6 ways to integrate work streams
Most companies have, or are developing, programs for records and information management (RIM), in-house e-discovery and the control of sensitive information such as privacy data and intellectual property.
January 09, 2012 at 07:51 AM
5 minute read
The original version of this story was published on Law.com
Most companies have, or are developing, programs for records and information management (RIM), in-house e-discovery and the control of sensitive information such as privacy data and intellectual property. Historically, these programs have been run as separate work streams by the legal, compliance, audit or IT organizations. But within the past year, we have begun to see a trend of companies combining these initiatives into a single work stream. Killing three compliance birds with a single program stone can save time and money.
Running separate RIM, e-discovery and data privacy programs can create conflicts or extra work. For example, the records organization may be creating retention schedules that are completely different than the information security organization's data classification standards (often discovered late in the process). Furthermore, these work streams cover the same ground. Information collected as part of a records type inventory is often very useful for data privacy, but this information is frequently collected twice.
We have found that three separate work streams are more work, more expensive and take longer than a single, combined work stream. Consider combining your programs using these methods:
1. Incorporate data sensitivity as part of record retention schedules. Include data sensitivity classification as part of the document retention schedule, ensuring a single, content-based inventory of documents.
2. Leverage data loss protection to limit risk in e-discovery. Data loss protection tools used to protect sensitive information from leaving secure repositories can be used to corral other types of documents, reducing the scope of discovery.
3. Use ESI mapping to identify sensitive data leakage. ESI mapping processes can be used to track data in and out of secure repositories.
4. Train employees once for records, e-discovery responsibilities and privacy. Business units welcome fewer compliance training sessions, with each session covering more content.
5. Data audit processes can focus on both records and sensitive information. Data privacy audits also can examine record retention (or the lack thereof).
6. Better records archiving can make e-discovery much easier. Better control of records and other documents simplifies e-discovery.
Of course, the biggest challenge in integrating these work streams is political. Each group is mainly concerned with driving its own initiative, and is fearful of sharing limited resources as part of a larger project. Nevertheless, we have found that often the economies scale provided by combining initiatives allows these projects to go faster, reduces the likelihood of getting stuck and reduces total workload. And in times of tight budgets with too much work, reducing workload is a good thing.
Most companies have, or are developing, programs for records and information management (RIM), in-house e-discovery and the control of sensitive information such as privacy data and intellectual property. Historically, these programs have been run as separate work streams by the legal, compliance, audit or IT organizations. But within the past year, we have begun to see a trend of companies combining these initiatives into a single work stream. Killing three compliance birds with a single program stone can save time and money.
Running separate RIM, e-discovery and data privacy programs can create conflicts or extra work. For example, the records organization may be creating retention schedules that are completely different than the information security organization's data classification standards (often discovered late in the process). Furthermore, these work streams cover the same ground. Information collected as part of a records type inventory is often very useful for data privacy, but this information is frequently collected twice.
We have found that three separate work streams are more work, more expensive and take longer than a single, combined work stream. Consider combining your programs using these methods:
1. Incorporate data sensitivity as part of record retention schedules. Include data sensitivity classification as part of the document retention schedule, ensuring a single, content-based inventory of documents.
2. Leverage data loss protection to limit risk in e-discovery. Data loss protection tools used to protect sensitive information from leaving secure repositories can be used to corral other types of documents, reducing the scope of discovery.
3. Use ESI mapping to identify sensitive data leakage. ESI mapping processes can be used to track data in and out of secure repositories.
4. Train employees once for records, e-discovery responsibilities and privacy. Business units welcome fewer compliance training sessions, with each session covering more content.
5. Data audit processes can focus on both records and sensitive information. Data privacy audits also can examine record retention (or the lack thereof).
6. Better records archiving can make e-discovery much easier. Better control of records and other documents simplifies e-discovery.
Of course, the biggest challenge in integrating these work streams is political. Each group is mainly concerned with driving its own initiative, and is fearful of sharing limited resources as part of a larger project. Nevertheless, we have found that often the economies scale provided by combining initiatives allows these projects to go faster, reduces the likelihood of getting stuck and reduces total workload. And in times of tight budgets with too much work, reducing workload is a good thing.
This content has been archived. It is available through our partners, LexisNexis® and Bloomberg Law.
To view this content, please continue to their sites.
Not a Lexis Subscriber?
Subscribe Now
Not a Bloomberg Law Subscriber?
Subscribe Now
NOT FOR REPRINT
© 2024 ALM Global, LLC, All Rights Reserved. Request academic re-use from www.copyright.com. All other uses, submit a request to [email protected]. For more information visit Asset & Logo Licensing.
You Might Like
View AllLawyers Drowning in Cases Are Embracing AI Fastest—and Say It's Yielding Better Outcomes for Clients
GC Conference Takeaways: Picking AI Vendors 'a Bit of a Crap Shoot,' Beware of Internal Investigation 'Scope Creep'
8 minute readWhy ACLU's New Legal Director Says It's a 'Good Time to Take the Reins'
Trending Stories
Who Got The Work
Michael G. Bongiorno, Andrew Scott Dulberg and Elizabeth E. Driscoll from Wilmer Cutler Pickering Hale and Dorr have stepped in to represent Symbotic Inc., an A.I.-enabled technology platform that focuses on increasing supply chain efficiency, and other defendants in a pending shareholder derivative lawsuit. The case, filed Oct. 2 in Massachusetts District Court by the Brown Law Firm on behalf of Stephen Austen, accuses certain officers and directors of misleading investors in regard to Symbotic's potential for margin growth by failing to disclose that the company was not equipped to timely deploy its systems or manage expenses through project delays. The case, assigned to U.S. District Judge Nathaniel M. Gorton, is 1:24-cv-12522, Austen v. Cohen et al.
Who Got The Work
Edmund Polubinski and Marie Killmond of Davis Polk & Wardwell have entered appearances for data platform software development company MongoDB and other defendants in a pending shareholder derivative lawsuit. The action, filed Oct. 7 in New York Southern District Court by the Brown Law Firm, accuses the company's directors and/or officers of falsely expressing confidence in the company’s restructuring of its sales incentive plan and downplaying the severity of decreases in its upfront commitments. The case is 1:24-cv-07594, Roy v. Ittycheria et al.
Who Got The Work
Amy O. Bruchs and Kurt F. Ellison of Michael Best & Friedrich have entered appearances for Epic Systems Corp. in a pending employment discrimination lawsuit. The suit was filed Sept. 7 in Wisconsin Western District Court by Levine Eisberner LLC and Siri & Glimstad on behalf of a project manager who claims that he was wrongfully terminated after applying for a religious exemption to the defendant's COVID-19 vaccine mandate. The case, assigned to U.S. Magistrate Judge Anita Marie Boor, is 3:24-cv-00630, Secker, Nathan v. Epic Systems Corporation.
Who Got The Work
David X. Sullivan, Thomas J. Finn and Gregory A. Hall from McCarter & English have entered appearances for Sunrun Installation Services in a pending civil rights lawsuit. The complaint was filed Sept. 4 in Connecticut District Court by attorney Robert M. Berke on behalf of former employee George Edward Steins, who was arrested and charged with employing an unregistered home improvement salesperson. The complaint alleges that had Sunrun informed the Connecticut Department of Consumer Protection that the plaintiff's employment had ended in 2017 and that he no longer held Sunrun's home improvement contractor license, he would not have been hit with charges, which were dismissed in May 2024. The case, assigned to U.S. District Judge Jeffrey A. Meyer, is 3:24-cv-01423, Steins v. Sunrun, Inc. et al.
Who Got The Work
Greenberg Traurig shareholder Joshua L. Raskin has entered an appearance for boohoo.com UK Ltd. in a pending patent infringement lawsuit. The suit, filed Sept. 3 in Texas Eastern District Court by Rozier Hardt McDonough on behalf of Alto Dynamics, asserts five patents related to an online shopping platform. The case, assigned to U.S. District Judge Rodney Gilstrap, is 2:24-cv-00719, Alto Dynamics, LLC v. boohoo.com UK Limited.
Featured Firms
Law Offices of Gary Martin Hays & Associates, P.C.
(470) 294-1674
Law Offices of Mark E. Salomone
(857) 444-6468
Smith & Hassler
(713) 739-1250