Originating Author: David Floyer
The legal system has become very concerned about ensuring that electronically archived information has not been covertly altered. An IT manager’s word is not enough. The court has to be convinced that there is no possibility that somebody could have changed the data being presented. Indeed, opposing counsel have learned to attack the very processes by which organizations store and secure information, essentially flipping the burden of proof onto the defendant. Establishing a process that will hold up to opposing counsel and the court is not a trivial task and not one that IT should exclusively own.
For organizations challenged to establish that archived information can hold up in court, it makes sense to look at outsourcing archiving to a remote service. However users should understand that the burden of auditing and documenting procedures by which data are stored, protected, and secured in a tamper-proof manner rests squarely with the customer, not the service provider. Service providers will limit their liability in this regard contractually. Users must therefore guarantee they have adequate access to audit service supplier operations and processes so that they may ensure compliance with the edicts of the corporation and courts.
Action Item: All the investments in archiving can be for naught if the data is not accepted by the courts. Key to acceptance is not fancy technology, but very good and robust processes and procedures. Using a high quality remote backup, recovery and archiving service and then auditing the processes and procedures of this service can be a quicker and more cost effective way of ensuring that all archived data is admissible in court.
Footnotes: