By: Ted Gary, Sr. Product Manager, Exterro
The following article was originally published in KMWorld.
Employee departures and other status changes are an unavoidable business reality. The Society of Human Resources Management (SHRM) estimates that the average annual rate of employee separations from an organization is 13 to 15%. When departmental transfers and prolonged leaves of absence, such as maternity leaves or sabbaticals, are factored in, the rate of employee "movements" that occur each year is probably closer to 20%. It is not uncommon for large organizations to experience 30 or more actionable employee status changes each week.
When an employee resigns, retires or transfers departments, it is common practice for IT to delete that individual's data, including email and all personal files, from the local computer, as well as shared servers, and reissue the equipment to someone new. What many organizations overlook in this standard process is the risk of inadvertently destroying electronically stored information (ESI) tied to ongoing litigation or regulatory obligations.
Given the potential consequences of destroying legally responsive ESI, it is imperative organizations develop processes for protecting vulnerable data. Current approaches to addressing this critical preservation issue tend to be ad hoc, highly manual, time consuming and error prone.
A defensible process for tracking employee movements should serve three primary purposes:
1. Detect: Provide organizations with timely visibility into employee status changes and where those changes intersect with legal and regulatory obligations. 2. Act: Prescribe a systematic set of actions that ensures no responsive data will be inadvertently deleted. 3. Track: Capture and document every event and preservation action to demonstrate legal and regulatory compliance.
Detect It is highly unlikely that a departing employee under a legal hold order will go out of his or her way to make this fact known to the organization's legal and IT teams. Likewise, IT professionals must remain focused on managing systems and should not be tasked with investigating the legal implications of each and every technology transfer that they oversee. It is incumbent on the legal team to detect when data tied to an employee departure must be protected.
Though legal ultimately oversees the process, the initial detection of employee status changes begins in an organization's human resources department. Most large companies employ HR management systems, which keep an updated organizational roster along with basic information about each employee for such purposes as payroll, benefits tracking and equipment management. When an employee departs the organization or transfers departments, the HR system gets updated to reflect that change, optimally right away. Some organizations rely on periodic communications between HR and legal as a means to share these updates. This may take the form of a weekly HR report of employee terminations and other events, such as leave-of-absences, transfers and retirements, which is sent to a paralegal or other member of the legal team via email.
At large organizations, the process of cross-referencing a list of employee status changes against the catalog of open legal matters and active custodians can demand many hours of tedious work. Given the manual, repetitious nature of the task, errors and oversights are inevitable.
Another important factor is time. Some companies recycle systems and purge accounts very quickly, especially during periods of heavy hiring. Ideally, legal teams would be alerted of impending employee status changes prior to the employee actually leaving the organization and turning over his or her data. The reality, in many cases, is that legal teams don't discover that an employee possessing critical data left the organization for many days, if not weeks, after the change. Some organizations combat this risk by instituting waiting periods before reincorporating devices back into the workforce. Waiting periods can be very useful; however, some companies can ill afford to have systems sitting around idle for prolonged periods.
One way an organization can streamline the detection process is to directly integrate its HR system with the legal hold application in its e-discovery system. By integrating systems, information from the HR system can be directly fed into the legal hold application enabling all cross-referencing to be done automatically. For instance, an employee may give notice to its employer that he or she has accepted a position at a different organization. As soon as that employee's official departure date is recorded into the HR system, an alert regarding the status change would be sent directly to the e-discovery system, potentially within mere hours of the update. Legal will be automatically notified if the employee's ESI subject is subject to a hold, resulting a much quicker detection of impending actionable employee status changes.
Act Once it is confirmed that an employee status change presents a potential risk for data spoliation, the organization must enact a response plan that accounts for the different actions that might be required. For example, if a departing employee is a key player in an active litigation matter, the legal team will likely decide to immediately alert IT to make a copy of that employee's data before the systems are wiped and reissued. However, applying this response to every departed employee can quickly lead to over preservation, which can burden IT, increase legal risk exposure over time and undermine data disposal initiatives.
Employee interviews can help legal teams identify the most relevant data requiring preservation. Ideally, the interview would be conducted directly with the departing employee prior to that individual actually leaving the organization. If that's not possible, it can be prudent to interview the departed employee's former supervisor or former colleagues, since they may be able to recount what the employee worked on and when. Just like tracking employee changes, the interviews should be systematic, simple and automated. In some cases, simple surveys delivered over email can bring back valuable information as long as responses to those surveys can be easily accessed and aggregated. If the interview concerns active litigation, members of the legal team should have a fairly good grasp on the key issues and timelines associated with the case. The interview should be mainly comprised of yes or no questions that address the employee's involvement. Good interview questions can be as simple as: Were you involved in project X; or, did you exchange any emails with Person A?
The goal of the interview should not be to simply determine whether the employee possessed responsive data. It should also reveal where that data is located. For example, a departing employee may reveal during the course of an interview that his or her involvement in the matter was limited to a few short email exchanges with one of the central players in the litigation. Based on that information, the legal team can take steps to preserve those responsive emails while allowing for the rest of the employee's data to be purged pursuant to the organization's regular policies. An interview might also reveal the existence of pertinent paper documents that may also be subject to destruction upon an employee departure. There are also situations where an employee departure precipitates the need to transfer a legal hold to the person's replacement or somebody else. In these scenarios, interviews with department heads can be especially beneficial for unearthing specific roles and responsibilities to help guide the appropriate transferring of legal holds from one person to another.
Track Tracking and thorough documentation should occur at each stage of the preservation process, from the initial detection of an actionable employee status change all the way through the final steps taken. It is especially important that the basis for each decision be recorded. It is not uncommon for accusations of data spoliation from a departed employee to arise several months after the alleged deletion of ESI took place. Rarely will members of the legal, IT or HR team be able to recount from memory what specific actions were taken, let alone why those decisions were made. Moreover, the people involved in those decisions and actions may themselves have left the organization or changed roles, further underscoring the importance of carefully recording all key actions and decisions.
Should an error in judgment or technical blunder occur that does result in the deletion of a departed employee's data, a judge or regulatory body will be far more merciful towards a party that can demonstrate that a process was implemented in a reasonable, good faith manner.
Automated audit trails provide a very efficient way for documenting processes. Chances are that the process described above will be supported by specific technologies, such as HR systems, legal hold applications, project management software or interview/survey tools. These systems should interoperate with each other and have the capability to automatically create an audit trail, or a record of activities, that can be revisited at any time. Audit trails can relieve organizations of the burden of documenting processes manually, which can be time consuming, error prone and easily neglected.
Conclusion Large organizations deal with employee departures and status changes on a near daily basis. Amidst the frenetic activity that surrounds employee movements, it can be easy for companies to overlook the very serious risk of critical information tied to legal or regulatory obligations being inadvertently deleted. By developing proactive, repeatable processes; investing in the necessary technologies; and tracking and documenting all steps taken to protect vulnerable data, organizations can mitigate these risks and ensure that critical information is adequately protected.
Ted Gary is Exterro’s Senior Product Manager responsible for managing Exterro® products from strategic planning to tactical activities. He has nearly twenty years’ experience marketing and managing enterprise software products.