As the saying goes, the wheels of justice turn slowly, but grind exceedingly fine. The institutions of the world, in their frantic effort to keep up with one another, are digitizing more and more of their data. Meanwhile, the law plods along behind at it’s usual deliberate pace.
In 2015, the United States took its first tepid steps into the pool of dealing with the advent of Electronically Stored Information (ESI). This came in the form of an amendment to the Federal Rules of Civil Procedure. From that moment forward, organizations operating in the US had new marching orders. The ESI that they generate and the metadata that often comes with it has to be protected.
Once the US federal government made their move, states got in on the act, followed by other nations. Now, nearly every country in the world has their own rules around data. The previously borderless nature of the internet is giving way to a web of regulations and hazards. As the technology evolves and data becomes more prevalent, the laws surrounding it will only become more complex.
These days the stakes are even higher. Sweeping new rules like the European Union’s General Data Protection Regulation (GDPR) create harsh penalties for mismanagement. Now, all that data that modern companies are more than happy to hoover up is also a liability. Starting with the Right to be Forgotten, the EU has taken a hard look at how companies manage the data of their users with an eye towards making sure the user maintains some control.
But that scrutiny isn’t limited to Europe. These days, everyone’s buzzing about data privacy. Headline grabbing events keep the public enthralled the world over. The Cambridge Analytica fiasco led to a multinational backlash. The Amazon Echo continues to generally freak people out. It seems that the biggest names in data are drawing all the wrong kinds of attention. As the idealistic shine of the tech industry fades, people are demanding action.
Thanks to Facebook’s face plant, governments are accelerating their responses. This year, California has a ballot initiative that allows customers to sue companies for breaches of privacy. If even the home of Silicon Valley is aiming the legal cannons, who knows what’s on the docket next? So what does this mean for the world of E-Discovery?
The Risks of ESI
There’s an old adage in the legal community – it’s not about if you get sued, it’s about when. In such a complex legal environment that is now building up, that’s doubly true. For that reason, it’s a good idea to consider what you’ll do when that time comes. Courts will expect you to be ready and you don’t want to be caught off guard.
Corporations are advised to be proactive about ESI. Courts are well aware of the speed of data availability and have adjusted their expectations accordingly. To meet their requirements, every company operating in an advanced legal environment should have a Chief Information Officer. This is the executive who’s tasked with laying out an information governance policy and enforcing it within the company. Many new laws are expecting this sort of proactive approach to be taken and will expect it, which also means penalizing those who are less than prepared.
The veracity of your ESI is another major issue to be tackled. Even if you manage to implement good policy, there’s still the question of making sure the data hasn’t been edited, falsified, or tampered with. Generally, the goal is to have some form of neutral third party verification of the data possible – something that your company doesn’t have the power to alter or change after the fact. But achieving this isn’t so simple.
If you store all your data on your own servers, you have a bit of an edge. With control of the hardware, there’s some data forensics that can be employed. But, this gets complicated when you start hiring other companies or entities to store your data. You may not know where any piece of information is at a given time. And without that visibility, it can be hard to verify what took place when. Sadly, keeping things in house isn’t always an option. Many countries now require locally collected data to be locally stored as well. That means they write the rules for how that data is managed…and not always with the best intentions. All these variables make proving that your ESI is what you say it is quite tricky.
Luckily, Factom’s tools are great for making sure that any data you have and every event that’s recorded has a blockchain trail. Our Harmony platform allows you to automatically track changes to any documents your business handles. When it’s time to share your data as part of discovery, you can prove the authenticity in a snap. And because we use hashes of the data, privacy issues are completely avoided. You can share those hashes publicly while sharing access to the actual information only to those you choose. Blockchain technology allows you to assure your data recipients that everything is by the numbers.
Better still, our system allows you to see what your counterparties are interested in. Harmony tracks all user activity (immutably, of course) through our Audit Trail system. By checking these logs, you’ll gain insight into what viewers are most interested in. This is intel that can help you to prepare for current and future cases. Wherever you are in terms of protecting your data, protect yourself by taking the next step towards data security.
If you’re ready to talk about protecting your ESI with Factom Harmony, email us at firstname.lastname@example.org or learn more at Factom.com.