IT needs better management tools, practices, for electronic information

TIG spoke with Duncan recently about her role in developing emerging technologies and the growing importance of electronic discovery for all public sector organizations.

TIG: Can you talk a bit about what you’re doing in the areas of e-discovery and knowledge management?

Peg Duncan: I’m a member of a group of people who developed the e-discovery guidelines for Ontario. These guidelines are not part of the rules of civil procedure in Ontario, but the hope was that in producing these guidelines we would be able to give some sort of background to the lawyers and the judiciary who would be involved in litigation involving large volumes of information, particularly information originating in electronic form, things like e-mail, BlackBerrys, large-scale databases, phone records – anything that is stored electronically. We just published the guidelines in November. They’re on the Ontario Bar Association’s Web site.

TIG: Tell me about Barristers Briefcase.

PD: One of the projects was Barristers Briefcase, in which we established a tool we were going to use for litigation support. The advantage of using one tool was we could now get IT support for that tool and we could offer additional services for the conversion of information that comes in from other sources. Say we have a private company such as a litigation support vendor image-encode all the documents because we still have all the documents on paper. Those documents are imaged, encoded and loaded into our litigation support tool but we have to get it from the vendor and then we can load it. My role in that was to establish what the services are, establish the organizational units and identify the skill sets so we could get job descriptions written and hire and train someone.

My job was also to design the implementation of it so we could get litigation support centres across the country. Looking forward we may be looking at certain kinds of electronic discovery tools but I don’t think it’s clear to us yet how to go about dealing with it – whether we would outsource it or what we would do internally. That’s still being discussed and we need to understand more about how that would play out.

TIG: Why is e-discovery such a big issue these days?

PD: Since (1995) there has been a pervasive adoption by businesses and government departments and ministries and every organization of e-mail and large-scale Internet applications, with the consequence that when you get into any kind of litigation the source of the information is no longer in the paper records but will be found in e-mail.

The fact is 93 per cent of information these days is created electronically and only 30 per cent is ever printed, so that’s the fundamental problem, to say nothing of the fact that electronic documents can be copied all over the place, which complicates it. Back in the days of well-disciplined records management you had one copy that was on the file and all other copies were destroyed.

That isn’t happening. Furthermore, there is another element which is just part of human nature that e-mail messages tend to be much more frank, so you will find people saying things that on reflection they would perhaps not say. The thing to keep in mind is the rules of discovery. We have obligations from the rules of procedure that require us to turn over all information in our possession.

With e-discovery who knows where all that relevant information may be, but the odds are it’s in the electronic systems. For a long time we’ve been very casual about the storage of e-mail.

In some cases in private corporations e-mail is deleted after 30 to 60 days, and often organizations adopt a policy of having a fixed inbox size.

That means you can’t send or receive any more information so the end user may delete information indiscriminately that could be pertinent in litigation.

TIG: What does this mean for IT?

PD: There is a series of things we need to do now to improve our management of information. If you are sued or expect to receive a statement of claim, and this applies to access of information requests or other forms of investigation, you must stop the destruction of records.

But you need mechanisms to make that happen, and if you don’t, and you don’t communicate that well, what might have been a record might be destroyed. When people had the practice of deleting e-mail after 30 days opponents have asked for the backup tapes.

It can cost hundreds of thousands of dollars to recover the information from those backup tapes and worse, you have to have lawyers go through and find the information relevant to the case at hand, which is expensive.

TIG: What are the alternatives?

PD: I think the solution to the problem is painful. But if you have a litigation hold, you have to retain the information. You can’t continue to delete it. Among the things you have to do is look at your document retention and destruction policies and update them in the context of electronic information. Then you have to educate your end users and you have to see there is compliance. It’s very expensive and it takes time to organize all that information, to go through all the e-mails you get every day, delete the ones you know are not records and put the ones that should be stored into an electronic document management system.

Ultimately, that’s the best thing but people get sloppy and busy and they don’t do it so you can have compliance problems. There are new e-mail archiving and e-mail management tools coming out, which can help with this. There are various ways of doing it. One is to keep a journal copy of every e-mail that’s ever sent, although then you just end up with a large amount of information and you still have to be able to process it but at least you don’t have the duplicates and you can use keywords to go through and extract the information. I’m not saying this is easy – it’s not in any way. Search technologies are getting better and better, particularly as there is more research into linguistic algorithms that can be used to group information logically together. You can have some automated coding of e-mails and some automated processing to identify those ones that need to be kept, but whether or not you’ll catch everything is part of the problem. This is not a problem that has a solution yet. What we’re trying to do is sensitize people to it. The other thing we should do is just make people aware of e-mail. It should not be used indiscriminately. We should be much more careful about the way we use e-mail, particularly the language we use. But the other thing is what happens when someone leaves? What happens to their e-mail account? I bet you dollars to doughnuts in many cases it’s deleted, yet if that person was dismissed for cause that’s where the information is going to be, depending on what the cause was.

TIG: What does this mean for government departments?

PD: Governments do labour and employment litigation – it’s not infrequent, like any large corporation. There were a series of cases in the U.S. that date back to 1993 dealing with the destruction of information and one is Armstrong v. the executive office of the president. The plaintiff challenged the e-mail records management policies of the National Security Council and other components of the executive office of the president and asked for a temporary restraining order to stop the destruction of the Reagan-era NSC backups, so there’s an example of where a government agency gets into trouble. There’s a lot of litigation in the U.S. dealing with aboriginal land trusts, which is going to be a problem for the Australians as well, and could be a problem for the Canadians. One of the suits in the U.S. was against the Environmental Protection Agency. In a freedom of information lawsuit the court issued a preliminary injunction to the EPA and its employees from transporting, removing or in any way tampering with information potentially responsive to the plaintiff’s access to information requests. You can see these are the kinds of things government agencies are going to be challenged with so what can we do now to anticipate this and be ready for it?

Back up tapes are not an archive although as you can see from a lot of this litigation people have to resort to them as if they were an archive simply because people have been destroying information or don’t have any archival system.

TIG: But isn’t the government at least a few steps ahead with RDIMS?

PD: It is absolutely a big step in the right direction. (But) discovery deals with information in the past so what you need to do is bring some sort of order into the information you’ve got and look at how you would preserve it if you were facing litigation so you would not end up with “spoliation.” We need to keep that in mind if we had to be able to produce what a Web site looked like a year ago. In terms of large-scale application systems that might record a complaint about products or services – and I’m thinking of things that could be dangerous, like reports about drugs, reactions to drugs or reports about failures that could be dangerous in products – each of these could result in liability and you’d need to be able to produce what was in that application. But often what happens is database systems are not designed to show what the state of a database was like at a point in time. Databases are designed to show you what the situation is right now and to keep you updated to the minute, not to tell you what was happening 10 months ago.

So how you archive information and how you organize that archive of the information is something that needs to be considered in the design of applications.

TIG: Can you talk about some of the emerging technologies that you see as interesting in this area?

PD: Most of this is processing as opposed to particular applications that CIOs would go out and buy. Apart from making sure they have properimplementations of records management and RDIMS and e-mail archiving, if they are one of these vulnerable departments where they feel it’s enough of an issue that it’s worth the investment to avoid a risk, they might go into e-mail archiving. As for the processing, possibly individual governments might want to look at getting a centre of expertise for e-discovery. Either that centre would be in-house or they would know where they could draw on resources to get it from the private sector. In litigation there’s an expression that you have to stop, drop and roll – it’s like fire. Because of electronic discovery and the volumes of information it’s better to not wait until it happens but to make sure you’ve got some processes in place to collect the information and perhaps have a relationship with vendors who might beable to help you with it.

TIG: I was at a conference recently where the RCMP was talking about what IT managers need to know about forensic preservation.

PD: That’s very important and the IT departments cannot do it themselves unless they’ve been properly trained … that’s typically (by) people who were police officers who would be able to give guidance and offer tools, because what you want is the mirror image of a disk. Say one of your employees has been downloading pornography or has been sending offensive jokes or any number of those kinds of things, you need to be able to take a forensic image of their hard disk, which would be a bit by bit image of all the files, including residual and deleted files, all the stuff in the temporary files, the bookmarks, all of that would be preserved exactly, and only someone who is trained to do that should be doing that. It may not be required in every case and in certain cases it may just be a question of having people, custodians in a regular (law) suit notified to stop destruction and to start collecting their information and perhaps storing it in a (certain) location. In certain cases, particularly if you were looking at an inquiry, you might need to look at getting a forensic preservation but that’s a legal issue and that needs to be considered very early on so you can avoid any kind of destruction of information.

Share on LinkedIn Share with Google+