[ISN] Ready to produce IMs in court?

From: InfoSec News (alerts@private)
Date: Thu Jan 04 2007 - 22:36:44 PST


By Robert McMillan
January 04, 2007 
IDG News Service

Companies that do not keep close tabs on PDAs, instant message 
conversations and other forms of electronic data may soon be in for a 
nasty surprise, should they find themselves in court. As of December 1, 
2006, new guidelines, called the Federal Rules of Civil Procedure, go 
into effect. The rules, set by the U.S. Supreme Court, expand the types 
of electronically stored information that companies could be required to 
produce in a lawsuit.

That means companies will now be on the hook to retain and produce a 
broader range of digital data than before. Flash drives, voice-mail 
systems and instant message archives will all be added to the mix.

According to a recent online survey, executives are ill-prepared for the 
new rules: In a November study by Deloitte Financial Advisory Services, 
almost 70 percent of respondents said they require more training on 
their own corporate record retention policies and procedures (and this 
in an audience including many CFOs, tax directors, finance directors, 
attorneys and controllers). Deloitte says the time is ripe to examine 
your data retention strategy.

One way that enterprise IT can prevent surprises under the new rules is 
by more thorough auditing. Take instant messaging: According to a 2006 
study by the American Management Association and the ePolicy Institute, 
more than half of those who use free IM software at work say that their 
employers have no idea what they're up to.

For most companies, the biggest worries stemming from the use of 
undisciplined instant messaging will be skyrocketing costs and lost 
productivity during discovery, says Jeffrey Ritter, cofounder of Waters 
Edge Consulting, an information management consultancy based in Reston, 
Va. "The burden facing companies is cost containment," he says.

Companies can get into real trouble when the CIO, general counsel and 
records manager are not on the same page, Ritter adds. "The most 
significant challenge for many companies is the lack of a teamed 
approach to evaluating the risk."

Subscribe to InfoSec News

This archive was generated by hypermail 2.1.3 : Thu Jan 04 2007 - 22:46:27 PST