Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

E-discovery forces security organizations to prepare for eventual litigation

The updated Federal Rules of Civil Procedure elevates understanding of e-discovery requirements to a high priority.

This article can also be found in the Premium Editorial Download: Information Security magazine: Comparing seven top integrated endpoint security suites

The biggest threat for 2008 is lawyers.

Insider threats, botnets and the security patch du jour shouldn't have you worried. Rather, your top security concern should be about getting sued.

Less than a year ago, an amendment to the Federal Rules of Civil Procedure (FRCP) radically changed how and when organizations produce documents in a lawsuit. And it directly affects you and the security policies you create.

Now a judge can request electronically stored information. This includes structured, unstructured and even semi-structured data such as instant messages, wikis, blogs, audio, video, ERP records, CRM records, Excel spreadsheets, Word documents, database records...get the picture?

So when (not if) your company gets sued, you must track down the requested records pronto. When paper documents were discoverable, it would be acceptable to take months, even years to get to the documents to the judge. Now these electronic discovery requests are expected in months, even weeks.

And the location of the data is irrelevant. Discoverable documents can be on highly distributed servers, PST files, backup tapes and even home computers of your employees. And they need to be in native format so the meta data can be looked at.

In a nutshell, any reasonably accessible documents must be made available by the stated deadline. If they are found at a later date, they may not be admissible in court, hurting your chances in the case.

What's more, the cost of these discovery requests is borne by the records holder. Don't have your documents classified or ready for the request? Law firms can charge upward of $350 an hour to have their recent law school grads go through thousands of electronic documents and classify them.

Sound scary? Well, it is if you weren't aware of the FRCP changes, aren't litigation-ready and don't have a data collection and retention policy in place. Create a document retention policy, avoid manual classification processes, educate your workforce on your policies and audit and test your policy compliance on a regular basis.

If you put a policy in place now, before you get sued, you'll be in a much better position to handle the requests, and have a legally defensible argument if you can't produce the documents.

The first step is knowing you have a problem. From there you can include the appropriate stakeholders to create a sound policy that, well, stands up in a court of law.

This was last published in November 2007

Dig Deeper on Data security strategies and governance

Start the conversation

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.