As businesses communicate and share information in more ways than ever before, whether by email, instant messaging (IM), blogging, and social networks such as Twitter, Facebook and LinkedIn, the amount of electronically stored information (ESI) is skyrocketing to record highs.
While storing this information is always a concern, securing and making the information searchable is now the more challenging issue. This is becoming even more of a concern as the regulatory and legislative environments become more stringent, giving rise to an increase in requests for the production of ESI in response to regulatory inquiry, internal investigations or litigation, which are collectively referred to as eDisclosure requests.
There has been a significant backlash against the lax regulatory environment of the past few years, most recently marked by the record-breaking 1.06bn Euro (£950m) fine handed to Intel by the European Commission for anti-competitive practices.
With the continuing tough economic conditions and even more regulation on its way, eDisclosure related investigations, prosecutions and fines are likely to become more common. While US organisations have always been subject to greater scrutiny and are therefore more familiar with the concept of eDisclosure (called eDiscovery in the US) and the challenges it can present, UK businesses are not ready to deal with this increase.
However, eDisclosure is a global issue and companies around the world need to be prepared. In the UK, almost 50 per cent of companies have experienced an increase in eDisclosure requests compared to last year, but IT directors still do not fully grasp its importance, rating it as their lowest priority below information security, email archiving and rolling out productivity-related tools. In line with this, more than two thirds of these organisations dedicate less than five per cent of their IT budget to provisioning and preparing for eDisclosure.
Fundamental for compliance
In fact, eDisclosure should not be viewed as an option but should rather be fundamental to a company's entire information management, compliance and risk mitigation programmes. The risk of damage to a business from compliance lapses and failure to meet disclosure demands is on a similar scale to, if not greater than, that of IT security challenges such as data privacy breaches.
An oversight could have severe repercussions and leave businesses highly vulnerable to the consequences associated with information risk - including breach of compliance, reputational damage, and loss of stakeholder and customer/ client confidence - all of which have the potential to cripple a company.
Managing the wealth of data
To combat this, companies need to take a proactive approach. If not, responding to an investigation will be an expensive and extremely time-consuming endeavour due to the sheer volume of ESI that needs to be identified, collected, reviewed and analysed.
To put this in context, regulatory inquiries often result in the production of more than one terabyte of data (the equivalent of 75 million pages) and the costs involved with review can therefore exceed the amount at issue if a company is not prepared.
Companies are also often required to respond within a day due to the regulator's demands, but also to try and negate the internal risk of data destruction and alteration. In addition, any oversights can incur severe sanctions and even bigger bills.
For example, the US Office of Federal Housing Oversight responded to a third party subpoena related to the case of Fannie Mae and Freddie Mac, and in the process incurred USD $6M in electronic discovery expenses which equated to nine per cent of the agency's entire annual budget.
To avoid this risk, companies should invest in solutions that can automatically categorise, index, access, preserve, delete and collect relevant ESI in any form. Since these challenges are similar to those presented by email and knowledge management, the use of sophisticated search technologies which enable organisations to effectively and securely manage all of their data can help achieve similar results in risk management.
For example, when a discovery demand is filed, concept search greatly increases the efficiency of any review as it will locate all information related to a pre-defined issue, rather than relying on inefficient keyword search that would either miss relevant data and/ or bring up a sea of clearly irrelevant documents containing a particular search term.
The effective management of this wealth of ESI will not only automate the eDisclosure process and improve a company's ability to respond to eDisclosure demands, but it will also allow companies to improve productivity and efficiency by providing staff with access to all the information they need for their daily jobs.
This is particularly key in the current financial climate where less staff are being stretched to fulfil more roles as processes are streamlined. Despite this, most UK organisations are using out-dated, legacy search and data management tools which do not meet the sophisticated information needs of the staff and are not capable of searching data in different formats and from diverse locations.
The result is that staff waste valuable time trying to locate the documents and information they need. In fact, a quarter of UK businesses admit that their employees typically spend more than half a day a week on this task. For a company with 1,000 employees, this equates to upwards of £50,000 worth of lost time a week or £2,600,000 a year.
The role of security in search
Many companies are concerned that by providing staff with access to all the information they may require they will inadvertently open up Pandora's Box and risk sensitive information being compromised.
However, search solutions do not need to come at the expense of the security of the information. Effective search can actually reduce this risk by providing information to employees based on their roles. By implementing strict policies such as these to safeguard information, businesses can ensure that confidential data is only accessible by those who are authorised to access it.
Through the tagging and categorisation of information, it is possible to carefully define what information can be searched and by whom. This will help organisations remain compliant with data regulations, and will also make it much easier and quicker to collate the relevant information when an eDisclosure demand is received.
Not only can effective search solutions help organisations prepare for eDisclosure and secure their data by enforcing authorisation policies, it can also help monitor illegal financial activity - cited by IT directors as the main reason for the recent increase in eDisclosure requests.
By providing an audit trail for employee actions, it can enable organisations to trace illegal financial activity and irregularities. The explosion of ESI volumes, types and sources has made it more difficult to effectively control and protect information, making it harder for businesses to deal with eDisclosure requests.
Companies need to provision for the new regulatory environment, which is proving to be intolerant of those organisations that cannot effectively identify data that is requested and produce it promptly.
By incorporating sophisticated search and eDisclosure technologies into a company's IT security strategy, businesses can effectively avoid the costly and severe repercussions of unmanageable eDisclosure requests when they hit.
