The report – the security vendor's '2011 Information Retention and E-Discovery' survey – looked at how enterprises around the world are managing ever-growing volumes of electronically stored information and preparing for e-discovery requests.
In addition, says the report, implementing best practices translates to a 64% faster response time with a 2.3 times higher success rate when responding to an e-discovery request.
Despite the risks, the survey found nearly half of respondents do not have an information retention plan in place, which lead to serious problems related to excess storage and improper legal hold practices
According to Annie Goranson, e-disovery attorney with Symantec, the findings of the survey – which took in responses from legal and IT staff with 2,000 enterprises worldwide – indicate that email is no longer the primary source of information for an e-discovery request, which is a significant change from what has been the norm over the past several years.
“The days of legal simply asking IT to dump emails onto backup tapes are over, there is too much information being created by a wide variety of sources. It’s critical for those two departments to work together to develop and implement an effective information retention policy”, she said.
When asked what types of documents are most commonly part of an e-discovery request, respondents selected files and documents (67%), and database or application data (61%) ahead of email (58%). As evidence of just how many sources companies must be prepared to produce information from, more than half indicated SharePoint files (51%), and nearly half cited instant messages and text messages (44%) and social media (41%).
The survey also found wide variations in information retention practices among enterprises. Companies that employ best practices, such as automating the placement of legal holds and leveraging an archiving tool instead of relying on backups, fare dramatically better when it comes to responding to an e-discovery request.
These top-tier companies, says the report, are 81% more likely to have a formal retention plan in place; 63% more likely to automate legal holds; and 50% more likely to use a formal archiving tool.
Implementing these best practices translates to a 64% faster response time with a 2.3 times higher success rate when responding to an eDiscovery request. Consequently, said Symantec, these top-tier companies are significantly less likely to suffer negative consequences than companies that do not have a formal information retention policy in place.
Despite the risks, the Symantec survey found nearly half of respondents do not have an information retention plan in place. Thirty% are only discussing how to do so, and 14% have no plan to do so. When asked why, respondents indicated lack of need (41%); too costly (38%); nobody has been chartered with that responsibility (27%); don’t have time (26%); and lack of expertise (21%) were the top reasons
The report recommends that companies create and implement a records and information management (RIM) program. They should, said Symantec, get started with a formal plan as soon as possible, and then refine it accordingly to address specific laws and regulations governing the retention and availability of information. Without a formal plan it is difficult to know when – and what – to delete, which drives over-retention and creates additional risk.
They should also, says the report, periodically delete electronically storied information (ESI) according to your RIM program. Most organisations (79%) believe that a proper information retention plan should allow them to delete information.
Despite this, researchers found that 20% of organisations still retain archived data forever. This means that a large percentage of organisations are not correctly deploying the archive to minimise data through expiry and by implementing document retention policies. They should, the report says, delete according to their information retention plan to reduce storage, litigation exposure and e-discovery costs.
Other recommendations from the research were that enterprises should use backup for recovery, archiving for discovery, as well as deploying advanced legal hold processes and solutions to minimise the risk of non-compliance, and they should conduct litigation readiness exercises to determine exposure areas and develop a prioritised remediation plan.
The final conclusion of the report is that it is critical for organisations to assess their current state of preparedness to determine how well they can safely and efficiently respond to an e-discovery request or governmental inquiry.
By taking a long-term approach and leveraging industry best practices – along the EDRM spectrum – Symantec says that companies are in a much better position to withstand challenges to their internal processes and avoid negative consequences.