(The Part I "eDiscovery for Dummies - What you need to know" can be find here)
This is the second installment of our "eDiscovery for Dummies" series. This time, we dig into the Social Media case and have a closer look at what an organization should be doing from an eDiscovery standpoint if it is using - which I am sure, most organizations are - some sort of social media (Facebook, Twitter, LinkedIn, etc) to enhance its communications / marketing strategies.
Why do you have to take into account social media within your eDiscovery strategy?
According to the Nielsen Report (“What Americans Do Online: Social Media and Games Dominate Activity”), we learn that two third of the Internet population utilize social media sites. This proves that social media is here to stay and that organizations must learn to live with it and learn to use it at their advantages. A lot of well-known organizations have already started to use social media and use it as marketing/communications tool with their customers, suppliers, vendors, etc. This is a great news and it shows that organizations understand the benefits of embracing Web 2.0! But, yes there is always a “but”, with the good comes the bad. In that case, the issue raised is around monitoring social media and more precisely retention of the social media content, since it’s fully discoverable and can be asked in case of a litigation of eDiscovery request.
Why do you need to preserve social media?
The Federal Rules of Civil Procedure (FRCP) made very clear that social media needed to be preserved from an eDiscovery prospective. The 2006 amendments change the discovery rule to allow a party to request “electronically stored information” within the “possession, custody, or control” of the responding party. In addition, when litigation is “reasonably expected”, organizations have a duty to preserve existing potentially relevant evidence.
Moreover, in a January 2010 Regulatory Notice, the FINRA stated that "every firm that intends to communicate, or permit its associated persons to communicate through social media sites must first ensure that it can retain records of those communications".
As you can imagine if a party failed to preserve and produce ESI within the allowed – discovery – timeframe, the business may face severe penalties. Since social media are included in the term “ESI”, organizations must make sure that social media is incorporated in the data retention policy. So there you have it, YOU NEED TO ARCHIVE SOCIAL MEDIA!
What could possibly happen if you are not archiving your social media and have not a way to produce ESI in the legally-allowed timeframe? Well, you can most definitely get ready for serious fines in case of litigation.
So, what should an organization do to be able to meet an eDiscovery request regarding its social media?
A business should take several steps to ensure that its social media communications are easily discoverable:
- First, it should take inventory of what social media sites are being used within the organization
- The policies must be set to help educate all employees of the (legal & monetary) risks regarding social media
- The organization – and especially the legal team – should be aware of the changing legal landscape on privacy, discoverability and admissibility, as these areas will continue to change, more and more rapidly in the future.
- Finally, the business has to decide whether a backup solution is needed or not, to help with preservation and production of the business’s own social media data.
Expanding on the last point, even if my judgment might be a little biased, I strongly recommend businesses to go toward third party organizations that provide social media archiving solution. Indeed, since social media sites are owned and controlled by third parties, vendors developed technologies that allow an organization to capture dynamic web pages (tweets, Facebook status, etc) for preservation.
Most of these third party archiving providers will offer you a one-stop shop archiving solution that will allow you to archive emails, IM (Instant Messaging), SMS, social media, and even electronic voicemails in a single repository. Those organizations, if relying on cloud computing technology to store this data, will be able to provide you with the following advantages:
- Unlimited storage capabilities,
- Low Total Cost of Ownership since no hardware or software is required,
- Seamless integration into exisiting systems,
- Multiple deployment options to fit your company's infrastructure,
- An intuitive and secure web-based management console and reporting tools.
In our next installment, we will go through each requirement in detail; we will see what challenges an organization will have to face without an archiving solution, and how an hosted archiving provider can answer each of these requirements imposed by eDiscovery, allowing the IT staff to focus on more business-related issues.
This is the first article of a series on eDiscovery where we will try to explain you why it is one of the major drivers for archiving employee-generated content and what you need to do to avoid painful fines in case of an eDiscovery request.
The volume of email is skyrocketing, growing by 500% over the last 10 years, which poses storage and operational challenges for data security and system performance. Add in increased legal and regulatory requirements, and you understand why leading industry analysts believe every organization should archive its email. One word that we hear a lot in the cloud computing, data storage and legal sectors is “eDiscovery”. What I’ll try to do is to bring some light over this small and insignificant – at first sight – word that could cost you serious amount of money and eventually put you out of business!
What is eDiscovery/Electronic Discovery and why does it matter?
eDiscovery is the process of gathering, reviewing and producing documents in electronic format. Federal, state, and corporate governance regulations require most companies to comply with specific regulatory guidelines to retain electronically stored information for 2-7 years and be able to produce it within days.
Some facts about eDiscovery:
- eDiscovery requests are expected to triple in 2010 – FINRA took $50 million in fines in 2009, up from $28 million in 2008. The issue is that 93% of corporate counsels acknowledge that they are not prepared for the growth in electronic discovery regulations and requirements. Another issue is that backup tapes are not compliant with eDiscovery requirements for email, IM and other employee-generated content.
- Enterprises will spend about $4,6 billion in 2010 on eDiscovery. But, 7 out of 10 businesses that experience eDiscovery event go out of business. As you can understand, the expenses associated with finding emails for electronic discovery is potentially crippling.
- eDiscovery is cited as one of the biggest money wasters in the legal world. 70% of money spent on eDsicovery is wasted because, more often than not, lawyers are as to the efficient eDiscovery practices.
- Companies with $1 billion in revenue face multiple legal matters. Those companies spend between $2,5 and $4 million each year on legal discovery of electronic files alone.
- The new FCRP rules – like many other compliance rules – are being enforced. UBS Warburg and Merck were fined $29,2 million and $253 millions in litigation that required eDiscovery of files.
What is ESI?
ESI means Electronically Stored Information. It can be involved in any case of litigation. ESI consist in any types of document different from paper having an intangible form, volume, transience and persistence. ESI and discoverable materials, meaning that they can have the same value/weigh/impact as any paper documents (contracts, letters, etc).
Why do you need to have ESI readily accessible and easily retrievable?
One of the major reasons implying that all ESI must be readily accessible is the FRCP or Federal Rules of Civil Procedures, applying to any organization by the way! The Federal Rules of Civil Procedure govern the conduct of actions brought in Federal district courts. It states that any organization subject to litigation must be able to locate, retrieve and respond to data requests in a timely fashion. A “data request”, in case of litigation, would be the opposite party asking you to provide a certain amount of Electronically Stored Information within a specific – legally defined – timeframe; implying that your corporate data (emails, SMS, IM, social media content) is stored in a central repository and is easily accessible any time.
Here are one or two real-world examples:
- If today, you would be asked to produce all emails from 2001 between the VP of marketing and the product manager, how would you do? And, how long would it take you to recover all the emails?
- Another one. How would you do and how long would it take to produce all the social media communications (Facebook, Twitter, LinkedIn…) related to your organization?
That’s it for this week. Next week, we will dig into the Social Media case and I'll explain you why social media communications are as discoverable as any other ESI.
We recently did a series of three articles on Email Archiving and the different models that are available for organizations looking for an archiving solution for their emails, SMS, IM and social media content.
We first highlighted the need for Email Archiving, the regulations around archiving employee-generated content and their consequences. We then, provided an overview of the data explosion issue and how it should be addressed. Finally, in our last installment, we compared three Email Archiving methods (On-premise vs. Hosted vs. Cloud-Powered) and their relative advantages and drawbacks.
So again, here is the question:
What kind of Archiving Solution your organization is currently using to archive emails and other employee-generated content? And Why?
- Are you satisfied with it?
- Would like to see any improvements?
- What solution would you choose if you had the opportunity to change?
We would really appreciate your feedback and insights regarding this broad question that is becoming pressing issue for many organizations having to comply with ever more regulations and dealing with shrunk IT budgets.
I joined Sonian in July of 2010. While I have been working in the technology industry for nearly ten years, I am a relative newbie in the archiving world, so I have spent the past month ramping up on the space. With the hope of helping other newbies get their footing, I summarize some of my initial observations below.
These notes are written from a vendor's perspective and are based on my research and conversations with coworkers, analysts, litigators, compliance personnel, and, most importantly, Sonian's customers and partners. Just as I benefited from each of their perspectives, I hope you benefit from mine, and I would love to hear yours.
In terms of revenue, industry analysts seem to be honing in on a total email archiving market size between $1B and $2.5B for 2010, expanding to be as large as $5B by 2014. For reference, this is about 25% larger than the much-hyped managed security services market and nearly twice the size of the identity management market. Conservatively, we estimate that there are at least twenty million archiving users today, and that there will be more than one hundred million by 2014. Incredibly, one hundred million archiving users would still represent a mere ten percent of the one billion corporate mailboxes projected to be in existence in 2014.
Growth in the email archiving market is fueled by a number of drivers, including regulatory compliance (FINRA, HIPAA, FRCP, SOX, etc.), litigation support (where organizations turn to digital archives to make the discovery process more efficient), and storage management (where we use archives as a way to offload seldom-accessed data to inexpensive storage). These are all becoming more significant over time--more regulations, more litigation, and more data. Accordingly, customers looking for archiving solutions will have no shortage of options. In fact, a Google search for "Email Archiving" returns over 800,000 results, including listings from global technology providers such as IBM and HP, hosting providers such as Rackspace and BlueTie, and, of course, archiving service providers such as Sonian.
Evolving Delivery Models
While other models exist (including hybrid, appliance-based, etc.), most popular archiving offerings fall in one of the following categories:
Legacy "On Premise" Archiving
Under the legacy archiving model, customers physically install, configure, and operate archiving systems within their corporate data centers. This model provides customers with physical control of their archived data. Many of these offerings are also very mature and boast the vast feature sets that are required to meet the stringent demands and internal policies of the world's largest enterprises. The up-front costs for on-premise archiving are high, requiring investments in hardware, software, and storage as well as ongoing operations and support.
In the hosted model, archiving systems are physically located within vendor data centers and accessed by customers via the web. Customers are not required to install or operate hardware, software, or storage directly, so this model is generally less costly and complex for customers than legacy on-premise systems. Unfortunately, the burden of managing complex infrastructure is shifted from customers to archiving vendors. While the vendors benefit from some economies of scale (by managing hundreds or thousands of customers at a time), they have to price high enough to offset capital-intensive operating models, and infrastructure management complexity can impede focus, innovation, and flexibility. The lack of physical control over the archiving systems is an area of concern for some customers. Leading hosted offerings boast rich feature sets and security controls to comply with key regulatory requirements.
Cloud-powered archiving services represent a dramatic departure from traditional hosted models in that they were built from the ground-up to take advantage of the unique capabilities enabled by cloud computing technologies such as Amazon EC2 and S3. Under this model, as with the hosted model, archiving is delivered as a service. Customers typically pay a low per-user fee per month and are not required to install or operate on-premise archiving infrastructure. Unlike first-generation archiving vendors, however, cloud-powered archiving vendors are not constrained by physical infrastructure--opting instead to tap into networking, storage, and compute power on-demand from external cloud computing providers. This enables archiving vendors (and their customers) to benefit from the scale and elasticity of the cloud--most often in the form of improved performance, dramatically lower prices, and fewer restrictions (i.e. unlimited storage). Vendors of cloud-powered archiving services also argue that offloading the burden of managing physical infrastructure enables them to focus their efforts on high-value innovations.
Two roads diverged in a wood...
Most analysts and archiving providers seem to believe that the archive of the future will be integrated--but there are different perspectives on the type of integration that will occur. One perspective is that archiving will be absorbed into the email ecosystem (alongside hosting, security, ant-spam, etc.) for customers to purchase as part of a bundle of "email management" services from vendors that specialize in this area. We can see the parallels between this line of thinking, Google’s acquisition of Postini in 2007 and, more recently, Microsoft's decision to launch Exchange 2010 "native" archiving.
Conversely, those with a data-centric view of the world tend to believe that customers will look to best-of-breed archiving providers to integrate various data types, including email, files, instant messages, and social media to form a single information archive. Gartner refers to this model as "Enterprise Information Archiving" (EIA) and went so far as to retire email archiving as a distinct segment earlier this year.
Delivery models, integration, and the future
This is not a one-size-fits-all market, and we expect that various archiving models will coexist for the foreseeable future. Legacy on-premise providers control the lion's share of the installed base today and are deeply entrenched in large enterprise accounts. However, analysts and anecdotal evidence suggest that the popularity of this model is waning--particularly as SaaS offerings gain broad acceptance and feature parity. Accordingly, the traditional "hosted" model is gaining momentum today, but vendors in this space will be challenged to achieve the massive scale and innovation required to compete against low-cost entrants that leverage cloud computing infrastructure to deliver improved performance at a lower cost. Finally, upstart cloud-powered providers have an inherent advantage along the cost and focus dimensions but face the challenge of getting noticed in a very crowded room.
From an integration perspective, it is far from certain that either the "email management" or the "integrated information archive" model will dominate in the end. Many customers see value in procuring their email services from a single vendor, and will continue to do so provided that the archiving and discovery conversation continues to revolve around email. On the other hand, the growing popularity of social media and instant messaging for business communications (and the compliance implications of the same) tends to support the notion that these data types need to be put on equal footing with email for archiving, retention, and retrieval. The integrated archive would be a logical way to achieve this, and it also aligns more directly with trends in enterprise search, eDiscovery, analytics, and reporting based on user-generated data.
Well, that’s my take after 30 days on the job. The only thing that is clear to me thus far is that the future is far from certain in the space, and that Sonian and its partners have a great opportunity to shape that future. I would certainly welcome your thoughts and feedback—let’s compare notes!
Exchange 2010 Archiving comes with many benefits, less need for PST files, improved retention over Exchange 2007, and basic e-discovery features... But does Exchange 2010 Archiving replace the need for third party archiving software?
After review, Exchange 2010 archiving won't be able to replace third party systems, but it will be able to coexist. Third party archives can be more complimentary than competitive with Exchange's archiving tool set.
For example, when addressing compliance issues, the backend rules governing Exchange's "Move to Archive" and "Keep for" holds are inadequate for many compliance policies. In theory, IT can impose "Move to Archive" and "Keep for" policies by delineating archive and retention guidelines. In actuallity, those guidelines are just that - guidelines - and end users often have the ability to institute their own policies that define what they archive and how long to retain these documents in the archive.
This isn't acceptable for many regulations. Insert third party archiving solution here. With a third party archiving application, IT can act as a centralized compliance staff that can adequetly define and enforce archiving and retention policies so that investigators and auditors can have confidence when searching through the archive. In addition, many third party archivers can cover a broader range of digitally stored information, not just email. SharePoint, IM, Social Media, and SMS (texts) Archiving are all important when meeting compliance regulations.
Also, because the Exchange 2010 mailbox is under user control, users can edit or delete content until a legal hold is placed on the mailbox. In this instance, a third party application can better enforce content archiving, thus ensuring a more complete e-discovery process.
Not only this, but most third party archiving solutions include better tools to support e-discovery searches - tools that allow for greater granularity in searches that can be definable across multiple mailboxes.
Lastly, in Exchange 2010, users can archive PSTs, but the files must be ingested manually. This leaves room for user error - users can miss a PST, not know how to archive the PST, not know that they are required to archive certain files, or just simply not perform the ingestion. Third party archivers often have PST crawlers or other tools that will automatically find and ingest PST files into the archive. This will ensure that all relevant material is on hand to meet retention policy and ensure a hiccup-free e-discovery process.
Download the webinar to see how cloud powered archiving is changing the email archiving market.
In Wood Country Wisconsin, teachers were ordered by the Circuit Court to hand over all emails, from both personal accounts and school account. This decision was overruled by the Wisconsin Supreme Court. The Court ruled that personal emails don't pertain to any governm
ent activity and therefor are not required to be turned over. In the opinion of the court, "To be a record ... the content of the document must have a connection to a government function. The teachers' personal emails have no connection to a government function and therefore are not records." This verdict is one of many regarding message archiving and online media. As new scenarios arise in the world of online information, the fog
surrounding what information is public, private, professional, etc. will slowly begin to lift as court decisions like this one set precedents that will govern how we regulate our online communication.
“Every firm that intends to communicate, or permit its associated persons to communicate through social media sites must first ensure that it can retain records of those communications.”
– FINRA Regulatory Notice (January 2010)
I cannot comment on a regulatory policy of USA, IANAL and I am an alien to boot. But this sure adds a layer in the social media communications that makes the businesses slightly slower to adopt/use. What the above means is that we have been ignoring the specific needs of the various regulated industries in Social CRM, Social Media Marketing, etc.
We now need to not only monitor the social media or have CoTweet/Hootsuite kind of tools, but also be able to provide archiving solutions for the communications happening via social media. Audit Trails from a programmatic perspective & archiving from a infrastructure perspective. Kind of makes sense why Dell claims that 90% of data saved by enterprises are not read again! ;)
However, we do not need to archive each & every tweet or friending happening on the social web, just those that emanate from the company & its people as its employees (am still not clear if an employee can use their personal account for personal reasons without having to archive).
Some vendors have cropped up to take advantage of this situation and the ensuing FUD:
Social Media Archiving is not an optional need in BFS, yet the current options (AFAIK) are cloud based (SaaS) offerings and BFS might not be ready for it yet. I am not aware of the complete industry, but the few biggies that I do know of, would not like to put such communications data into the cloud.
That concludes the article originally posted on the SFH Blog.
Now, I would be remiss if I did not bring up the fact that Sonian's Social Media offering is significantly less expensive then some of the alternatives listed. Some of the competition's pricing, is 10x as expensive as Sonian's offering. Just food for thought...
Download the Social Media & IM Archiving Webinar.
Learn the ins and outs of this exciting new technology.
Is there a Social Media Maniac in your office?
What is a Social Media Maniac you may ask? Well to me a Social Media Maniac is someone who overindulges themself, and everyone around them, in multiple worlds of social media: Facebook, Twitter, Linkedin, MySpace, - to the point where they could be putting their company and their careers at risk. How exactly does this endanger your business? Let's face it, we are ALL Social Media Maniacs in this day and age. I, @BoCramer, sit in a cubicle outside of Greg Arnette's office. I wrote this article and sent it to coworker @AlecKPhillips to proofread, but he was busy asking questions on LinkedIn. I asked Jeff Richards, Sonian's VP of Business Development, but he was walking to George Nichols' office to discuss something above my paygrade. So I grabbed Sam from sales and he was able to help me out.
In the blog Socialnomics, it is stated that Generation Y is about to outgrow the baby boomers…and 96% of them have joined a social media network. I've also read that many teachers and professors say they are able to successfully reach students much more efficiently through social media than through email. If THAT many people are using social media, then THAT many people are also exchanging vital information that may need to be used as evidence in an investigation... welcome to the social media discovery nightmare.
A recent survey by the Deloitte Forensic Center revealed that roughly 2/3's of businesses worry about the e-discovery risks of social media, as they should. However, 25% of them say they are not prepared, and the other 30-35% only think they are partially prepared. Even worse, the decision makers, the C-level executives, are not committing resources to an e-discovery solution. If these businesses need to present this information, and are unable to do so within the given time frame, they will be facing e-discovery settlements and charges similar to what Morgan Stanley experienced in 2006.
This is not an altogether unreasonable request either, in fact many cases have involved information gathering from social media. A major challenge obstructing efficient and functioning social media e-discovery, is the collaboration between legal, IT, and HR departments. Whether there is a lack of communication, or each department doesn't use systems that promote cooperation. In the case of Pension Committee of the University of Montreal Pension Plan vs. Bank of America Securities, the judge took action against the plaintiffs for deleting emails after an e-discovery request was made. Ultimately, the only source of e-discovery was individual employees mining their mailboxes for relevant information. In addition, the court sanctioned plaintiffs for presenting witnesses who were not educated enough in the company's e-discovery processes.
Scared? Probably not. A little unnerved? Sure, me too. Luckily Sonian has rolled out its newest feature: IM and Social Media Archiving. All you Social Media Maniacs (and IT admins of Social Media Maniacs) can stop sweating now, you don't need to give up your Facebook or Twitter accounts. Tweet away.
Learn how to implement this important new technology to safeguard your business.
Numbers for Instant Message Archiving
Compliments of Pingdom, this infographic gives valuable insight into the explosive growth of Instant Messaging. As Sonian rolls out the new Instant Message Archiving option, I recall the early days of Instant Messaging, aka AIM. It was the "new thing" everyone was becoming more and more obsessed with, like Beanie Babies and Pogs.
Ambitious young techies were experimenting with combining Instant Messaging and video to talk with people face to face, but to the masses technology like that still seemed like something more out of the Jetsons than a household piece of technology. However, Instant Messaging has evolved into a global collaboration tool for business and personal use alike. The sheer multitude of instant messages and conversations exchanged each day demonstrates the need to treat Instant Messaging as a legitimate business tool that needs archiving. I found the infographic below very interesting, and I'm sure all of you who remember the early days when AIM meant AOL Instant Messaging, and AOL meant dial-up, will find this interesting as well:
Register for the Social Media & IM Archiving Webinar.
Learn the ins and outs of this important new technology.
We are sitting in our cubicles, working away happily here at the Sonian offices. In the background, the television is playing the incredible, ridiculous, ridiculously incredible Wimbledon tennis match between Nicolas Mahut and John Isner. As I write this article, the match is finishing up it's 10th hour. These guys have been playing tennis, a rigorous athletic activity, for longer than I work in a day. I bet, when these guys became professional tennis players, they never thought they would put in an 8 hour work day. The match is tied at 68 - 68 in the 5th set. They have played more games in this match than I have played in my life, and I went to tennis camp for a couple weeks when I was 10. It looks like there is no end in site, yet still the crowd chants: "WE WANT MORE! WE WANT MORE!"
I asked around the office, what do you think they want more of? A response came from the cubicle behind me, "...archiving options of ours." Well, fans of Wimbledon, as luck would have it, Sonian recently rolled out archiving solutions for social media platforms like Facebook, Twitter, Linkedin, as well as for SMS text messages, and instant messages. That is a lot of options to add to Sonian's top-of-the-line hosted email archiving solution. So check out the upcoming webinar on Social Media and IM Archiving and congratulate John Isner of the US who, as I wrote this article, won this extraordinary, historic, extraordinarily historic tennis match, 70 games to 68 in the Fifth Set.
Register for the Social Media & IM Archiving Webinar.
Learn the ins and outs of this important new technology.