Copple & Associates,P.C.

Providing creative and effective strategies

Electronic Data Security

Electronic Information Storage and eDiscovery
Data Management and Security


“We are awash in electronic information.  It is smeared across our technology systems.   Managing this morass of information is one of the most serious problems facing business today. “

 Robert F. Copple, Firms Must Pick Which Data to Save, The Arizona Republic, D4, September 12, 2004.

Companies, large and small, often don’t appreciate the ramifications of Electronic Information Storage (EIS) until it is too late and they are already at risk of serious legal liability.  At that point, trying to fix the problem can be dearly expensive, and is often unsuccessful.

  • Statutory and regulatory EIS requirements, such as those imposed by Sarbanes Oxley, HIPAA, and SEC rules, create stringent EIS obligations and carry the threat of serious penalties for noncompliance. 

  • Internal data security is strained to the breaking point by the easy transferability of confidential business information. 
  •  Expanded electronic discovery (“eDiscovery”) litigation demands and new judicial rules punishing parties for spoliation of evidence often can turn relatively routine commercial disputes into the worst kind of litigation with enormous discovery costs and potential sanctions in the hundreds of thousands, or even millions, of dollars.

 

 

 

 The primary goals of an EIS management program should be to:

  • Ensure the retention of all business data necessary for the operation of the business or required by law.
  • Identify unnecessary data for disposal. 
  • Establish policies and processes limiting and controlling EIS transfer. 

Creation of a successful, efficient, workable EIS management program requires attention to the following elements:

Understand the Objectives of the Enterprise.  It is critical that each company specifically identify its EIS objectives based on the type and size of the business.

Practice Minimalism.  Data should be discarded unless there is a good business or legal reason to retain it.  Integration of this principle requires that a company, once again, take a hard look both at the types of data it collects and the regulatory constraints relating to that data. 

Keep It Simple.  An EIS management program must be simple and easy to implement.  Once the policy becomes too complex, it is virtually guaranteed that employees will simply ignore it. 

 

  Use IT Infrastructure.  There must be adequate IT resources to implement the policy.  Where possible, automated systems should be used achieve the policy goals.

Secure Information.  Information security is fundamental to protecting the assets of the enterprise and must be considered at each step of EIS policy creation and implementation.

Control EIS Distribution.  Because EIS can be easily copied and transferred with the stroke of a key board, an EIS policy should include internal distribution controls, both in the form of employee rules and the use of IT tools.

Be Consistent.  EIS policy implementation and enforcement must be consistent.  Inconsistent document retention actions can create a taint of intentional spoliation and wrongdoing.

Enforce the Policy.  Enforcement must be simple and consistent.  The policy should use both automated systems to dispose of unnecessary data and procedures to motivate employees to appropriately deal with the rest of the data that cannot be addressed through automated systems.  

As an advocate, ADR neutral, and business consultant, Robert Copple is an established leader in EIS and eDiscovery.  He has worked with a number of companies in the design and implementation of internal business EIS management programs.  His approach to developing EIS management programs requires the input of business, legal, and IT representatives to tailor a policy to the specific needs of the company.   
  

 

 

 Mr. Copple is one of the founding members of the CPR International Institute for Dispute Prevention and Resolution Panel of eDiscovery Neutrals and works closely with CPR and other organizations in developing arbitration rules that address eDiscovery concerns.  He has published and presented extensively on EIS and eDiscovery.

Selected RFC EIS Publications and Presentations (click title to download):     

 

 

 

 

 


Data Management and Security: The Solution to eDiscovery and Compliance, Arizona Technology Council, June 24, 2009.

Discover New E-Worlds, Legal Times, (April 21, 2008).

eDiscovery: It's All About The Information, AZ ADR Forum, (Fall 2007).

Dealing With Data: No, You Can’t Call Them Documents Anymore, Business Law Today, (March-April 2005).

Firms Must Pick Which Data To Save, Arizona Republic, (September 12, 2004).

An Effective Document Retention Policy: Your Best Defense to Electronnic Discovery, Copple & Associates, P.C., Dispute Prevention / Management Seminar Series, (2008).  

Electronic Discovery in Arbitration, Arizona State Bar Association, (February 5, 2008).