Fast forward only a couple of years, and plaintiffs’ counsel in a large class action lawsuit made essentially that ask: They proposed that the defendant hand over all documents that hit on the numerous search terms plaintiffs had crafted, and that they would decide which documents were relevant (and not privileged).

The legal discovery landscape is changing. As ESI volumes continue to grow and discovery-related technology continues to evolve, the importance of a company’s information management processes—in particular, its ability and willingness to dispose of information in a timely and defensible manner—will only continue to increase as well.

TAR—Friend or Foe?

Legal discovery no longer is synonymous with combing through boxes of paper documents for relevant information. Attorneys now use key-word searches and databases. Just as new technologies have dramatically accelerated content creation, so are they transforming approaches to content review. Technology-Assisted Review, or “TAR,” is one such technology that is increasingly accepted as a useful tool in large, ESI-heavy reviews for civil litigation and government investigations.

The Sedona Conference defines TAR as a “process for prioritizing or coding a collection of electronically stored information using a computerized system that harnesses human judgments of subject-matter experts on a smaller set of documents and then extrapolates those judgments to the remaining documents in the collection.”[1] In legal document review, matter experts can code a seed set of documents as relevant or responsive, privileged or not privileged, and TAR can then extrapolate time-saving analysis to the full document set. TAR can help determine the degree to which documents in a full set are similar to those in the seed set, allowing parties to craft more strategic and efficient document review plans—for example, prioritizing review of documents with an 80 percent or higher likelihood of responsiveness that likely are not privileged.[2] Between the sheer volume of ESI now held by most companies and the often sweeping nature of discovery requests, especially in large, multi-jurisdictional litigation and investigations, companies can find themselves sorting through millions of potentially relevant or responsive documents. Tools like TAR are increasingly vital assets for companies seeking to reduce the costs of legal discovery.

But just as it helps companies receiving discovery requests, TAR could embolden those making them. A common argument regarding discovery requests is that working to satisfy them as-written would unduly burden the responding party. TAR could give requesting parties a basis for pushing back against a responding party’s undue burden argument. If TAR can streamline certain phases of discovery, burden arguments based on volume or time might begin to fall on increasingly deaf ears. And beyond merely pushing back, requesting parties could take the next step—seemingly already on the minds of some government and private actors—of flipping the tables and saying, fine, give us your documents, and we will use the resources at our disposal to review them for the all of us.

Legal discovery is multi-faceted and always will be. Even if we never reach the point of complete reliance on technology or all-inclusive document hand-overs, there is no doubt that the explosion of ESI and corresponding acceptance of TAR will continue to reshape the discovery playing field. Anyone who manages records at a company that may find itself embroiled in litigation or investigation is primed to feel the impacts.

Discovery: That’s Legal’s Purview, Right?

Sure. More broadly, though, legal discovery is a whole-company issue. Significant discovery can divert resources from business operations, increase risk, and cost an inordinate amount of time and money, and the outcome of litigation or an investigation—inevitably based in some part on discovery—can affect a company’s reputation, market position, and bottom line. Despite these threats, it is easy to backburner discovery considerations and only pay close attention once the house is on fire. Companies should fight this tendency and take proactive steps to help ensure that, when flames pop up, they can be controlled. Implementing a well-considered records retention schedule is one of the most impactful first steps in this direction.

A records retention schedule based on legal requirements and industry standards and tailored to a company’s business and risk profile is both a good offense in the war against accumulating redundant, obsolete, or trivial information (“ROT”), and a good defense if a company is unable to produce requested information, so long as the company can show the information was disposed of in accordance with the schedule in the ordinary course of business.

Some of the riskiest information for a company can lurk in the depths of ROT. A company often is aware of the general content and location of its more “official record”-type documents, like financial statements; far less often does it know what lies in unstructured ROT. Draft notes from a non-privileged meeting, colorful language or expressions, eyebrow-raising emails, communications suggesting that something be addressed offline—this type of content tends to live quietly in the dark until it is dragged into the limelight of a legal matter. And even if it doesn’t prove a legal point, it can damage a company’s credibility and reputation. By identifying what types of information must be retained and for how long, a retention schedule can empower a company to dispose of other content, reducing ROT and risk.

Because regulators and attorneys exist in the same ESI-driven world, in which information is more likely to have been over-retained than responsibly destroyed, they may regard with suspicion a company’s rejoinder that it does not possess certain documents or anticipated volumes of information. But if a company can point to a legally-supported records retention schedule and established, consistent records retention and disposition practices to explain how it has handled the requested information, more often than not it will be able to overcome (even if it cannot eradicate) any such suspicion.

Recent proceedings in the New York Supreme Court highlight the seriousness with which courts might address records retention issues. At the end of April, Judge Arthur Engoron held former President Donald Trump in contempt of court for failing to produce documents in response to a subpoena from the New York Attorney General and providing only “boilerplate” attorney affidavits to explain the lack of production, and he imposed a fine of $10,000 per day of continued noncompliance.[3] Trump paid $110,000 in fines for contempt.[4] Judge Engoron did not purge the charge until the end of June, after Trump Organization employees filed additional affidavits regarding the Organization’s records retention policies.[5]  This all serves to underscore the interplay of records and information management and the discovery process, and the importance of the former when it intersects the latter.

Don’t Discount Destruction.

Even with an operative, effective records retention schedule, it can be tempting to view prolonged retention as the safe approach to information management. Tools like TAR can feed this feeling, promising assistance in wading through the virtual mountains of ESI. But over-retention raises risk, especially for companies operating in highly-regulated or litigation-prone areas. Once legal retention periods have passed and information no longer has clear operational or organizational value, the lowest-risk next step typically is disposal. Explaining why a company’s retention and disposition practices are defensible just may be simpler and less costly than addressing the contents of documents that could have been disposed; and thoughtful and consistent deletion practices are all but certain to be more time- and cost-effective than identifying and locating potentially relevant or responsive documents from within an unmanaged, never-purged corpus of company information.

Litigation can move quickly from being a distant concern to reasonably anticipated or imminent. As soon as it does, a company must at once preserve and cease destruction of all relevant information. If other litigation or government investigations arise while information is being preserved for one matter, and that information is relevant to the new matter, it must be preserved for that new matter as well. Litigation and investigations can take years. Thus, failing to dispose of information when legally and operationally permissible can render it subject to discovery for many years and in many matters. In short, when the time is right and destruction is defensible, don’t shy away!

It Never Hurts to be Prepared.

It is hard to predict how information formats and discovery tools might continue to evolve, but one thing is clear—ESI, litigation, and government investigations are here to stay. And if federal regulatory agencies and attorneys are thinking about how they might take advantage of information availability and tools like TAR, companies should be thinking equally as hard about what they can do now to manage the attendant risks going forward. If you would like to discuss records management best practices and steps to help mitigate the risk of records-related issues, Zasio can help.

[1] The Sedona Conference Glossary: eDiscovery & Digital Information Management, Fifth Edition, 21 SEDONA CONF. J. 263, 379 (2020), https://thesedonaconference.org/sites/default/files/publications/Sedona%20Conference%20Glossary%2C%20Fifth%20Edition.pdf.

[2] See id.

[3] Jane Wester, Manhattan Judge Holds Donald Trump in Civil Contempt for Failure to Comply with New York AG’s Subpoenas, Law.com (April 25, 2022, 12:50 PM), https://www.law.com/newyorklawjournal/2022/04/25/manhattan-judge-holds-donald-trump-in-civil-contempt-for-failure-to-comply-with-new-york-ags-subpoenas/.

[4] Laura Italiano, Donald Trump is no longer in contempt of court in New York — but AG Letitia James still holds his $110,000 fine, Business Insider (June 29, 2022, 5:45 PM), https://www.businessinsider.com/trump-not-contempt-court-new-york-ag-still-holds-fine-2022-6; Judge Lifts Trump’s Contempt Order After 2-Month Legal Fight, U.S. News (June 29, 2022, 6:14 PM), https://www.usnews.com/news/us/articles/2022-06-29/judge-ends-trump-contempt-order-after-lengthy-legal-fight.

[5] Id.

Disclaimer: The purpose of this post is to provide general education on Information Governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.

The post In Defense of Destruction appeared first on Zasio.

No doubt, becoming an IGP has considerably complemented what I’ve learned on the job about information governance. In studying for the exam, though, I was surprised by the extent to which the materials leapt past strict IG concepts—such as data mapping or developing backup and retention policies—into the realm of broader business leadership and management principles. High-level and strategic is right: building relationships across disciplines, managing both up and down, analyzing organizational risk, communicating effectively, understanding and employing financial terms and analysis, and driving change all are big themes in the subject matter. While I didn’t expect these principles would underlie so much of becoming an IGP, I’m glad they did. These aren’t niche topics limited to records departments; they are time-tested concepts that can help you achieve success at your organization well beyond creating an information governance program. And for that, I appreciate them.

So if you’re considering becoming an IGP, I’m sure you’ll learn many vital things about data repositories and classification schemes that you wouldn’t pick up as easily elsewhere. However, be prepared for—and prize—these larger lessons inherent in the IGP materials. Here are a few from my studies that stood out to me the most.

IG Means Understanding the Whole Organization

Like being an effective in-house attorney, being an IGP means getting to know your whole organization, not just your own tiny sliver. Distilled to its core, information governance is about how an organization manages and derives value from its ever-expanding stocks of information. The IGP exam focuses on the process of developing a comprehensive IG program, which sets the rules for how an organization handles the information it creates and consumes. As the IGP materials stress, developing an effective IG program requires working with many parts of your organization, such as privacy and security, risk and compliance, each business unit, and information technology.

To develop an IG program, you must understand the informational needs and goals of each part of the organization. This requires spending a great deal of time with each, which can be an eye-opening exercise. Something special happens to your thinking when you get to know how each component of your organization operates rather than staying siloed: You start to look at things from an organizational level, viewing your work as a part of a larger instrument. Such organizational thinking can be extraordinarily useful, and its use is not limited to IG. Training your attention on the organization rather than only your slice can lead you to think more creatively, innovate, and want to better cooperate with all of your organization’s different units.

IGP stresses getting to know your organization as a whole because an IG program, and the information it directs, touches every part of the business. Through studying to become an IGP, you’ll begin to gain a knack for this systems-level thinking. And once you can demonstrate your knowledge of the organization and systems-thinking, it may be only a matter of time before you’re asked to use them in organizational functions outside of IG.

IGPs are Generalists, and That’s Great

The IGP materials teach that, to prepare an effective IG program, you must first understand the areas involved in, and impacted by, the program—which, in most organizations, is practically every aspect of the organization. In other words, you must learn to start thinking like a generalist.

In the book Range: Why Generalists Triumph in a Specialized World, author David Epstein explores how top performers, particularly in complex and unpredictable fields, more often are generalists rather than single-subject specialists. For example, the best cellular biologists typically don’t become the best by studying only cellular biology (or from starting their cellular biology studies in kindergarten). Instead, they become the best cellular biologists by including things other than cellular biology in their life. As Epstein explains, having knowledge from many different areas (be it from sports, hobbies, athletics, or different professional or academic fields) allows a person to constantly draw from a broad base of understanding, which, it turns out, can prove pretty valuable. Being a generalist allows you to make connections and develop ideas that a specialist likely could not.

According to Epstein, a specialist’s knowledge is like a deep trench. Too often, single-subject experts are too focused on deepening their own trenches to look over at the trenches that surround them. The generalist remembers to look out over those other trenches. Drawing on a wide range of experiences leads to increased inventiveness and creativity and better problem-solving. In other words, developing a generalist’s knowledge base not only is key to creating a successful IG program, but also is a beneficial and broadly-applicable result of studying for the IGP exam. Becoming an IGP teaches you the value of looking over at surrounding trenches.

Get to Know the Money Side of Things

The IGP materials stress financial literacy. Becoming an IGP involves getting familiar with terms like return on investment (“ROI”), variable costs, payback period, generally accepted accounting principles (“GAAP”), and cost-benefit analysis. A tenet of the IGP materials is securing an executive sponsor to help ensure your IG program’s success. To get your executive team on board with an IG program, you need to learn how to make a business case for the program. Executives, and business cases, rely heavily on thinking in financial terms. And learning how to convince decision makers that you bring something of value—or, conversely, to talk them out of something by showing its lack of value—is yet another IGP principle and skill that is not confined to IG.

Just As In IG, In Life, There are  No Off-The-Shelf Solutions

Preparing for the IGP, you learn that developing an IG strategy can be difficult because there isn’t one prescribed plan to follow. Instead, you must create a strategy tailored to your organization’s circumstances. The way in which you put your IG strategy in motion must be equally tailor-made, and it must account for things like organizational culture and history.

Becoming comfortable with developing a solution without a guide, and with knowing that your solution may have some flaws that will require correction over time, is a good skill to develop for use not just in information governance, but in any domain. Once you’ve custom-made an IG program from the ground up, why wouldn’t you be able to do the same in any other domain?

Ch-Ch-Ch-Changes

Lastly, becoming an IGP is in large measures about managing change. Change is hard, and humans naturally resist it. But change is inevitable, and if the past two years have taught us anything, it is that disruption and uncertainty, and with them, rapid change, may be with us for the foreseeable future.

As an IGP, you’re tasked with convincing your colleagues to dispose of long-held information management practices (with flaws that maybe only you can appreciate). You must also convince them to adopt new practices that may have a significant impact on how they work, then likely to change these practices once again after your IG program enters its monitoring and improvement phase. Incorporating ever-increasing data privacy and security laws and regulations will only further the amount and frequency of change in your IG program.

The IGP [materials/exam] teach you to operate in an environment of regular, often disruptive, change. This may be, perhaps, the most valuable skill learned from becoming an IGP.

Conclusion

Reflecting on the path to becoming an IGP, perhaps the best part was discovering things I didn’t expect to discover. But I’m glad I did. It was a rewarding experience, and I look forward to putting my new knowledge and skills to use. For those considering studying for the IGP exam, know that what you’ll learn will reach far, and just may serve you well beyond information governance.

[1] www.arma.org/page/igp (accessed on April 13, 2022).

Disclaimer: The purpose of this post is to provide general education on Information Governance topics. The statements are informational only and do not constitute legal advice. If you have specific questions regarding the application of the law to your business activities, you should seek the advice of your legal counsel.

The post The IGP—A Master Class in a Lot More Than Information Governance (and Why You Should Become an IGP, Too) appeared first on Zasio.

Author: Brandon Tuley, JD, CIPP/E

Analyst / Licensed Attorney

The post Connecticut Becomes the Fifth State to Enact Comprehensive Consumer Data Privacy Legislation appeared first on Zasio.

• Addressing common sources of vertical and horizontal record series sprawl
• Optimizing “bucket size” to match your organization’s risk appetite
• Carving out exceptions when required
• Considerations in wording new record series
• Simplifying the use of triggers
• Harmonizing a global schedule
• How technology can help
• And more…

We had so many great questions come in during the webinar, we added another session dedicated to addressing them!

Q&A Question Outline

During this Q&A session, the Zasio team addresses questions about bucketing, records retention schedule mechanics, triggers, and more!

The post Breaking It Down — Best Practices for Simplifying Your Retention Schedule appeared first on Zasio.