4 October 2023
Have you ever gotten stuck in a doorway because someone else approached it at precisely the same time? Both of you end up standing there, trying to be polite, saying, “No, no, you first! I insist!” Meanwhile, neither of you wants to take the first step, and you’re both starting to hold up traffic.
Awkward, right?
The same sort of bottleneck might be quietly happening in your ediscovery and compliance risk management efforts if you’re not proactively planning how to manage your organization’s data. Without even consciously realizing it, you might be exposing your organization to unnecessary risk by waiting for the software developers of your favorite new applications to implement features that will ensure you can easily get the data from them necessary for discovery or compliance purposes. Unfortunately, while getting data out of an application in a defensible and useful way to support discovery and investigations seems like it should be part of the product feature roadmap for any enterprise software, the reality is you could be in for a long wait. Most software developers aren’t concerned with ediscovery or corporate data management; rather their goals are to solve challenges specifically linked to the purpose of the software.
While there’s no easy rule to break yourself out of “doorway paralysis,” there is a straightforward way to avoid those data management backups that can cripple discovery and compliance programs. The key is to take a proactive stance with your organization’s data.
Here’s why proactivity matters, along with five questions you can ask of your data to start thinking about it proactively.
Why You Need to Be Proactive About Your Organization’s Data
On average, organizations use 110 different software-as-a-service (SaaS) apps to do their work. (That’s a low estimate; other research reports that organizations use 254 applications on average.) Whether those apps are communication and collaboration platforms like Slack or Microsoft Teams, project and ticket management tools like Asana or Confluence, customer relationship management systems like Zendesk or HubSpot, or something unique to your line of work, they’re all generating business data.
And someday, you might find that you need that data. Whether it’s merely to respond to an audit, or an ediscovery request from an opponent or to establish your own claim, element, or defense, the day-to-day data that businesses generate can make or break a case … if you can get to it.
That raises a series of questions. Do you even know where your organization’s data is? Do you know how to search through it and extract it when needed? Are you waiting for the app’s developer to provide add-on ediscovery features to make your life easier?
Start by asking these five questions.
Five Questions to Ask About Your Organization’s Data
1) Where is this data located?
There are several facets to this question. First, where is the data stored? Is it local, or is it cloud-based? Second, who owns it? Who has access to the data? Find out what will happen to your organization’s data if the company that built the app ceases to exist, if the app is discontinued after a merger or acquisition, or if you stop paying for a subscription. How difficult is it to search for data, delete outdated information per your routine data management practices, or place specific data under legal hold?
2) Who is using or generating this data?
Individual employees may use different apps based on their work, workflows, and personal preferences. Figure out who uses each app within your organization and who’s generating data where. You might find it easier to approach this question from the opposite direction by surveying your custodians first and asking them what apps they use.
3) What is this data about?
Sometimes it will be obvious what an app’s data concerns. If your organization uses Jira to manage customer tickets, you would expect the data within Jira to be primarily about customer issues and solutions. But sometimes apps cover so much ground that it’s impossible to know what’s in them without looking. Slack, for example, could include business information about every team and project your organization is involved in—or it might mostly be a social channel where employees discuss lunch and travel plans. Interrogate your data sources to see what types of information each app encompasses.
4) Is this data important or relevant?
Once you know what apps are used to generate and store what types of data, you’ll need to decide whether that information is either important or relevant. Determine which data sources include the most useful information and prioritize your ediscovery efforts, so you start with data that is most likely to be relevant and helpful. Relevance is, of course, a moving target, as it depends on what’s at issue in a matter. After all, if your organization is facing a hostile workplace claim, even “personal” discussions about lunch or travel could be relevant to establishing the existence of discrimination or harassment.
5) What format is this data in—and is it export-ready?
With the abundance of different SaaS apps, ediscovery data has taken on an enormous complexity. Don’t assume that each app generates data in a familiar format that will easily slot into your existing ediscovery protocols and tools. Instead, find out what format each app creates and stores data in. Next, ask yourself whether you can export and otherwise manage that data format or whether you need to identify a new ediscovery tool to manage it.
Sooner or later, you’re going to need to access the business data one of your employees has generated using a SaaS app. Don’t assume that app developers are concerned with how you manage your organization’s data, and don’t wait for someone else to make a move, as “later” may be too late. Instead, take a proactive approach by asking these five questions about every type of business data your organization generates.
Hanzo can help. Our technology provides flexibility when targeting an organization’s data for archiving. We make it easy to search through data to find the records you’re interested in. If it can be viewed with a browser, our capture technology will produce an interactive, fully functional replica of the content that you can navigate and interact with exactly like looking at the live application. The result is a comprehensive, defensible process that allows your organization to face ediscovery and regulatory inquiries with confidence—no matter what SaaS applications or tools you use. Contact us to learn more or schedule a demo.