Posted Apr 01, 2013 06:49 am CDT
Law firms in the looming shadow of their dark data—collected information with no discernible value—may find a bright solution by developing a formal protocol to systematically destroy it.
The approach, dubbed a records retention schedule, should enable law firms and their clients to regularly jettison the burgeoning morass of irrelevant emails, texts, social media posts and other detritus employees are generating without fear of significant sanctions should someone with a discovery order come calling.
“Ultimately the courts will judge the organization on adherence to its own policy as opposed to scrutinizing the retention period assigned to a given record, unless of course it is in violation of a legal hold,” says John Isaza, a Los Angeles-based partner at Rimon Law and a panelist at LegalTech New York 2013.
Dark data can feed an increasing worry that its mere presence in the forgotten corners of databases can easily skyrocket e-discovery costs. Many fear of the day when a judge says, “Sift through everything you’ve got and bring back what’s relevant.”
The problem has become especially ominous, given that the metric used to gauge the size of corporate databases these days is now expressed in petabytes. A single petabyte can store 200 million iPod songs, Isaza said. That’s about 20 million four-drawer file cabinets filled with text.
Moreover, some government entities and companies doing business internationally are being mandated to destroy data after a certain time, whether it is in paper or electronic form, Isaza said. Law firms and clients doing business with the U.K. are forbidden from retaining personal data longer than necessary, he said. They may one day find themselves facing auditors demanding proof that the data has been destroyed.
Fortunately, said Isaza, who specializes in information governance, law firms and their clients should be able to shed useless data on a regular basis if they establish an up-to-date records retention schedule. That schedule needs to:
• Define what your organization calls a record.
• Apply a robust records retention policy only to what your organization deems to be a record.
• Set a time period after which all other data should be destroyed.
• Ensure that any schedule adheres to the legal holds process.
• Sequester data needed for pending or probable litigation.
The beauty of the plan is that unless your data is characterized as an official record, “all other data or nonrecords can be disposed of at will,” Isaza said.
Exceptions to this approach include special requirements of insurance companies doing business in Illinois, government entities in Iowa and Texas, and federal agencies, including the North American Electric Reliability Corp., the Federal Aviation Administration and the Federal Energy Regulatory Commission, according to Isaza.
The only downside? The relatively safe disposability of dark data generated prior to the establishment of a schedule is less clear.
Without a schedule protocol, Isaza said, it’s difficult to retroactively characterize what’s a record and what is simply taking up space.