IT and Legal must work hand-in-hand in order to allow your organization to be profitable and successful. By developing a thorough plan and properly implementing the right tools, you can create a cohesive team.
In Part 1 of this series, we provided insight into how you can strengthen the relationship and collaboration between IT and Legal by addressing: Why collaborate? and Where to start?
Part 2 will focus on What tasks require collaboration? and When should the partnership begin?
What tasks require collaboration?
- Data inventory and file analysis
ROT (redundant, outdated, trivial) data is rampant in many organizations and the only way to understand what data your company has, is to perform a data inventory and file analysis. This will allow your company to make an informed decision about what data needs to be managed and/or searched. However, this job requires work from both IT and Legal. IT needs to identify what data exists and where it is found, while Legal needs to use this information to determine if/how the data is to be managed and/or searched. This typically includes both structured and unstructured data.
Asking where is most applicable to unstructured data (i.e. file analysis) because of the transportability of this data. For instance, a .doc file can be stored in many places such as a local drive, portable drive, or file share. With structured data, the data is typically more static in its location. Of any department, IT is in the best position to supply the where and what to Legal.. Unstructured data, such as loose files, can be anywhere and it will be a chore for IT department to properly inventory all data, but it is very important that as much information as possible is collected and provided to Legal.
- Make Legal aware of all possible types of locations for the company’s data. It would also be best to attempt to define what data is stored in each location. For instance, email can be stored on company servers, as well as local drives of users’ desktops/laptops.
- It is advisable that you meet with the lines of business to get an understanding of the data they use. This may evolve into a long process, but it is best to look under all rocks than to be surprised during litigation. Meet with Legal and thoroughly explain the locations and types of data. This will then allow Legal to analyze the risks involved and make a decision as to how IT is to proceed.
Note: IT should not be surprised if Legal requests them to perform a full data inventory. Utilizing an information governance software, IT can automate this process. This automation can even be carried down to the user desktop/laptop. 2. Classification
As you may already know, all data is not created equal. Caution is being thrown to the wind if your company plans to collectively treat all emails the same, all files the same, etc. To clarify, all ‘replies’ within email are not the same and neither are all .pdf files. What matters is what is contained within them. Just because a user has two messages or files with the same extension, by no means classifies the data as the same. In fact, this couldn’t be further from the truth. With auto-classification, you can have your data properly classified. This means that instead of grouping two .pdf files together as ‘similar’, auto-classification could group an email and a .pdf, because of the content within them.
Regardless of the size of your company, it would take many man years to manually classify all of your data. Use IG technology to perform auto-classification on all possible data. This will group your data together and provide Legal with the information they need to create retention policies for the various types of classified data.
- Retention Policy Management
Once the data inventory and classification steps have been completed, it is time for IT and Legal to collaborate on any retention policies that need to be enforced on the data. It is advised that Legal creates the initial draft of the policies without any input from other departments. This is not to exclude IT, but it is best that Legal tackles this first with the intent of conforming to the rules and regulations that are required of them. Once Legal has the initial draft, it is time for IT and Legal to meet and hash out the details, exceptions, etc. to the policy draft. IT can also provide estimations on how long the policies will take to be assigned, when they can be enforced, and on whom should they be enforced.
A pilot group is recommended as the initial users to be impacted by the policies. These users can then provide feedback on parts of the process that require adjustment (e.g. communication). You can also use the pilot group to extrapolate the timings and volume, to get an idea of how long the process will take for all users, as well as how often it can be run. This information can then be used by Legal to determine any changes that are required.
There have been companies that were extremely diligent in enforcing the policies, but unintentionally omitted data from the process. The most common omission are backup tapes. Revising the schedule for scratching backup tapes should always be considered during policy management.
Keep in mind that this is a perpetual process that needs to be constantly enforced to comply with any federal regulations, etc. with which the company is obligated to follow. Email, files, and more will be in constant flux, as old data is deleted and new data is created. The black hole here are new systems that are implemented, new locations to store data, etc. IT should have regular meetings (e.g. monthly, quarterly, etc.) with the lines of business to understand what changes are being made and what new data is being stored. Legal will then need to be made aware of this to adjust the policies. Policy management is a living, breathing organism. You cannot expect to ever finish this process, because it is never-ending.
Even though you are enforcing automated, perpetual policies on your classified data, eDiscovery will still be prevalent within your company. Depending on the type of business in which your company partakes, there could be a great deal of searching of your data that is required. For those of you that perform the searches, you already know how time-consuming this process can be. It can also be very frustrating because of lack of communication between IT and Legal. An IT person could end up performing multiple searches of the same data, because Legal needs to adjust the search terms.
Legal and IT are extremely adept at what they do, but without communication, the search process will stumble. It is recommended that both teams discuss the possible pitfalls of the searches using the defined keywords, to set an expectation level for all players.
Another challenge is making sure all parties involved understand how long a search could take across all applicable data. It is imperative that IT and Legal both understand the importance of the results being produced within the specified time frame and implications of not achieving that goal. If the amount of data is so vast that it could take weeks to search and break down the searches into sections. This will implement a parallel processing methodology where IT delivers partial results to Legal and while Legal is reviewing the results, IT can start searching the next data. This process will allow both departments to achieve their tasks in stages. It also removes the possibility of IT giving Legal 500 GB of data at once that has to be reviewed.
When should the partnership begin?
Today is the best day to start the collaboration between IT and Legal. Sooner than later, these two groups will need to work together and under pressure is no way to start a relationship. Creating a team dynamic can save your company time and money.
The steps laid out here are very chronological, but keep in mind you might need to perform eDiscovery tomorrow. Are you ready to collaborate? Are there any steps you can take today to ensure tomorrow’s success?
In today’s litigious world, it is not if your company will be in a lawsuit, but when. To be ready for this, perform a simulation. You should practice for eDiscovery before an authentic need surfaces. This will create the relationship between IT and Legal, but will also set some important expectation levels, provide timings, expose any flaws, etc. within the search process.
Start the planning now on how this virtual team would work together to achieve their unified goal.
Ask any realtor the three most important words and they will say; location, location, location. For IT and Legal, the three words are; collaboration, collaboration, collaboration. Both teams must work hand-in-hand and this virtual team is vital to the profitability of your company. Though neither group actually produces revenue, this team will mitigate the expenses that will help your company flourish financially. Save time and money by fostering the collaboration between these two important groups today!
To learn more, go to www.SherpaSoftware.com or call 1-800-255-5155
Case Study Overview: As a lawsuit resurfaced, the Browns decided to intensify their search for eDiscovery software. In addition to accommodating their changing eDiscovery needs, the Browns also wanted a solution that could incorporate a litigation hold process. Although policy enforcement wasn’t a prerequisite, they were facing storage related issues that required a more reliable information/policy management tool as well. Then, they turned to Altitude IG.
The post Bridging the chasm between IT and Legal – (Part 2 of 2) appeared first on Sherpa Software.