HOT TOPICS >> Q2 Earnings Roundup | CMIS | Mergers and Acquisitions | Industry Voices | One on One Interviews
IT NEWS BY INDUSTRY >> Healthcare IT | Government IT | Financial Services IT | Biotech IT | Compliance IT
One on One with Jonathan Martin of HP
Jonathan Martin is the worldwide VP and General Manager for Information Solutions at HP, which is responsible for selling software and services to help companies with their information governance issues. We asked him some questions about eDiscovery and compliance and why companies need to be paying more attention to this.
FCM: I saw a presentation last month by a lawyer named Ralph Losey, who said that most companies are totally unprepared for an eDiscovery order. Why aren't U.S. companies being smarter about information management?
JM: As regulations increased, we began to see what can happen when companies, such as Morgan Stanley and Qualcomm for example, failed to produce information in litigation cases because they lacked an electronic discovery strategy and technology tools and processes to locate pertinent content. In some cases, companies were sentenced to pay up to 1.4 billion dollars. Companies today can no longer perform in this manner--we live in an age of regulation and as digital information continues to grow at an exponential rate, companies are facing increased compliance standards and a greater need to implement an eDiscovery strategy.
Today, more and more organizations are realizing that getting the right information at the right time is critical to their business success, but most are still finding difficulty justifying the investment in information-related projects. The lack of a strong business case to justify the investment to begin an information project was noted by 55 percent of organizations in HP’s research. In addition, another barrier organizations face is a firm understanding of exactly what requirements are necessary in an eDiscovery request. More than half of respondents from small and medium-sized businesses cited a lack of understanding of eDiscovery requirements as the main reason for not establishing an effective eDiscovery strategy.
The short term benefit of implementing an information management strategy and compliance archive solution is that it can pay for itself with one lawsuit. It can also have important long-term benefits in terms of adding a layer of meaning and context to your corporate information assets in order to make better business decisions in your organization.
FCM: What types of actions should companies be taking so they are prepared for regulatory compliance, audits or an eDiscovery order?
JM: By proactively managing business information, companies can reduce litigation risk, maintain compliance, and help companies save a bundle in the process. Today, new regulations are being enforced making legal preparedness both essential and inevitable. In order to meet compliance and regulator standards, companies must know what information they have; where it is located; how long they need to retain business information; and what information needs to be preserved and produced to support eDiscovery requests.
HP recommends following these steps to prepare for an eDiscovery request:
Step 1: Governance for compliance and policy management
The first step in developing a sustainable program is to mitigate the inherent discovery risks for electronically stored information by adopting an enterprise governance package. A governance package sets organizational standards, processes and compliance rules for streamlining document-handling activities, providing ease of reference and reducing the amount of information that an organization needs to manage.
At the core, the following business rules should be put in place at this point:
- Records management policy or standard
- Electronic messaging policy or standard
- Enterprise records retention schedule
- Document handling procedures
Step 2: Process for knowing your information universe
The second step of the eDiscovery journey is the most challenging and resource intensive. Understanding how information is processed throughout its lifecycle is essential. Process also means change, especially as it relates to electronically stored information. Organizations need individual, departmental or functional standards for describing how electronic documents and email are to be indexed, retained or disposed, any imposed standards can change how information is processed.
During this phase, authenticity of documents (accurate and original content) and chain of custody are also key. Chain of custody refers to ensuring that documents on a hold order are not altered and that the metadata (data about data) is preserved. In addition, because email is the biggest target for subpoenas today, organizations must produce email messages stored on servers, backup tapes, personal hard drives and home computers. Employees should produce standard categories for email messages with retention periods.
Step 3: Technology to bring it all together
The increasing demand for e-discovery with the exponential increase in electronic information demands that every organization should be prepared with an information management strategy. Organizations need to manage their information proactively as core assets, not only to reduce the risk of eDiscovery but to increase the productivity of your day-to-day operations. In order to implement a governance package and processes, you need to implement technology to help you manage your information as an asset across your enterprise. The magnitude of the problem, the volume and wide distribution of information and the implication of not taking proactive measures indicate that managing your information is now mandatory. Organizations around the globe are looking at document and records man agreement solutions with rigorous and unified records management to support their eDiscovery preparedness and operational productivity.
FCM: I heard about one company that forbid its financial advisers from using email to communicate with clients because they want nothing in writing. How do you avoid draconian measures such as this and what's a better approach in your view?
JM: Email gets the most focus these days because it tends to be the primary target of eDiscovery requests. What organizations aren’t thinking about now is all of the other unstructured content contained within an enterprise. Most information stored by companies is unstructured and unmanaged, costing companies millions of dollars when a litigation arises. Forbidding email usage won't stop phone calls, instant messages, text messages, social networking and SharePoint content from existing and being called into question in litigation situations.
Organizations need to create a proactive strategy for storing, archiving and deleting their information. They need to set retention schedules based on policies defined for their organization. Having a content disposition strategy would be a key thing for this organization to look into, rather than barring email and slowing their business down.
Lastly, organizations can’t forget about paper documents. A solution like HP’s TRIM lets organizations archive all of its records, whether they are paper based or held electronically.
FCM: Cloud computing presents a unique set of information management and compliance challenges. How do you set up strong information management rules when the information isn't stored behind your firewall?
JM: The storage of the information behind the firewall or in the cloud is actually not the issue for information management. Most of the hosted storage provider or hybrid solution providers are encrypting the data before storing them in the cloud. This mechanism, in concept, is actually pretty similar of what we are doing today with data protection, when the data going to tape are encrypted before the tape is exported and sent to iron mountain for disaster recovery.
Some of the architecture that are emerging (Emulex) even propose to break up documents into smaller pieces that are disseminated into several cloud providers, which means that unless you own the application that disseminated the information, no document can be re-created and read by just looking at what is on the cloud.
The issue lies more in the application layer if several services (mash-up concept) are provided by different SaaS companies as there is no cross SaaS application standard that make sure that traceability and tamperability are being enforced consistently. Until there is, a company shouldn’t expect to implement best of breed applications short term because of the lack of standard in cloud application interoperability and compliance. It’s not risky for an organization to choose a single partner and application stack today as long as they deeply understand how they implement their internal partitioning to make sure that the data are not too inter-mingled between various customers of the providers.
Related Articles:
One on One with Content Management's Movers and Shakers
HP maintains number-one position worldwide
HP launches Nehalem-based servers
Hewlett-Packard to cut 24,600 jobs
SHARE WITH:
Comments
Post new comment
Home
| Subscribe | Advertise | RSS |
Privacy
| Site MapTHE FIERCEMARKETS NETWORKFierceFinance | FierceFinanceIT | FierceComplianceIT | FierceHealthcare | FierceHealthFinance | FierceHealthIT | Hospital Impact | FierceMobileHealthcare | FierceHealthPayer | FiercePracticeManagement | FierceCIO | FierceCIO:TechWatch | FierceContentManagement | FierceMobileIT | FierceGovernmentIT | FierceBiotech | FierceBiotech Research | FiercePharma | FierceVaccines | FierceBiotechIT | FiercePharma Manufacturing | FierceMedicalDevices | FierceDrugDelivery | FierceIPTV | FierceOnlineVideo | FierceTelecom | FierceVoIP | FierceBroadbandWireless | FierceDeveloper | FierceMobileContent | FierceWireless | FierceWireless:Europe | FierceCable© 2010 FierceMarkets. All rights reserved. |
 |