Data security means going beyond e-discovery

This column hits the Web just one day before the new Federal Rules of Civil Procedures (FRCP) take effect. For more details on the impact of these rules, don't miss Ephraim Schwartz's recent analysis.

In short, if you're going to court, your attorneys will have to know darn well what data is available and how it is managed, because that information will have to be shared with the opposing attorneys and with a judge before the proceedings start.

The objective of that preliminary discussion is to define what data is available and what should be put on legal hold to prevent accidental or routine deletion. Your company's legal team will also have to be educated on the details of internal IT procedures so that they avoid any damaging misrepresentations.

Moreover, your lawyers may need direct access to your applications in order to get a more accurate first-hand understanding of what's available and perhaps to decide which information needs to be preserved for the litigation. That's where the term "e-discovery" comes into play.

Do you foresee a whirlwind of updates coming from suppliers of business applications, such as ERP? Don't forget the humble but legally relevant e-mail that often settles "he said/she said" disputes in court. That will have to be tracked, too.

Top-tier archiving systems, such as the HP RISS that I reviewed earlier this year, already offer large companies' attorneys the tools to create a private pond of e-mail messages. Expect similar features to become more popular -- perhaps a must have -- from now on.

Commvault, for example, is adding a free add-on for Microsoft Outlook to its Data Archiver for Exchange. The add-on will give a legal team tools to search a store of e-mail messages directly from the Outlook client as shown here.

Preserving e-mail messages may be easy if your attorneys have the right tools, but doesn't do much to prevent potentially damaging content, such as abusive language or child pornography, from being stored elsewhere on your network. Employees can communicate with parties outside the companies using a variety of tools beyond corporate e-mail.

With the new FRCP rules, the actions of one bad apple inside the company can become binding legal evidence that may cost you dearly. How can you possibly monitor e-mail, Web access, files downloads, instant messages, etc. for improper or illegal content?

Chronicle Solutions claims to have the answer with netReplay, a monitoring application that is either bundled with an appliance (their largest model is the 7200) or installed on your own machine.

NetReplay is not exactly an e-discovery tool, but more of an investigative forensic application that your auditors and attorneys can use to make sure that no improper content blemishes your files.