume I had also created. That hidden volume is accessible only by typing a totally different password.

The hidden 8 GB TrueCrypt volume on this computer

So how do you find these hidden volumes and files if the employee is not cooperating? If you suspect the employee has been using this technology the first obvious step would be to do a search of the employee’s hard disk looking for an application called “TrueCrypt”. This would be a dead give-away that the employee could have encrypted and hidden data volumes on their computer. This is not  certain because the employee could have installed the TrueCrypt application on a USB stick, which does not integrate with Windows, so when not plugged in to the computer, there would be no trace of the TrueCrypt application.

A second way to find potentially encrypted volumes would be to search for very large files. Usually encrypted volumes will be larger than normal files because they are just that, a large space to store many files. So you could do a Windows search for files over 10 MB and see what you get. An indication would be a large file with no applications associated with it. By this I mean that when you double click the file the system doesn’t recognize it as a standard Windows application and displays the “Open with” dialog box shown below:

That leaves the problem of discovering the hidden volume. A sure but very slow process to test this possibility would be to copy a bunch of files into the encrypted volume, if the employee has opened it, to see if the available storage space id equal to the volume size.  For example the file properties in Windows states my encrypted volume is 10 GB in size but in this example the employee only has 5 MB of files stored in it. To test to see if the volume contains a hidden volume, you could copy an additional 9.95 GB of data into it to see if you get a “volume full” message before all of the data was copied into it. If you could only copy an additional say 1.95 GB before the “volume full” message was received, that would indicate that a hidden 8 GB volume exists.

A faster way to get an indication of hidden volumes is to use a large file finder tool. I found one called “Largefiles3” which had a surprising capability. In this case I ran the application looking for files larger than 10 MB on the C drive.

The interesting capability here is that it found the encrypted volume I named “Attorney Communication” but it determined its size to be 2.147 GB not the 10 GB shown in the Windows file system data. This is because I had created an 8 GB hidden volume inside the “Attorney Communication” volume thereby only leaving 2 GB for the original volume. This is a huge red flag if you are looking for it. Now, without the password you still can’t access the original encrypted volume or the hidden volume but at least you would know it exists and can apply pressure to the employee.

So how do you prevent these encryption applications from putting your eDiscovery processes at risk? The most obvious one is to include in your employee computer use policy a statement prohibiting the use of these types of applications with stated punishments if not followed. This will stop general employees from using this kind of application but will not deter those employees bent on breaking your rules. The obvious next step is to sample and audit your employees to see if these applications are being used. For corporate legal, the main thing you want to establish is your “good faith intent” to make sure your eDiscovery processes are defensible.

The duty to preserve ESI is not always cut and dried

Bill Tolson eDiscovery , , , , , , , , , , , ,

The amendments to the Federal Rules of Civil Procedure (FRCP) describe the duty to preserve potential evidence when litigation can be reasonably anticipated. The term “reasonably anticipated” is a key idea and one that has caused many arguments over the last four-plus years. To make the point that organizations need to be conservative and take this seriously, it makes sense to look at a case that has gone on for several years.

On April 17, 2008, Phillip M. Adams & Associates L.L.C. (Adams) filed a motion for sanctions against ASUSTEK Computer, Inc. and ASUS Computer International for spoliation (destruction) of evidence. Adams claimed that “ASUS has destroyed the source code and documents relating to ASUS’s test programs, as well as other documents that would have conclusively demonstrated ASUS’ piracy.” On March 30, 2009, the magistrate judge issued a decision granting in part Adams’s motion. The magistrate judge found that “the universe of materials we are missing is very large,” and that “we have very little evidence compared to what would be expected.” In this case, the court reaffirmed its earlier holding regarding the trigger for defendants’ duty to preserve, namely that “in late 1999 the entire computer and component manufacturer’s industry was put on notice of a potential for litigation regarding defective floppy disk components (“FDCs”) by the well publicized settlement in a large class action lawsuit against Toshiba.”  In this ongoing case, a litigation hold responsibility was triggered by a settlement years before. The magistrate judge further found that “ASUS’ practices invite the abuse of the rights of others, because the practices tend toward loss of data.” In other words when the case was in process in 2008, the defendants should have applied a litigation hold to specific data back in 1999-2000, eight to nine years before the case showed up in court.

A related recent ruling: Phillip M. Adams & Assoc., LLC v. Windbond Elecs. Corp., 2010 WL 3767318 (D. Utah Sept. 16, 2010)

What does this mean for organizations today? Well, it’s difficult to “anticipate” future litigation so be conservative in your litigation hold triggering events meaning if even the slightest possibility exists of litigation based on external events, news stories etc. lock down that potentially responsive ESI as soon as possible. That’s easy to say but difficult to accomplish. The first step as pointed out in this case is to train your staff and employees to be sensitive to these “events” and to not be shy about pointing them out to your corporate legal department. The point is to manage your ESI more effectively. If you have control of your data you have a better chance of reacting to and finding responsive ESI when you need to and securing it.

Placing a “Computer Illiterate” in charge of eDiscovery is not a winning strategy for the defense

Bill Tolson eDiscovery , , , , , , , , , , , , ,

A case that had been decided for the plaintiff years earlier was reopened due to eDiscovery process questions. In the case of Green v. Blitz U.S.A., No. 2:07-CV-372 (TJW), 2011 WL 806011 (E.D. Tex. Mar. 1, 2011), the original attorney for the plaintiff was a plaintiff’s attorney on another case against the same defendant. During discovery for this other trial, the plaintiff’s attorney found out that evidence that should have been turned over for the previous plaintiff’s trial had not been. Because of this fact, the original lawsuit was reopened. In this second trial it was revealed the defendant had placed a single person in charge of electronic discovery for several ongoing cases. The problem with this was the person put in charge of eDiscovery was less than experienced. In fact, it was revealed that the employee “solely responsible for searching for and collecting ESI relevant to litigation between 2004 and 2007 issued no litigation hold, conducted no electronic word searches for emails, and made no effort to speak with defendant’s IT department regarding how to search for electronic documents.  In fact, the employee himself stated that he was “about as computer illiterate as they get.”

Making matters worse, some of the information discovered after the close of plaintiff’s case would have easily been identified with a simple word search, as the target words were in the subject line of one of the undisclosed emails specifically discussed by the court.  Also of note, as to the specific email discussed by the court, was the fact that the employee tasked with discovery was a recipient of the email and still failed to disclose it in discovery.  Despite failing to produce relevant material, the defendant made the certification that “full and complete disclosure ha[d] been made in accordance with the Federal Rule’s of Civil Procedure and the Court’s orders.”

The court also discussed defendant’s failure to issue a litigation hold to its employees and its failure to cease rotation of its backup tapes, two other actions expected when litigation is reasonable anticipated.  Accordingly, the court concluded that “it will never be known how much prejudice against the plaintiff was actually caused by the defendant’s failure to preserve documents” and found that sanctions were warranted.

Given the context and type of documents not disclosed, the court found that defendant’s conduct was a willful violation of the Court’s Discovery Order and that plaintiff had been prejudiced as a result. In other words, the original award would have been much higher if the ESI was found and turned over.

I don’t know if the defendant’s counsel choose a totally inexperienced person to run the eDiscovery process was just stupid or was part of a strategy to insure responsive ESI was not found. I think, minus proof of the second, we will have to go with the first explanation.

That being said, litigation hold and eDiscovery is a serious business and should never be taken lightly. Having control of your organization’s ESI is an important responsibility expected by the courts.

Case summary from eDiscoverylaw.com

Steps to avoid email archiving woes

Bill Tolson Cloud Storage, eDiscovery, Information Management, records retention , , , , ,

On April 26, ProofPoint, a cloud email archiving provider (among other solutions), published a short but interesting article; “Steps to avoid email archiving woes” talking about incomplete email archives.

I must say I agree with the article in general and especially with the point that the archive needs to be easy to search for in eDiscovery. With that thought I also wanted to add that for really effective eDiscovery of your email data, a complete archive is essential. What you want to avoid is being forced to go to backup tapes because some potentially responsive email might reside only on your backup tapes; a costly situation.

If you’re going to archive your email with eDiscovery in mind, be sure you choose a vendor that can captures everything that could be asked for in eDiscovery.

Metadata should be included in federal FOIA response

Bill Tolson eDiscovery , , , , , , , , , ,

A recent federal court decision, Nat. Day Laborer Org. Network v. United States Immigration and Customs Enforcement Agency, 2011 WL 381625 (S.D.N.Y. Feb. 7, 2011), has set the expectation that certain metadata is considered “responsive” in federal FOIA requests.

From ediscoverylaw.com:

In this Freedom of Information Act (“FOIA”) action, a dispute arose regarding the proper format of production and, in particular, whether metadata was subject to production pursuant to plaintiffs’ FOIA requests. Following substantial analysis of the issue, the court held that “certain metadata is an integral or intrinsic part of an electronic record” and, as such, is “‘readily reproducible’ in the FOIA context.” (FOIA provides that “in making any record available to a person under this paragraph, an agency shall provide the record in any form or format requested by the person if the record is readily reproducible by the agency in that form or format.”)

The court went on to describe the minimum metadata fields which should be considered reproducible and therefore should accompany any production electronically stored information (ESI) by the government:

1. Identifier: A unique production identifier (“UPI”) of the item.
2. File Name: The original name of the item or file when collected from the source custodian or system.
3. Custodian: The name of the custodian or source system from which the item was collected.
4. Source Device: The device from which the item was collected.
5. Source Path: The file path from the location from which the item was collected.
6. Production Path: The file path to the item produced from the production media.
7. Modified Date: The last modified date of the item when collected from the source custodian or system.
8. Modified Time: The last modified time of the item when collected from the source custodian or system.
9. Time Offset Value: The universal time offset of the item’s modified date and time based on the source system’s time zone and daylight savings time settings.

Why is this metadata decision important? Because it now puts a requirement on federal government agencies that they should be capturing and storing their ESI is ways that first capture the above noted ESI and second, insure that metadata is not inadvertently modified, for example when it is reviewed to determine its responsiveness to the FOIA request.

Federal government agencies deal with huge amounts of ESI on a daily basis and should have archiving systems already in place to insure ESI is captured and managed correctly per the National Archives and Records Administration (NARA) regulations. It now seems they need to relook at their ESI archiving systems to insure they can meet this new metadata requirement.

The ROI of Information Management

Bill Tolson Cloud Storage, eDiscovery, records retention, Technology , , , , , , , , , , , ,

Information, data, electronically stored information (ESI), records, documents, hard copy files, email, stuff—no matter what you call it; it’s all intellectual property that your organization pays individuals to produce, interpret, use and export to others. After people, it’s a company’s most valuable asset, and it has many CIOs, GCs and others responsible asking: What’s in that information; who controls it; and where is it stored?

In simplest terms, I believe that businesses exist to generate and use information to produce revenue and profit.  If you’re willing to go along with me and think of information in this way as a commodity, we must also ask: How much does it cost to generate all that information? And, what’s the return on investment (ROI) for all that information?

The vast majority of information in an organization is not managed, not indexed, not backed up and, as you probably know or could guess, is rarely–if ever–accessed. Consider for a minute all the data in your company that is not centrally managed and  not easily available. This data includes backup tapes, share drives, employee hard disks, external disks, USB drives, CDs, DVDs, email attachments  sent outside the organization and hardcopy documents hidden away in filing cabinets.

Here’s the bottom line: If your company can’t find information or  doesn’t know what it contains, it is of little value. In fact, it’s valueless.

Now consider the amount of money the average company spends on an annual basis for the production, use and storage of information. These expenditures span:

  • Employee salaries. Most employees are in one way or another hired to produce, digest and act on information.
  • Employee training and day-to-day help-desk support.
  • Computers for each employee
  • Software
  • Email boxes
  • Share drives, storage
  • Backup systems
  • IT employees for data infrastructure support

In one way or another, companies exist to create and utilize information. So… do you know where all your information is and what’s in it? What’s your organization’s true ROI on the production and consumption of your information in your entire organization? How much higher could it be if you had complete control if it?

As an example, I have approximately 14.5 GB of Word documents, PDFs, PowerPoint files, spreadsheets, and other types of files in different formats that I’ve either created or received from others. Until recently, I had 3.65 GB of emails in my email box both on the Exchange server and mirrored locally on my hard disk. Now that I have a 480 MB mailbox limit imposed on me, 3.45 GB of those emails are now on my local hard disk only.

How much real, valuable information is contained in the collective 18 GB on my laptop? The average number of pages of information contained in 1 GB is conservatively 10,000. So 18 GB of files equals approximately 180,000 pages of information for a single employee that is not easily accessible or searchable by my organization. Now also consider the millions of pages of hardcopy records existing in file cabinets, microfiche and long term storage all around the company.

The main question is this: What could my organization do with quick and intelligent access to all of its employees’ information?

The more efficient your organization is in managing and using information, the higher the revenue and hopefully profit per employee will be.

Organizations need to be able to “walk the fence” between not impeding the free flow of information generation and sharing, and having a way for the organization as a whole to  find and use that information. Intelligent access to all information generated by an organization is key to effective information management.

Organizations spend huge sums of money to generate information…why not get your money’s worth? This future capability is the essence of true information management and much higher ROIs for your organization.

 

New York lawmakers propose legislation to enforce archiving for governor’s emails

Bill Tolson eDiscovery, records retention , , , , , , , , , , ,

“A recent proposal will mandate the current and future governors of New York to use an email archiving solution that will offer permanent access to important documents, the Times Union reports.

The most recent proposal marks the second-consecutive year New York lawmakers have passed legislation that creates more strict regulations forcing governors to submit emails to state archives. The bill’s proponents have stressed the historical benefits of integrating a government email archiving solution.

“Without documentation from successive governors’ administrations, the history of New York state is, and will remain, incomplete,” said Camille Jobin-Davis, assistant director of the state Committee on Open Government, in a memo in support of the bill, the news provider reports.

Lawmakers have been pushing for improved documentation of state government emails for the past year in an effort to fill a current void in the state’s information management requirements. Jobin-Davis criticized the state’s current email regulations and said they provide “minimal” guidance by allowing governments to freely destroy emails.”

The entire article can be read here

Email archiving has become an important tool to ensure transparency among government agencies. Citizens want to be able to have access to all areas of how their government is run. Email archiving ensures government agencies, including governors, are making their records available for review.

Training Employees Before they Hit the SEND Key

Bill Tolson eDiscovery , , , , , , , , , , , , ,

Time and time again we see news stories and legal case writes ups where it has become obvious employees still have no idea that an email is not a private communication. I find most employees, even corporate legal department types, still consider an email is like a verbal conversation in a parking lot; once its ended, it doesn’t exist anymore (unless it was recorded).

A recent example came from the Goldman Sachs Congressional hearings where the following exchange took place:

US Senator Carl Levin: “And when you heard that your employees, in these e-mails, when looking at these deals, said God, what a shitty deal, God what a piece of crap – when you hear your own employees or read about those in the e-mails, do you feel anything?”

David Viniar, chief financial officer, Goldman Sachs: “I think that’s very unfortunate to have on e-mail.”

This is a prime example of a probably very smart guy never considered that specific content in that email would every show up in a blog much less the front page of the Wall Street Journal. This problem of unguarded content in emails has become a major liability for many companies and organizations. Another example is the email flap recently over the emails between various researchers at various universities around the global warming question.

Organizations are doing themselves a huge disservice by not training their employees around proper email use and its implications if not followed. I am not addressing the “right” or wrong” questions about these two specific examples, just the fact that very smart people continuously ignore the consequences of questionable emails.

So what can organizations do to protect themselves from this kind of liability? Well there are two steps that you can take to drastically reduce your liabilities around smoking gun emails. First, train all employees (not just once but at least annually) on your email use policy (hopefully you have one that addresses this kind of behavior). But also just as important is to educate them on the consequences of inappropriate email usage. Explain to them the eDiscovery process and what that means for email. Government agencies as well as attorneys regularly ask for and get emails from organizations in litigation or agency subpoena.

Also educate them on the email technology. I can’t count how many times I have had CEOs, CIOs all the way down the line to line workers explain to me that when they delete an email from their email box, it’s really gone. Show them why that’s not the case with a couple of the hundreds of case examples where company employees believed the same thing and what happened.

The second step is to put technology in place that helps you zero in on this type of behavior before it ends up in court and on the front page.  Many organizations will think this is “big brotherish” and not fitting with their organizations culture. I disagree with this reasoning…Putting protections in place to ensure proper business behavior is a common sense measure to reduce your legal liabilities. Install an email archiving system so that email is secured for some period of time via retention policies and also have content monitoring capability to be able to monitor, in real time, occurrences of content/behavior your organization has deemed out of bounds. Along with this technology, be sure to explain (repeatedly) to each and every employee that all of their emails are being captured for a period of time and that some are actually being monitored for content. I guarantee you that your employees will be overly careful what they put in emails going forward.