The data explosion that has burdened organizations across the globe for the past decade has become increasingly expensive to manage. Many experts point to storage as the most obvious culprit for higher information governance costs. There are, however, other factors driving those costs. For example, demands for electronically stored information in legal and regulatory proceedings have significantly increased expenses surrounding data management. Those demands have forced organizations to meet the high expectations that courts and regulatory bodies have for how they address their information or face the consequences.
Those consequences include sanctions and regulatory fines for groups that fail to account for how they store, manage and discover their information. The $919 million verdict rendered in the E.I. du Pont de Nemours v. Kolon Industries case is paradigmatic of this trend. That verdict was inextricably intertwined with the court’s instruction to the jury that executives and employees for defendant Kolon Industries deleted key evidence after the company’s preservation duty was triggered.
Going to Cloud Services for Data Archiving and eDiscovery
These rising data costs – and the risks they pose – are driving organizations to explore new technologies and methods for managing their data. The latest alternative to traditional on-premise solutions involves leveraging cloud-based services.
The hype surrounding the cloud has generally focused on the opportunity for cheap and unlimited storage. While cost effective data storage is important, that factor alone should not be determinative for selecting a cloud service provider. Organizations must have the actual – not theoretical – ability to retrieve their data and do so in real time. Otherwise, they may not be able to satisfy legal or regulatory requests, let alone the day-to-day demands of their operations.
In an analogous context, courts have traditionally compelled paper document productions even though the requested materials may be buried in a messy warehouse. In one such case from this year, a U.S. district court in New York ordered a company to turn over decades-old records that were commingled with other materials in poorly labeled, shrink-wrapped boxes. The court reasoned that disorganized record-keeping should not excuse an organization from producing relevant information. See Brooks v. Macy’s (S.D.N.Y. May 6, 2011).
The rationale from the Brooks case is equally applicable to cloud-based services. Cloud-based data must be intelligently organized so that companies can retrieve data in a timely fashion for business and legal purposes. Otherwise, the savings achieved through cheap storage will be negated by the resulting legal quagmire.
Paring Back Superfluous and Duplicative Information
To facilitate the data retrieval process, the right cloud service provider should have the capacity to implement and observe applicable company retention policies. An effective retention policy will generally help a company retain information that must be kept for business, legal or regulatory purposes – and nothing else. The service provider should enable automated retention rules to ensure that information is kept only for a designated time period. This will allow data to be expired once it reaches the end of that period. And by expiring that data, the company will limit the amount of potentially relevant information available for follow-on litigation.
The pool of information can also be decreased through single instance storage. This deduplication technology eliminates redundant data by preserving only a master copy of each document placed into the cloud. This will reduce the amount of data that needs to be identified, collected and reviewed as part of the electronic discovery process. For while unlimited data storage may seem ideal now, reviewing unlimited amounts of data will quickly become a logistical and costly nightmare.
Tools to Facilitate Discovery
A cloud service provider should ideally have eDiscovery functionality. At a minimum, the service provider should be able to deploy legal holds to prevent users or automated policies from overwriting and destroying data. Advanced search capabilities should also be included within the cloud-based service to reduce the amount of data that must be analyzed and then reviewed. Moreover, the provider should support compatible load formats for export to third party review software.
Another key discovery issue is whether the cloud service provider can establish a clear audit trail for transmissions of company data. Since information could be modified in transit by the routine operation of a service provider’s computer systems, an audit trail is necessary to prove that company documents and their metadata were not affected or otherwise compromised during transmission. Without this assurance, a company may not be able to demonstrate the authenticity of its data before a tribunal or comply with key regulations.
A cloud server provider that can quickly retrieve and efficiently discover data has the potential to help organizations address their legal and regulatory demands in a cost effective manner. Such a provider may be just the solution for organizations that are looking to properly address their runaway information governance costs.