By Karen Dearne
October 16, 2007
TOUGH new rules on the production of electronic records in court actions
aim to put a stop to e-document "shredding", says Joe Fantuzzi, chief
executive of rising content compliance provider Workshare.
"People in organisations who feel they can shred electronically stored
documents that may be subject to litigation are driving laws like the US
Federal Rules of Civil Procedure in e-discovery," he says.
"It's not much different from the paper shredding that brought down
Enron and Arthur Andersen six years ago."
Under the federal rules, if there is a "reasonable anticipation" that
information will be required (not just in current actions, but
prospective ones as well) organisations are required to preserve the
material for potential discovery.
"This means that you cannot take files out of the archives and tidy them
up a bit," Fantuzzi says.
"Many people are tempted to do that: let's just clean up a few words in
this document, alter a few words in that email, using a kind of
"This is just not allowed in the US now, and with the introduction of
new legislation in Britain and Victoria we're starting to see countries
take control of electronic paper shredding."
Adrian Briscoe, general manager of electronic data recovery veteran
Kroll Ontrack, says "litigation readiness" is the buzz phrase for 2007,
with lawyers packing out recent forums in Melbourne and Sydney.
E-discovery has moved far beyond the idea of finding a single "smoking
gun" document, to producing whole sets of incriminating evidence for
presentation to a court.
"Ten years ago, computer forensics was very much a grey art, and people
saw it as the next big thing," Briscoe says.
"That has really been superseded. Now it's all about processing loads of
documents in order to build a haystack of golden documents for the
para-legals to search, rather than a finding a single golden document."
The sheer volume of data is a big issue, as any one company will hold
hundreds of backup tapes in storage, Briscoe says.
"Right now, companies are coming to us saying they have a cardboard box
full of tapes, and they really need to know what's on them because their
legal counsel are asking what people could ask them to hand over.
"Businesses will have to get to the point where they can understand what
they need to keep and how to store it. The storage medium has to be
accessible, and accessible quickly."
Many people are building litigation databases so that documents can be
opened in the native file format, exposing the metadata, the hidden
information associated with every e-document that is not visible during
normal viewing or printing, he says.
Metadata, usually generated automatically, includes details about the
document's creation, the history of edits or changes, and technical
It can also include details added by users, such as comment fields.
Courts prefer documents to be provided in their native format, both to
ensure the material has not been tampered with and to expose information
contained within individual cells of an Excel spreadsheet, for example.
"The only true means of seeing what's in the original document is to
open it up in the original application," Briscoe says.
Hidden data also has a flipside: authors of PDF and Microsoft Word
documents may unwittingly send more information than intended.
Fantuzzi says the embarrassment is usually minimal - at worst you could
lose a customer.
It's common to reuse documents - as a template for a sales pitch, for
"You might find hidden data goes out to a new customer that tells them
something about a previous customer, including your pricing for a
product or service," Fantuzzi says.
"This is the time to ensure your documents are clean.
"It's important to make sure you don't store information that you don't
have to store, so risk information is not in your vaults when you come
"Privacy, data protection and intellectual property laws also have to be
considered in content risk management. Many laws tell you not to retain
information beyond a specified period. So you should keep data as long
as required and, if it's no longer needed, you should destroy it. That's
Research by Workshare suggests less than 20 per cent of companies know
what information they have stored, and what regulations apply to that
"That means 80 per cent don't have a means of identifying what they
have," Fantuzzi says.
Happily, there are plenty of product vendors and service providers ready
to help out.
Forrester Research estimates spending on e-discovery technology will
rise to nearly $US5 billion by 2011 "as enterprises realise they have no
choice" but to comply.
Short-term growth for "reactive solutions" will develop into broader
retention management strategies that will drive market growth, says
Barry Murphy of Forrester.
"The biggest direct spend is the processing of data, on average about
$US1800 per GB," Murphy says.
"Therefore, tools that minimise the amount of data to be processed
present potentially huge savings."
The largest cost involves the legal professionals who view the data, so
visual analytic methods will increase their efficiency in determining
whether data is relevant.
Maintaining the chain of custody and avoiding "spoliation" is also
essential, so data monitoring and lockdown tools will be in demand.
Murphy says the present solutions landscape is "filled with startup
vendors of questionable viability, software giants with questionable
domain experience, and no apples-to-apples comparison mechanism".
Oracle is one traditional player that is putting together a
comprehensive product, announcing just last week that it had acquired
LogicalApps, a leading provider of automated governance, risk and
It also released an updated version of its Universal Records Management
system with new features for mitigating cost and risk around legal
In September it bought Bridgestream, an enterprise role management
software developer for its compliance capabilities.
Oracle Asia-Pacific content go-to-market initiatives director Rob Whiter
says there has been a major shift in perspective away from first or
second-generation records management products "which assumed you would
be able to put all of your records into them".
"The current generation accepts the fact that records will exist and
continue to be maintained within a multitude of systems across the
enterprise," Whiter says.
Problems involving mobile devices and other media not immediately under
corporate control have given rise, "fairly suddenly", to technology for
intellectual rights management.
"Whereas once you emailed something from your organisation it left your
security behind, but now we have tools that give you some kind of
control as it travels through the ether and over who should see the
information," Whiter says.
"We've also invested a lot of effort in our e-discovery toolset. Rather
than trying to get people to put documents and records into a
repository, we now have a policy engine that allows us to apply holds on
information in other systems."
Whiter says that although e-discovery is complex because it touches so
many aspects in an organisation, the new products will help to solve
some of the present problems of security, data retention, identity
management and record-keeping.
"We've all been aware of the laxness with which we manage our electronic
data for a long time, and we've all been very aware that those days
would have to come to a close," he says.
"Through the draft overhaul of the Privacy Act and other proposed data
laws, small and large businesses alike are being told their information
is potentially public record, and they must manage it in a decisive and
policy-driven way, or they will find themselves exposed.
"The moment the impetus becomes compelling this will move very quickly.
The industry is responding to the speed with which this will now move."
CSI 2007 is the only conference that delivers a business-focused
overview of enterprise security. It will convene 1,500+ delegates,
80 exhibitors and features 100+ sessions/seminars providing a
roadmap for integrating policies and procedures with new tools
and techniques. Register now for savings on conference fees
and/or free exhibits admission. - www.csiannual.com