Part II of a two-part series. Part I appeared 11/24/08.
PART II – ESI COLLECTION
I read a lot of of excellent articles, white papers and documents (as do you)
which present reasonable, astute and prescient approaches to getting a
handle on your company’s ESI (electronically stored information).
However, in virtually all of the materials I see, one important element is missing:
Buildings run fire drills. Do you run data recovery drills?
Sounds counterintuitive, doesn’t it? Common sense would tell you that if you’re backing up your data, it should be relatively easy to recover it on demand. After all, the software “tells” you in your morning report that last night’s run went fine. But did it? Is that all that matters?
Think about it for a moment. How many spokes are in your hub? Where are they? How many people are responsible for protecting the data? What software do you use? What hardware? What media? Is it easily accessible? Physically? Remotely? Do you handle it in-house or do you depend on outside vendors? Do you use off-site media storage? Do you know the time it would require for you to comply with a request to produce data? Do you have an alternate location to restore it? It isn’t always restored to the location where it originated, and certainly not when litigation is involved.
Let’s boil it down to one simple question. What would you do if you received a call with a demand for data – a large quantity of data – that isn’t at your fingertips?
It would surprise you how many companies haven’t thought about this. They do everything right in terms of the front-end of this process, but never anticipate the back-end. They do a terrific job of thinking about data protection, yet don’t think about more important issues – data integrity and the ability to restore it.
What good is all of this technology if, when the big request comes down, you can’t deliver? It’s bad enough when this has nothing to do with e-discovery (such as my location in California, where we have to worry about earthquakes), but when it does, there are sanctions on the line – and not just civil sanctions. Some of the penalties are criminal in nature.
Admittedly, criminal liability would most likely require intentional and/or egregious conduct, but the spectre is out there (I’ll address the facts vs. fictions in a future post).
You don’t want to be the attorney who has to stand in front of the judge and say “I’m sorry, Your Honor.” because you are either experiencing delays in producing the data, produced it very late in the litigation process or are unable to produce it at all. You might get a response like this one from a Judge in the recent McAfee case – “Heads will have to roll“.
Let’s hope it isn’t your head she’s talking about.