Speakers: Hon. Peter A. Flynn, John Jessen, Hon. Craig B. Shaffer, Carol Stainbrook, Kenneth Withers, Esq.
How would you rate the effectiveness of the actions your organization takes to destroy eligible electronically stored information - pursuant to its retention schedule?
Is unneeded information being retained, because your organization cannot devise an effective process and obtain authorization to actually delete eligible information?
Are you finding that up-to-date retention schedules and a proactive Legal Hold process are still not enough to actually "get to destruction"?
In the 2011/12 Cohasset / ARMA International Electronic Records Survey of past MER attendees and ARMA members an astounding 66% ranked their effectiveness for "electronically stored information" as "marginal" or "fair". In addition, the highest goal for the next one to three years - with a 64% ranking - is to "Implement the consistent and routine deletion of ESI according to the retention schedules".
Read more: http://www.rimeducation.com/videos/rimondemand.php
M12S22 - Closing Keynote - Information Management and the Power of Positive Destruction
1. Cohasset Associates, Inc.
NOTES
MER 2012
Session S22: Closing Keynote
Information Management and the Power
of Positive Destruction
Hon. Peter A. Flynn, Circuit Court of Cook County, Illinois, Chancery Division
John Jessen, Jessen and Associates, Inc.
Hon. Craig B. Shaffer, U.S. Magistrate Judge, District of Colorado
Carol Stainbrook, Cohasset Associates, Inc.
Kenneth Withers, Esq., The Sedona Conference®
1
Key Components of Defensible Destruction
In an environment where your destruction decisions can
be second‐guessed and where you can never be sure that
your decision to destroy information is unassailable, you
must develop, integrate, and adhere to a fundamental set
of destruction “best practices” in order to optimize your
defense of process.
2
Key Components of Defensible Destruction
Deletion pursuant to a defined
retention schedule
Not in violation of a litigation
or investigation hold order
Follows a defined and
repeatable process
Advance notification provided
to appropriate stakeholders
Proper checks & balances: No
one person makes the decision
Ensure that
Delete means Delete
When in doubt, stop and
determine appropriate route
3
2012 Managing Electronic Records Conference 22.1
2. Cohasset Associates, Inc.
NOTES
Key Components of Defensible Destruction
Delete pursuant to a defined
• What does the retention period need to be
retention schedule
based upon?
Not in violation of a litigation • Business needs
or investigation hold order • Compliance requirements
Follows a defined and • Legal needs (non‐litigation)
repeatable process • Historical needs
• Should schedules address Records or all
Should schedules address “Records” or all
Advance notification provided information?
to appropriate stakeholders
• Definition of the categories:
Proper checks & balances: No • Big buckets
one person makes the decision
• Business process
Ensure that • Business purpose/function
Delete means Delete • Document/form title
• Any of the above?
When in doubt, stop and
determine appropriate route
4
Key Components of Defensible Destruction
Deletion pursuant to a defined
• Does the hold process apply to:
retention schedule
• Litigation
Not in violation of a litigation • Government Investigation
or investigation hold order • External Audit
• What does “reasonable anticipation of
Follows a defined and
litigation” mean?
repeatable process
• Is proportionality a measure for
Advance notification provided preservation?
to appropriate stakeholders • When defining information to preserve,
Proper checks & balances: No are the following the same?
one person makes the decision • Potentially relevant
• Reasonably relevant
Ensure that • Proportionally relevant
Delete means Delete • One copy or all copies?
When in doubt, stop and • “Preserve in place” or “collect to preserve”
determine appropriate route or either?
5
Key Components of Defensible Destruction
Deletion pursuant to a defined
• What does a “defined and repeatable
retention schedule
process” mean?
Not in violation of a litigation • IT departments may follow a very defined
or investigation hold order process when deleting application data…
• …but, users casually delete email, files on
Follows a defined and network drives, etc. as part of daily work
repeatable process • Does this requirement change if:
Advance notification provided • The content owner and the custodian are
to appropriate stakeholders the same?
• The process is:
Proper checks & balances: No • Automated
one person makes the decision • Semi‐automated, or
• Manual?
Ensure that
• Information is for internal use only?
Delete means Delete
• Is the consistent application of the
When in doubt, stop and retention schedule important?
determine appropriate route
6
2012 Managing Electronic Records Conference 22.2
3. Cohasset Associates, Inc.
NOTES
Key Components of Defensible Destruction
Deletion pursuant to a defined
• Is “advanced notification” sufficient or, is
retention schedule
“advanced approval” required?
Not in violation of a litigation • How far in advance is enough?
or investigation hold order • Does this requirement change if:
Follows a defined and • The content owner and the custodian
repeatable process are the same?
• The process is:
The process is:
Advance notification provided
to appropriate stakeholders • Automated
• Semi‐automated, or
Proper checks & balances: No • Manual?
one person makes the decision • Information is for internal use only?
Ensure that
Delete means Delete
When in doubt, stop and
determine appropriate route
7
Key Components of Defensible Destruction
Deletion pursuant to a defined
• If no one person makes the decision, what
retention schedule
are the:
Not in violation of a litigation • Checks & balances?
or investigation hold order • Resources?
• Roles?
Follows a defined and • Does this requirement change if:
repeatable process • The content owner and the custodian
Advance notification provided are the same?
are the same?
to appropriate stakeholders • The process is:
• Automated
Proper checks & balances: No • Semi‐automated, or
one person makes the decision • Manual?
Ensure that • Information is for internal use only?
Delete means Delete
When in doubt, stop and
determine appropriate route
8
Key Components of Defensible Destruction
Deletion pursuant to a defined
• What does “delete” need to mean for your
retention schedule
organization?
Not in violation of a litigation • Technically unrecoverable
or investigation hold order • All copies on specific media
Follows a defined and • All copies on all accessible media
repeatable process • All copies on all media
• What are the system resources required to
What are the system resources required to
Advance notification provided
accomplish “delete means delete?”
to appropriate stakeholders
• Does this infer “cleansing” or “sanitizing”
Proper checks & balances: No the media?
one person makes the decision • If so, when?
Ensure that • Does this standard change for:
Delete means Delete • Removable v. stationary media?
• Write‐once v. rewritable media?
When in doubt, stop and
determine appropriate route
9
2012 Managing Electronic Records Conference 22.3
4. Cohasset Associates, Inc.
NOTES
Key Components of Defensible Destruction
Deletion pursuant to a defined
• Is the deletion pursuant to a defined
retention schedule
retention schedule?
Not in violation of a litigation • Is the deletion in violation of a litigation,
or investigation hold order government investigation, or external audit
hold order?
Follows a defined and
• Is the deletion part of a defined and
repeatable process
repeatable process?
Advance notification provided • Have appropriate stakeholders been
to appropriate stakeholders identified and notified?
Proper checks & balances: No • Are there proper checks and balances in
one person makes the decision place?
• Do you understand the content and the
Ensure that context of the data in question?
Delete means Delete
• Is an investigation required?
When in doubt, stop and • If so, how much investigation?
determine appropriate route
10
Key Components of Defensible Destruction
In an environment where your destruction decisions can
be second‐guessed and where you can never be sure that
your decision to destroy information is unassailable, you
must develop, integrate, and adhere to a fundamental set
of destruction “best practices” in order to optimize your
defense of process.
By following such a set of best practice components, you
will best be able to defend your process as being a fair,
consistent, and standard practice and not an ad hoc,
inappropriate attempt to destroy information.
11
2012 Managing Electronic Records Conference 22.4