What e-discovery & A-Rod have in common...

By Patrick Eitenbichler

I know many of us are already tired of hearing and reading about Alex Rodriguez' use of performance-enhancing drugs.

However -- most of the articles don't highlight the parallels between "data retention" of drug testing results & any other company information.  In short, the baseball players’ union kept the results of A-Rod's drug tests longer than required, which in turn became evidence against him (see E-Discovery Knuckleball).

By approaching information management and data retention reactively, because you're too busy to implement a sound information governance strategy, you will expose your company to...

  • failure to comply with government regulations

  • costly fire drills and getting caught off guard in litigation

  • keeping certain data/information too long -- increasing costs as well as risks

  • keeping other data/information too short -- and being unable to find it when required

In other words, take a timeout!  Set up a meeting between the legal, compliance and IT teams in your company to map out what's needed to develop a PROACTIVE data retention and e-discovery strategy.  In almost every single case, your plans and investments will pay off in less than 12 months.

And if you don't know where to start -- call HP...  we have a an Information Management specialist in your area who can sit down with you, run a workshop, and figure out what steps to take to reduce both costs and business risks.


Labels: E-Discovery
| ‎02-18-2009 06:37 PM

Patrick's post brings to light a critical but all-too-often overlooked issue - the endemic problem of OPSEC (Operations Security) failure.  As a former military intelligence officer and now attorney counseling clients on privacy and security issues, I see this as a critical area for improvement in most organizations.  Patrick's suggestions should be taken to heart by everyone concerned with information management.

To date, most of the focus in the world of e-discovery has centered on classical business intelligence problems.  To borrow terms from the intelligence cycle, these are primarily "collection" and "analysis" challenges.  Management of information and data in support of business analytics efforts or to improve a company's ability to comply with compliance/discovery obligations are leading examples.  Indeed, the MLBPA's citation of the subpoena it received from law enforcement sometime after the 2003 drug tests, as justification for retaining drug testing information, probably resonates with anyone handling similar responsibilities in any other organization.  And business is getting better and better at intelligence initiatives in the digital age as the tools to support those initiatives improve.  We now measure our ability to find and preserve the right data in seconds where once it took days.

The problem is that the complimentary discipline of counterintelligence is not yet receiving enough attention.  OPSEC is one of the fundamental concerns of counterintelligence.  It involves a continuous process of identifying information that would be damaging to an organization if it was obtained by an "adversary," identifying the likely points at which that information is vulnerable to compromise, and instituting practices to prevent that compromise.  OPSEC can be enhanced with the right expertise and technology, but it is an enterprise-wide responsibility.  It must become a mindset -- not an action item assigned to a single person or team.  

Like intelligence initiatives, the success of counterintelligence initiatives in general (and OPSEC in particular) can be vastly enhanced with the right tools.  Like the tools being designed for intelligence gathering and analysis, however, these tools must be both reliable and rapid.  To use A-Rod's experience as an example, from the MLBPA perspective it is difficult to imagine how an OPSEC-oriented mindset could NOT have identified the results of the 2003 MLB drug testing as a potentially critical vulnerability ab initio.  In today's world, permitting such a vulnerability to exist for even a few minutes (let alone days) beyond that necessary to comply with business or legal imperatives is inexcusable.  

The relationship between e-discovery and OPSEC is a quickly evolving field.  In the U.S., state and federal laws addressing data privacy and security are only just emerging and have yet to be fully tested in the crucible of regulatory enforcement experience and litigation.  The landscape is similarly changing elsewhere.  Along with evolutions in technology, the outcome of these emerging regulatory efforts will have important implications on the structure and limits of future OPSEC efforts.  But this is no reason to delay the adoption of sound OPSEC measures now.  

Andrew J. Orsmond, Esq.
Foley Hoag LLP

Leave a Comment

We encourage you to share your comments on this post. Comments are moderated and will be reviewed
and posted as promptly as possible during regular business hours

To ensure your comment is published, be sure to follow the Community Guidelines.

Be sure to enter a unique name. You can't reuse a name that's already in use.
Be sure to enter a unique email address. You can't reuse an email address that's already in use.
Type the characters you see in the picture above.Type the words you hear.
Showing results for 
Search instead for 
Do you mean 
About the Author

Follow Us
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.