September 25, 2012
Trust, Verification and Legal Holds: How Archiving and Governance Technology Can Reduce the Risks and Costs Associated with Legal Holds
[Ed.: Today's guest blog post comes courtesy of Robert Cruz, Proofpoint's senior director of archiving and discovery solutions. Robert's been busy representing Proofpoint on the road at the recent ARMA show and will be at the Association of Corporate Counsel's upcoming Annual Meeting where he's part of the team introducing our new Proofpoint Content Collection solution. Follow him on Twitter @RobertCruz03.]
Computer forensics and eDiscovery blogger, Craig Ball, has a great recent post that discusses how legal professionals need to strike a balance between "trust" and "verification" when managing legal holds (see, "Custodial Hold: Trust But Verify," at his excellent Ball in your Court blog). Trust is a must, but relying exclusively upon the actions of individual custodians leaves many potential points of failure, as well noted in the article. As Ball notes:
"This is where the thinking and balancing comes in. You might choose to put a hold on the e-mail and network shares of key custodians from the system/IT side before charging the custodians with preservation.
Or you might change preservation settings at the mail server level (what used to be called Dumpster settings in older versions of Microsoft Exchange server) to hang onto double deleted messaging for key custodians."
Ball's post points to some of the key issues around the technologies and processes that are currently available to IT and legal staffs who are charged with effectively executing legal holds:
- How are specific emails and file share content going to be identified?
- Will messages be recovered from backup tapes or PST files?
- What chain of custody protections are provided when executing these tasks?
- What tools, technology or services are available for organizations to provide this needed verification step — without consuming the entire IT staff or hiring an army of discovery service provider consultants who extract and preserve at $250 per GB?
Clearly, there have been advancements in technology and services that can enable the proper balance of trust and verification — without blowing the legal budget or introducing preservation risks.
In order to preserve email and file share content, organizations faced with frequent discovery should be adding information archiving solutions to their shopping lists.
As just one example, our own Proofpoint Enterprise Archive solution serves as a proxy to the email system, and ensures that email is retained and disposed based on a company’s defined retention policies. As legal holds arise, retention periods are suspended and custodian data is preserved for the duration of a given matter in a tamper-proof repository. Organizations that use this solution benefit from verification without the typical expenses, hassles, and risks – and without having to rely on actions by individual custodians or untrained IT staff.
Just this week, Proofpoint extended this legal hold capability beyond email by enabling the targeted capture and preservation of custodian information (stored in a wide variety of document types) that resides in repositories including end-user desktops, laptops, SharePoint and networked file shares.
See our product page on the new Content Collection option for Proofpoint Enterprise Archive for more information about how Proofpoint is addressing these sorts of "trust but verify" challenges in legal discovery and data preservation.