Storage Soup

Jun 19 2008   10:17AM GMT

Users rebel against e-Discovery liabilities

Beth Pariseau Beth Pariseau Profile: Beth Pariseau

Tory Skyers’ post about dedupe and the law jogged my memory about recent conversations I’ve had with users about data compliance and archiving. It’s become a big topic for this industry, and as stewards of data, storage managers are part of the legal e-Discovery process.

But some storage managers are beginning to draw a line when it comes to the extent of their role in that process. A discussion about compliance only goes so far these days before frustration starts to show. Someone from a municipal government shop I met at Symantec Vision last week extolled the virtues of Symantec’s Enterprise Vault for data retention and said his organization has policies for dealing with litigation. But he was clear that his role in the process involves managing bits on disk, period. “I don’t delete anything without the department that owns it giving me explicit instructions,” he said. “It’s not up to me to decide to delete data–it’s up to me to keep the storage and backups running on whatever data departments want to keep.”

This week I spoke to a storage guy from a hospital about email management and archiving, and he told me his shop deletes all email after 60 days. “We wrote policies that say we don’t keep email very long because of the storage cost,” he said, and then added that he’d been told by some vendors pushing archiving that a short enough retention period could “make him look guilty.”

“I’m not guilty of anything,” retorted the user. “I’m an IT guy trying to keep email running.”

And he’s right. As long as a company’s retention policy is clearly defined and followed scrupulously, it can be just about any length of time.

As everybody and their uncle tries to get in on selling e-Discovery products and services, new players emerge and the competition gets fiercer. It sounds to me like this is leading some vendors to use scare tactics to push sales by exaggerating how much liability the storage people have when it comes to data compliance and retention. Analysts increasingly agree that organizations of sufficient size should dedicate a liaison between IT and corporate governance to oversee policy instead of tossing legal liability onto the shoulders of IT.

The problem is, IT people remain responsible for understanding and following policies. They also may be called upon to testify as to what those policies are. While I don’t think users should have to take on the legal burden alone, I hope they’re not being pushed too far in the opposite direction, so caught up in shrugging off false expectations that they aren’t mindful of the real ones.

1  Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.
  • Craig Chval
    In the strictest sense, of course, no enterprise can foist legal liability onto its IT personnel. Internal finger-pointing, however, is an entirely different proposition. At the end of the day, it will be the enterprise that pays the price, however large or small, for non-compliance and it will be the enterprise attorneys, in-house or outside, who defend the retention practices in court. All retention decisions, whether involving electronic or hard-copy data, must be content-based. Expecting IT personnel to make content-based decisions about electronic data makes no more sense than allowing the night watchman at the off-site records storage facility to decide which boxes of documents to destroy. For too long, retention and deletion practices were left to IT experts by default, as nobody else understood the technology. Understandably, IT experts' usual priorities were system efficiency and storage conservation. Now that there is no question that overburdened storage media are the least of an enterprise's concerns when it comes to data retention and deletion, it is imperative that sound data retention practices meld technical expertise, business concerns and pertinent legal issues.
    0 pointsBadges:

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: