A new report from Symantec shows that retention policies are still not fully developed within companies, leaving many unprepared to handle increased requests for information.
The report (registration required), conducted in May and June of this year, surveyed legal representatives and IT professionals within 2,000 companies and sought to uncover information retention’s critical issues and the best practices used to address them. What it found wasn’t too surprising, but serves to highlight the need for better oversight and process management.
Email Requests Decline
According to the report, email is no longer the most commonly requested records companies must produce. Once first, email now ranks third. Both structured and unstructured information sources outranked email. 67% of respondents said that files and documents were most often requested, while 61% cited database or application data. 58% said email is their most common information request. Requests for access to social media and mobile phone text messages also increased.
Retention Policies Save Time, Money
We can’t say it enough: Companies with the best information retention and e-Discovery practices can respond much faster and with greater success to e-Discovery requests. Among those surveyed, nearly half of respondents don’t have any information retention programs at all. As a result, productivity costs can be huge. On average, respondents said they had to respond to legal, compliance or regulatory requests for electronically stored information 63 times in the past year. To find this information, IT staff needed 66 hours on average, which adds up to be more than 4,000 hours per year or the equivalent of two person-years.
But it’s not just about speed, it’s about accuracy, which can significantly decrease litigation and instances of sanctions and fines. The report showed that compaies were 78% less likely to be sanctioned by the courts and 47% less likely to find themselves in a compromised legal position. They were also 20% less likely to have fines levied against them. In addition, they were 45% less likely to disclose too much information, which could compromise their litigation positions.
What can we learn from this? Mostly that a prioritized plan of action is needed. To that end, Symantec recommends a straightforward action plan:
- Create and implement a records and information management (RIM) program.
- Periodically delete electronically stored information (ESI) according to your RIM program.
- Use backup for recovery, archiving for discovery.
- Deploy advanced legal hold processes and solutions to minimize the risk of non-compliance.
- Conduct litigation readiness exercises to determine exposure areas and formulate a prioritized remediation plan.
- Prepare for e-Discovery and governmental inquires by casting a wider ESI net, including social media, cloud data, instant messaging and structured data systems.
Having a plan is just the first step. Implementing it, adhering to it and updating it as rules, regulations and standards evolve ensure that your retention policy can solve the most common information governance problems.