————————————————————————————————————————
During a recent series of state and local government CIO roundtables, we observed that most CIOs and legal counselors in attendance had not established best practices to meet the functional, legal and operational requirements for compliance with various public records laws and other regulations. Challenges included setting policy, establishing working relationships with legal counsel and incorporating work products from the social networking technologies. Most attendees noted the expanding use of social networking, while all were unsure what was subject to e-discovery. The increasingly familiar threat of newspaper articles or newscasts exposing organizations to financial, legal and reputation losses has focused awareness on these deficiencies.
————————————————————————————————————————
The group consensus at the CIO roundtables was to educate users that generate public records of their obligations for regulatory compliance and how they should work within various media to save records employing established policies and procedures. In addition, elected officials who are increasingly using social media such as Facebook, Twitter, blogs, instant messages and text messages to engage their constituents present critical challenges to IT organizations, which must attain regulatory compliance for capturing, storing and retrieving these communication streams. In the social networking world, what is subject to e-discovery?
Areas of concern discussed by the CIOs consist primarily of the following:
– Training and education
– Policies and procedures
– Dealing with social media data capture
– Compliance
The general discussion among CIOs focused on their ability to:
– Support compliance with public records requests as outlined in federal, state and local laws
– Identify sources of records and store them using taxonomies that allow retrieval when requested through e-discovery
– Ensure that protected personal or exempt information is not inadvertently released during e-discovery
– Educate current and future employees and elected officials about the policies and procedures that drive compliance
Additional concerns included the following:
– Lawsuits against the organization and elected officials for noncompliance could result in significant financial costs to taxpayers and loss of reputation to all involved.
– Most organizations had not implemented technologies to allow employees and officials to achieve compliance as required.
– Most CIOs and legal counsels did not completely understand existing laws and the impact of court rulings on their current policies and procedures.
– Failure to exempt protected information from released records could result in embarrassment and exposure to potential litigation.
CIO CALL TO ACTION
CIOs must shift from focusing on storage and technical solutions e-discovery to focusing on policies and procedures that support record retention and management compliance. Success will depend on a solid working relationship with legal counsel and executive management to ensure that all roles and responsibilities are defined. We suggest the following steps:
– Develop an education plan for current and future employees and elected officials that addresses the full life cycle of records and information.
– Establish effective policies and procedures that ensure compliance with applicable laws.
– Construct a work process with the legal department to handle requests and subsequent release of documents and information.
– Follow court cases that expose new record types such as metadata and social media.
BOTTOM LINE
Although laws on storing and retrieving public records have been around for many years, they have not kept pace with the rapidly emerging technologies that generate data whose retention and management may require (by law) specific treatment. Rulings by judges at state and federal levels are changing this landscape in highly specific ways that must be addressed immediately.
Business Impact:
Individuals and the entire organization are at risk without policies and procedures that capture and store public records from multiple sources and throughout the entire information life cycle. These are not IT risks – they expose the entire organization to financial risk and loss of public trust. CIOs must work closely with legal counsel and executive management to ensure that a viable process is established.
Additional Insights
1. “Reduce the Cost and Risk of E-Discovery in 2009,” Debra Logan, John Bace, 2009 (Research).
2. “Heed E-Discovery Trends to Reduce Costs in Enterprise Information Management and Litigation,” Whit Andrews, 2009 (Research).
3. “Five Steps for E-Discovery to Improve Search and Other Processes,” Whit Andrews, 2009 (Research).
4. “E-discovery Project Overview, 2009,” Debra Logan, Whit Andrews, 2009 (Research).