Archive for September, 2008
… or even what it is?
Back in the old days, TV networks would run public service spots before the nightly news saying: “It’s 10 pm, do you know where your children are?” The fact that the spots ran for twenty years in cities like New York points out that it is easy to lose track of stuff, even important stuff. Which brings me to ESI–Electronically Stored Information. Not that it is as important as your kids, but in the discovery phase of a big lawsuit, it might seem that way. And, like kids, ESI can be surprisingly easy to lose track of.
ESI is the catch-all term for the digitally stored files of litigants in a federal case. During the pre-trial discovery phase of a lawsuit, all ESI is subject to discovery, meaning it all has to be checked for relevant information that the other side has requested to help it prove its case. Only the relevant files need to be actually given to the opposing party, but all ESI has to be checked to make sure all the relevant files have been located and handed over. It sounds simple enough, but it is hard if you are not prepared in advance and a lot can go wrong.
When the e-discovery rules changed in late 2006, there was a lot of commotion about it, and a lot was written about the need for companies to have their ESI organized and well maintained in order to be able to respond to the tight discovery timelines set by the new rules. I don’t think that message has really sunk in though. And now that the rules are no longer “new,” and the commotion has died down, it is easy for companies to lose track of whether they have really prepared to meet the current e-discovery challenges. Yes, the e-discovery market is growing nicely, but more spending is not assurance that the companies really understand all the risks or even the problems they are trying to solve.
As the resident lawyer at FaceTime, I am occasionally asked to talk about e-discovery issues with customers, or on a panel. Sometimes I can tell that a person I’m speaking with just doesn’t want to have to deal with instant messaging in e-discovery, even when IM is used for business purposes in their company. To them, the most obvious way not to deal with it is to make it go away, or more precisely, to take the position that IM logs are not business records and therefore will not be saved.
No saved IM records, no IM ESI, problem solved.
There are undoubtedly circumstances where this is a sound policy, but what I’ve seen is that such a position is most often taken without enough attention to the reality of how easily IM logs are stored in hard-to-find places, and how difficult it is to effectively enforce a “no IM records” policy when employees use IM for business purposes and may need to refer to those logs the way they refer back to e-mail. The company falls into the trap of mistaking its ESI policy, what the company wants its ESI to be, with the reality of what its ESI actually is – i.e., what is actually saved, either inadvertently or surreptitiously against policy.
The resulting danger is that the ESI is there, but the company doesn’t know it exists until too late. My recommendation is usually that if IM is used for business, then it will generate business records that should be maintained and be treated on par with e-mail records for e-discovery purposes.
If the IM-savvy, and sometimes IM-dependent, companies that FaceTime deals with are still coming to terms with IM logs in regard to e-discovery, then I have to believe that companies in general have not moved much beyond e-mail archiving, if they have a proactive e-discovery solution at all. To me, that’s like being happy that one of your kids is watching TV with you at 10 pm. and forgetting about the one you haven’t seen since yesterday.
At the beginning of the season, Tom Brady was a top fantasy football league (FFL) draft pick. The guy can move his team downfield and put up points for an FFL team. But this all came to an “oh-my-god-you’ve-got-to-be-kidding” stop on Sunday when he went down with a year-ending knee injury in the first regular season game.
Now what? For millions of FFL managers the season is in jeopardy - not to mention serious bragging rights. Next step? Join the conversation and start thinking about a replacement for your QB position – even if it means doing it during “work hours.”
And, this is precisely why you should care – not you the football fan, but you the IT fan. Your employees are in the conversation. Some are less concerned about their jobs and much more interested in solving their QB problem, and they’re using Web 2.0 tools to do it.
As I said a few months back in a post about March Madness, scenarios like this occur in organizations every day. And when employers block or put limits on what their employees can do, does it really solve the problem? For example, being overly aggressive with Web filtering controls can drive employees to install anonymizers designed to circumvent URL filtering.
An estimated 19 million people in North America play fantasy football according to the Fantasy Sports Trade Association. In the past 48 hours, more than 2500 Twitter messages (or “tweets”) were sent out regarding Tom Brady and his injury. In the same 48 hour period, nearly 800 individual blog posts were made referencing Tom Brady. Facebook has 225 fantasy sports applications available to its subscribers and over 500 groups alone for fantasy sports. There are countless others available on sports sites, Yahoo and other Web properties.
A recent study referenced by NBCSports suggested that fantasy football could result in as much as $500 million dollars of lost productivity per week. I think we’d all agree that employees are capable of wasting time in several ways. Talking on the phone to friends and smoke breaks are two that come to mind, so I’m not suggesting that if you lock down fantasy sports you’ve solved your productivity issues.
In my opinion, online fantasy sports don’t cost American businesses a dime. In today’s work environment, some amount of personal, online activity is acceptable. However, IT professionals need to maintain visibility so they can make decisions about what should be controlled and to what level it should be controlled.
Is it time for HR to call an audible? After all, it’s not just a network or security issue any more. It’s a business issue and an employee morale issue – and I wonder if HR may have to help re-write the playbook?