Technology: Refining your corporate data policies

Adapting to the many forms of ESI

The previous column discussed the many forms and locations of electronically stored information (ESI) within today’s typical enterprise, and the challenges posed by unmanaged, employee-created ESI. The explosive growth of such uncontrolled data poses potential risks to the corporation. The first step in tackling this problem is promulgating a comprehensive data policy.

Data retention (or perhaps more aptly, destruction) policies are commonly used within corporations to describe categories of data, including: paper records, tapes and other backup media and other ESI. The policies also specify retention periods for different types of data within these categories. For example, you could instruct employees to retain sales invoices in paper form for five years and electronic sales invoices for seven years.

The key questions to be answered for each form of employee-generated ESI are:

  1. How the confidentiality of corporate data will be ensured
  2. How the employee-owned or portable ESI will be registered and tracked for identification in litigation
  3. What types of data are allowed on portable ESI media
  4. How compliance with the policy is verified and audited
  5. What retention period is appropriate, and the disposition of the data upon expiration.

The data policy should likewise specify what systems are never to be used for company data, such as Short Message Service texts, instant messaging systems, file sharing services and personal email. The IT department can prevent access to certain of these systems through firewall rules blocking their associated network ports. Other systems use network ports with legitimate uses such that blocking them is impractical.

author image

Barry Shelton

Barry Shelton is a partner in Bracewell & Giuliani LLP's IP litigation group. His practice focuses on patent litigation, jury trials and administrative proceedings...

Bio and more articles

Join the Conversation

Advertisement. Closing in 15 seconds.