Enterprise records management strategy guide for GRC professionals
A comprehensive collection of articles, videos and more, hand-picked by our editors
Electronic discovery processes provide numerous benefits from a legal standpoint, including the ability to seek, locate, secure and search data for use as evidence in a civil or criminal case.
But could new and emerging e-discovery tools and processes provide these same benefits to business areas besides the legal department? The answer is a resounding "yes," according to experts -- especially as organizations realize how the data classification, organization and security traits afforded by e-discovery processes can be applied to other areas.
We now are seeing an entirely new recognition within corporate systems and government agencies that information is an asset and a new kind of property for the company.
"We now are seeing an entirely new recognition within corporate systems and government agencies that information is an asset and a new kind of property for the company," said Jeffrey Ritter, an author and lawyer who specializes in information management. "It is the fuel with which they can manage and hone their business."
By definition, e-discovery tools identify where an organization stores data, as well as what the data is used for, how it's distributed and by whom. If used correctly, e-discovery tools can be used to pinpoint this sensitive data and help develop processes to protect it.
Heidi Shey, an analyst at Cambridge, Mass.-based Forrester Research Inc., notes that if an organization can't even locate where it stores its sensitive information, its people won't know where to target data security efforts.
"Part of it is [organizations] don't know what data they have to begin with, where it resides and who gets to access it and use what," Shey said. "Without that layer of information, it's a lot more difficult to start applying controls and policies over the use and the access to this data."
E-discovery tools can be used to streamline processes and automate enforcement in a wide variety of business areas, including data security, according to Shey. A Forrester report she co-wrote earlier this year, titled "Know Your Data to Create Actionable Policy," states that applying identity and tagging data packets with identity attributes allows businesses to determine how critical any piece of data is and protect it more effectively.
In order to protect data, an organization needs to know who "owns" it -- who created it within the business and where it's located, Shey said. The Forrester report notes that network analysis and visibility and data loss prevention (DLP) tools can help discover data so that it can be properly identified and classified. The data discovered using these tools can also be fed into security analytics to help the enterprise know where to look for toxic data. These DLP tools can help control data by enforcing predetermined policies once the upfront work of defining the data is completed.
"This is something that a lot of the e-discovery vendor solutions should consider -- I think it would be helpful from a data security perspective," Shey said. "It's one of those things where they've got the capabilities in their products, but if we think about what it's actually doing, there are different applications for it."
E-discovery's bottom-line benefits
The business benefits of e-discovery processes go beyond data security. Employee training, data governance, customer information management -- all could potentially benefit if e-discovery tools and processes are incorporated into general data governance processes.
Carl Weise, an industry advisor at Silver Springs, Md.-based AIIM International, notes that the "deduplication" of processes afforded by e-discovery is a huge boost to businesses. In other words, e-discovery tools can be used to identify duplicate and near-duplicate copies of data so companies can streamline information and procedures.
"You can actually go in and identify exact copies [of information] and then cut down on volume," Weise said. "It's a wonderful return on investment to reduce storage costs and, of course, the data management costs."
More on information governance strategy
The records manager's role in the data discovery process
Prepare e-discovery tools, strategy for the cloud and BYOD
Automatic classification and categorization of data, two other tools commonly used in e-discovery, are other processes that could be used in everyday information governance and records management "long before there is any litigation or government investigation," Weise added.
E-discovery tools can also identify where data resides and how it's being used in the organization, providing valuable points of reference for areas besides the legal department. The key is to plan ahead when it comes to data discovery, Ritter said.
"Electronic information can be far more reliable, far more accessible as historical evidence and more appropriately managed if we actually design the expectation into the way we build systems and software and storage services so that we anticipate we will need to call on that information to support all types of needs within the business," Ritter said.
If done correctly, proper e-discovery organization can even boost the bottom line. A 2012 Forrester report, titled "Control and Protect Sensitive Information In The Era Of Big Data," states that e-discovery and security teams "often engage in separate data discovery and classification projects that the organization could combine to create efficiencies, reduce costs and improve visibility."
This unified approach to data discovery and classification allows for better archiving and allows the company to delete large volumes of unnecessary data before applying security controls such as encryption, tokenization and rights management, according to the Forrester report.
This outside-the-box thinking around e-discovery tools boosts cooperation within the company and can ultimately help consolidate resources, Shey said.
"If you can say that this is something that's going to help us do better data security, create better policy around how we are going to protect our data, that might expand the pool of groups [and] business units within the company that would want this," Shey said. "You can start pooling together budget. It just opens more possibilities."