Why Enterprises Should Extend eComms Compliance and eDiscovery Defences

  • Robin Smith , Technical Director International at Actiance

  • 14.06.2017 11:45 am
  • undisclosed , Robin Smith has over twenty years' experience of security and compliance solutions within a wide range of networking and messaging systems.

Many enterprise electronic communications (eComms) applications offer an attractive proposition to businesses by delivering lower costs, more features and access to newer desktop apps. But while they might be extremely effective business tools, often they don’t provide the functionality required to meet the compliance and eDiscovery needs for organisations today.

Litigation and regulatory reviews are an accepted part of doing business in highly regulated sectors, and the ability to refute any accusations quickly is essential to stop costs from spiralling. However, it is at this juncture that many organisations find the archive capabilities provided by their eComms applications are not only cumbersome to operate, but don’t meet the rigorous demands of regulators or the law either. In order to do so there are several points to consider.

Immutable evidence

The deletion of an email, sentence or even just a single word from an instant messaging conversation can have an impact on the outcome of any potential case. It may be to your benefit or your detriment that a document is missing, but either way if it comes to light that erasure of evidence is even a possibility, you have a credibility problem.

There are many cases where the lack of a reliable archive led to negative outcomes due to preservation practices and they aren’t limited to regulated financial services companies. Take for example in Broadcom v Qualcomm, a patent litigation case where the court ordered $8.5M in sanctions and investigation of ethics violations for a large quantity of withheld documents when a simple search revealed missing documents.

Most regulations demand a tamper-proof WORM-compliant repository for secure archiving. Few proprietary eComms tools provide this as standard, but the problem is far wider when factoring in what you should be or are attempting to store.

Wide range of file types

Email is no longer the only communications tool businesses use. In fact during a normal working day it’s highly likely that the average employee will use several from social media, to unified communications and proprietary collaboration tools. All of these need to be archived in an easily retrievable manner, but many electronic communications applications don’t natively provide a robust compliance-friendly archive. Those that do mostly only store their own content, which actually creates problems down the line because now there is data pertaining to the same conversation in separate archives, with different user interfaces that all need to be searched to understand the full picture.

In addition, large organisations frequently need to conduct many simultaneous searches, but the tools offered by eComms providers often don’t provide the facility to manage multiple cases effectively.

Furthermore, for applications or archives that do provide robust management of multiple cases and allow the consolidation of diverse eComms into a single archive, the vast majority convert the content into an email, which flattens all the rich metadata held within and can actually make it harder to find out what really transpired.

Searches are often much slower, prone to timeout and don’t offer the granular features that reduce data volume results and improve reviewer efficiency.

By extending the compliance functionality to enable conversations to be captured and archived centrally on a modern scalable platform, organisations can perform faster searches looking at all their eComms data through a single pane of glass.  It also allows for conversations and associated file transfers to be exported in chronological order. This ensures an accurate audit trail, provides insight into the context of one message or activity to another, and highlights potential issues such as channel hopping.

Ultimately this results in lower eDiscovery costs and more pertinent results.

Real-time compliance

If organisations are using real-time communication tools on a regular basis, it’s essential that they are able to control and capture conversations securely. Additional requirements such as ethical walls, feature controls and content-based monitoring and alerting may be mandated in regulated industries and highly desirable in others to ensure comprehensive compliance across a wide range of regulations; prevention being better than cure.

Granular retention

While being able to enforce retention policies at a granular level is not always a prerequisite to compliance or eDiscovery regulations, it does help to lower the cost of eDiscovery by limiting risk. Many organisations are so concerned with not being able to furnish relevant documents to adhere to a legal or regulatory request, they end up keep everything indefinitely.

By not disposing of electronic information correctly these organisations are not just increasing storage management costs, but potentially leaving themselves open to the discovery of information within documents long since forgotten. In addition, the propensity for legal teams to over-collect during eDiscovery drives up the cost of document review.

For this reason most companies prefer a far more granular control over document retention than a simple global delete or retain for X number of years policy, which is offered by many eComms applications.

Putting your legal team in charge

In the past, many legal and compliance teams have been forced by technological restrictions to rely on their colleagues in IT to help them preserve information and collect content.  By leveraging modern big-data technology masked by functional and intuitive user interfaces that provide role-based access control, teams can easily manage preservation, collection, legal hold and export without relying on IT.

While eComms applications may satisfy many business needs, if you’re looking to shore up eDiscovery defences and regulatory compliance then it’s important to consider what’s not provided, and the advantages that a comprehensive compliance platform can deliver.


Other Blogs