By: Scott Giordano, Esq., Corporate Technology Counsel, Exterro
The most interesting topic to come up during the first day of this year’s ILTA conference wasn’t something presented during the breakout sessions but rather came about during a discussion I had with one of the industry analysts—the problem of “rogue” repositories (e.g. Dropbox, Zoho, Google Drive, Box.net).
The problem: Business employees are storing work-related electronically stored information (ESI) in these repositories without the business’s knowledge. I can recount more than a few cases where severe sanctions resulted from a party certifying that it had produced all ESI requested, only to discover later boxes of backup tapes found in some IT administrator’s garage. Now, take that same scenario and extend it to every potential custodian and a very realistic nightmare scenario arises. Not so long ago, the “rogue” problem for businesses centered on wireless access points established by employees who wanted wireless mobility without bothering to go up the corporate chain for permission. It was an open invitation to cyber intruders and became a huge headache for information security teams.
Now, businesses have a potentially bigger problem: how do they hunt down these rogue repositories that may contain multiple versions of responsive ESI? The problem, it seems, is exacerbated with the advent of “bring your own device” (BYOD), since mobile devices can access these repositories but have little in the way of controls to prevent corporate ESI from winding up there. Given these problems, can counsel ever certify with certainty that they have produced in good faith all that was requested?
Has this come up yet at your workplace, and, if so, how was it addressed? Drop us a comment below.
Scott Giordano is an experienced attorney with more than 16 years legal, technology and risk management consulting experience. Giordano serves as Exterro’s subject matter expert on the intersection of law and technology as it applies to e-discovery, information governance, compliance and risk management issues.