For this month’s theme, we’re focusing on being intentional. Being intentional can be applied to so many different aspects of what we do: the partnerships we form, the services we deliver, and the solutions we develop. But what I want to focus in on today is something different. I want to talk about the importance of being intentional with how we, and our clients, manage and store the tremendous amount of data that is generated as a part of the litigation process.

For the Star Trek fans out there, does anyone remember the episode, “The Trouble with Tribbles?” You know, the one where the Enterprise crew had to deal with the exponentially multiplying furry creatures? Well, that’s what generating new data is like today, and without careful management and control, you may find yourself in quite the predicament.

The Data Growth Challenge

Throughout the litigation lifecycle, whether we’re talking about one matter or several, data is coming in from a variety of different sources. It starts with forensic collections where digital evidence is being preserved from laptops, mobile devices, email accounts, file shares, and social media…the list can go on and on.

As the matter progresses, additional work products are generated in the form of forensic evidence copies, production deliverables, deposition/transcript exhibits, and privilege logs. And as this information begins to pile up, we’re all faced with important questions regarding how this data will be stored:

  • Is it being stored in different locations?
  • Are there multiple copies of the same files?
  • Who has access to it, and is that access consistent?
  • Who is in charge of managing this process and answering these questions?

Essential Controls and Policies

Having robust policies and controls in place can help alleviate a lot of uncertainty associated with these questions. So, what does that look like exactly?

The foundation starts with a clear set of guidelines for handling the constant stream of incoming data. There should be specific rules that cover each phase of the litigation, from initial collections to final productions and everything in between.

The controls should include straightforward instructions for data retention, specifying how long to keep different types of information and where they should be stored. One of the most important aspects involves user audits where access controls to various data locations are regularly reviewed to confirm that those with permissions to read, edit, and download files still require those rights.

Without these checks, you might find yourself losing track of who has access to what and where copies of sensitive data might exist.

Data classification also plays a key role. By establishing clear categories and protocols, you can ensure that sensitive information stays protected while keeping necessary data readily accessible to those who need it.

A Good Place to Start: Ask the Right Questions

Whether you are creating these policies and controls from scratch or simply reviewing and updating them, knowing the right questions to ask is a good place to start. Here’s a few to guide you in the right direction:

Evidence

  • Is all of my evidence checked in and logged?
  • Are there additional copies on FTP or Shared Drives?
  • Are there Chain of Custody documents for each piece of evidence?
  • Does any evidence need to be sent back to the original owners? Or destroyed?
  • Do you have a policy for evidence handling? If you don’t, be sure to work with your compliance officer to create it.

Productions

  • Are all production deliverables/files for the matter checked into evidence to be preserved?
  • Are there any duplicate copies anywhere?
  • What policies exist in your organization for the storage and control of data deliverables?

FTP Site

  • Is there a policy for storing data on FTP site? How long is too long?
  • Are there periodic user audits for FTP site access?
  • Your organization’s policies should decide what access controls are appropriate for FTP access and internal shared drives.

Software Access

  • The first of the year is a good reason to complete a user audit to determine who should/should not have access to vendor software.
  • Monthly, Quarterly – what is right for your organization? Create a policy and follow it to ensure proper access controls.
  • Disabling inactive users is a good policy to create and enforce.

A Smart Approach to Data Management

Unlike the Enterprise crew, who solved their Tribble problem by beaming the creatures onto a Klingon ship, you can’t simply transport your data challenges away. The key to success is being proactive from the beginning and building a sustainable system that grows with your organization’s needs.

Start by implementing a comprehensive framework that combines regular audits, well-documented policies, and automated controls. This ensures your data stays organized and accessible while maintaining appropriate security measures. By being intentional in how you approach these data management practices, you should have “no tribble at all.”

Ned Adams

Ned Adams

Author

Share article:

Ned has been fostering partnerships and helping clients tackle complex legal matters with TCDI for over two decades. He is passionate about building personal connections with clients to better understand their challenges and develop innovative eDiscovery solutions.

Regardless of the size, complexity, or duration of a matter, Ned leverages his project management experience to help clients navigate a successful solution. He guides organizations and law firms through every step of the EDRM, ensuring their matters are handled as smoothly as possible. As a Lean Six Sigma Green Belt, he thrives on developing workflows and processes that maximize efficiency, reducing time and cost for our clients.  Learn more about Ned.