Reduce, Reuse, Recycle: Getting to Know Your Data
Clutch Group AVP Laura Jungels co-authored a piece with Jen Swanton, eDiscovery counsel for Medtronic Inc. on how companies can better repurpose their data for increased efficiency. Check out the full text below, or read the article on ACC Docket.
Recycling is acquiring new meaning these days — corporations are looking for ways to leverage the exponential growth of their data by harnessing it for multiple purposes. The data we collect for litigation and investigation purposes can and should be reused across different business functions within our organizations. It shouldn’t be the case that organizations only learn what’s in their data when productions go out the door — they should know what they have before litigation arises.
We have all heard about how we should be reusing our data — conferences and journals are abuzz with this topic — but we need some actual how-to’s. While it’s true that the trend in the industry is toward the left of the eDiscovery Reference Model (EDRM) and focusing more on information governance, it remains largely true that we’re still mostly reacting to litigation. It’s time to use the tools at our disposal to get to know our data before crisis strikes. We should be able to harness our data across the entire enterprise and find ways to reduce our data footprint, reuse previously collected data, and in some cases even prevent future litigation.
Companies are nearly doubling their data footprint every year. By the end of 2015, annual spend on big data will be around $2.8 billion. This is especially apparent in the eDiscovery industry, where data volumes being collected and reviewed for litigation and investigation have increased exponentially over the last decade. Companies are bigger, more reliant upon data and technology, and are more closely scrutinized by regulatory bodies than ever before, which is turning data remediation and discovery into an extremely costly exercise. This makes it crucial to learn from and understand your corporate data in order to repurpose and ultimately reduce it.
Not only is our organizations’ data growing exponentially, but that data is now feeding into our databases and systems through several different pipelines. Companies are continuing to expand globally, meaning that they have data pouring in from multiple jurisdictions. Human resource management and regulatory and compliance programs are just a few of the different business functions within your organization that can use technology to repurpose data to benefit both internal and external stakeholders. In addition, strong information governance policies can help to reduce corporate data volumes overall.
There are many insights to be drawn from interpreting the abundance of information that comes from different business units — how employees are behaving, how we communicate with each other, and how we engage with clients, customers and other third parties. Creating regulatory and compliance programs from data that has already been collected for litigation or investigation matters can save much needed time and money and help ensure that your organization is following international laws and mandates.
Litigation and investigation data can also be used to understand how employees within your organizations behave and can provide insight into your true corporate culture, which in turn can help identify areas of risk if that culture is not aligned with your desired corporate culture. The information below expands on these ideas and walks through ways to recycle your data, regardless of the type of organization you work for or industry that you’re operating in.
Data can provide insight into behavior and communication patterns of your employees. This provides an opportunity for companies to better manage their human resources and ensure that their employees are aligned with corporate goals and objectives.
Data collected for litigation and investigation matters can be reviewed to ensure adherence to data standards, policies and procedures. In this data, one might be able to find instances in which employees are using personal email addresses and personal devices to conduct business. This can leave the organization open to expanded discovery in litigation matters, requiring the collection of data from employees’ personal email accounts, which can be quite challenging. Understanding this before it becomes a court-mandated requirement can lead the organization to reevaluate its policy regarding the use of personal email and personal devices and determine whether any changes are necessary.
As corporations expand both organically and through acquisitions, maintaining a wholly consistent culture throughout the entire organization is nearly impossible. However, organizations can use data previously collected to understand where they might be vulnerable to future actions, enabling them to take steps to prevent future issues. Often in large investigations, data will be collected from entire teams of people who were involved with the relevant product or service, including sales and marketing teams, client advisors, traders, and managers. This data can be analyzed apart from the litigation or investigation and can provide valuable insight into behavior of both individuals and teams, and used to determine whether their behavior is consistent with their organization’s values An HR team can use technology to scan communications previously collected for the use of inappropriate language (e.g., swearing, racist/sexist/homophobic remarks, etc.) and then analyze those communications to determine whether this behavior is widespread or limited to only a few individuals or a specific team. Taking steps to evaluate your true culture can help mitigate future issues and empower your organization to adhere to its values.
Your internal data finds another purpose when used to develop and manage compliance and surveillance programs. An immediate step following the identification of problematic data in litigation and investigation matters is the establishment of training programs to prevent similar future issues. For instance, an organization can build a mandatory training program designed to prevent the use of prohibited sales and marketing tactics and other potentially fraudulent behavior. Within the pharmaceutical and medical device industries, these programs can be used to prevent off-label marketing of drugs or devices. On the financial services side, training can be used to prevent the early marketing and sales of products ahead of the prospectus.
In addition to tailoring training programs, you can also reuse your data to better understand where your organization might be out of compliance with specific laws and regulations. By sifting through employee chats and emails with external customers or clients, you can ensure that the proper documentation was provided to all necessary parties and guarantee that clients and customers understood agreements or contracts. You can use your eDiscovery systems and tools to analyze agreements and assess vendor SLAs to ensure that they are in compliance with trading regulations such as anti-boycott laws.
In addition to building a compliance program, organizations can use their existing data to develop an employee communication surveillance system. Using data collected for litigation and investigation matters to learn how issues present themselves in communications, you can create an automatic flagging system that identifies problematic issues at an early stage. This will allow you to monitor sales representative or trader emails and flag up communications where these employees are communicating about the off-label use of a drug or future client orders for example.
Companies must take into account a wide array of regulatory regimes in conducting their business activities. Governing regulations are not static. In some instances, new laws may require light-touch revisions to policies and procedures, but in other cases, compliance may entail a large-scale change in company operations. For instance, the highly regulated healthcare and financial industries where laws such as the Affordable Care Act and the Dodd-Frank Financial Reforms ushered in new regulatory environments.
When potent congressional proposals become law, the first question is always: How do we figure out our exposure? Data collected by a company for a purpose such as litigation or an investigation may be examined with fresh eyes in the context of complying with new laws. For example, parts of Dodd-Frank made it illegal to maintain business relationships with certain entities which, prior to the law, were commonplace. A database containing records relating to custodians from one particular bank division that will be most affected by the law can be used to collect documents for regulatory analysis. Doing so not only facilitates speedy collection of seemingly disparate information, but also avoids diverting internal business resources.
The Life Sciences industry is similarly heavily regulated. For example, consider the medical device reporting requirements that require manufacturers to report to the Food and Drug Aministration when they learn that any of their devices may have caused or contributed to a death or serious injury. These reporting requirements are not just important for the companies, but for the patients they serve. A company’s knowledge of the data coming into its environment and the ability to monitor for adverse events could be paramount in complying with reporting requirements. Reusing data can be an important component in ensuring compliance with the reporting requirements.
Rapidly multiplying compliance regulations compel companies to look beyond typical information governance strategies. Data should be looked at from a risk management perspective. This is why “cleaning up” data is so important.
Data tools can be used to identify documents that should no longer be preserved as part of your records retention program and identify them for deletion. They can also help identify areas of data that have not been looked at for a long time (black data) for further research and possible deletion. Legacy or black data is often left untouched in your repositories for months or years. This problem is only exacerbated by employees’ reluctance to get rid of data because of the fear of being noncompliant with legal hold or regulatory requirements. This creates an environment of hoarders, where people believe they are creating fewer problems by saving everything, but are, in fact, creating even greater problems. It’s crucial to know when to clean out your data and what data should be deleted so that you can maintain an organized data environment and have a more defensible information governance program.
There are many technologies available today that can help companies achieve their information governance goals. Similar to those technologies used during document review in the litigation context, technology-assisted review and associated tools can help a company know their data based on the metadata and text of the document. This information can, in turn, provide feedback related to whether certain documents are ripe for destruction. However, just as data for litigation cannot be limited to records only, neither can an Information Governance solution. Today, data consists of a broad array of data types, including the ever-changing social media landscape, which must be considered in this analysis.
Buy-in and Implementation
Internal programs like the ones we’ve discussed are often very expensive and the benefits are hard to define, particularly in the form of monetary payoffs. These types of programs are not necessarily easy to implement, but, if implemented correctly, the benefits greatly outweigh the costs.
One way to get C-Suite members on board is to start small, show the benefits of a program and then build it out slowly. Gradual benefits will prove to executives that these programs are well worth the investment. Having implemented the program, your organization must use it. Put your executives’ buy-in to good use — you will need constant input, monitoring and support from multiple levels and functions of your organization.
Companies can repurpose their data in a variety of ways, whether it be for a compliance program, HR initiative, regulatory response or even an information governance project. Reducing, reusing, and recycling your corporate data will continue to be among your most critical responsibilities as you navigate your company’s growing data trove.
Laura Jungels is AVP and head of Global Client Delivery at Clutch Group, a global provider of litigation, investigation, compliance and other services for Fortune 500 companies.
Jen Swanton is the eDiscovery counsel at Medtronic Inc., the world’s largest medical technology company.