Posts Tagged ‘Data Backups’

Protecting the Business Against the Disaster of Litigation

Wednesday, April 22nd, 2009
Use Your Head and Protect Yourself Against Litigation

Use Your Head and Protect Yourself Against Litigation

In this blog, I have written extensively about the need for data backups to protect your small business against physical disasters. Now I want to address a disaster of a different kind: litigation. A careful strategy of preserving electronic records may not only be helpful in mounting a successful defense (and, in many industries, is often a legal requirement), it may actually discourage a plaintiff from pursuing your business.

I recently spoke on the topic of disaster preparedness at a conference for smaller law firms. The focus of my remarks was, predictably, data backups, which are absolutely critical to businesses that are as document-intensive as law firms. To my surprise, the discussion among the participants took a different turn when one attorney described the experience of a client who had been served with an onerous discovery demand. He stated that often plaintiffs make such expansive demands in the hope that the defendant will not be able to produce what is required and that they can win a judgment on default. This particular client was exceptionally prepared, as the IT and legal departments had been working together on the matter of records preservation in connection with their disaster preparedness efforts. They complied with the demand in a timely manner, thereby creating a dilemma for the plaintiff: to sift through all of the records would have been extremely time-consuming and expensive with no guarantee of a commensurate benefit. Moreover, having charged out of the gate with an aggressive discovery demand, the plaintiff could expect little sympathy from the judge to a request for an adjournment. The plaintiff subsequently dropped the lawsuit. The attorney added that he believes that this thinking is the reason why the federal government settled its case with Arthur Anderson so quickly: the Department of Justice would be unable to justify spending taxpayer funds on an analysis of the reams of documents it had demanded from Anderson, which documents Anderson dutifully produced.

So consider your data backup in the context of a strategy for litigation deterrence. This lesson was so important that I wanted to share it with you. By the way, the graphic accompanying this blog, is a photograph I took in a subway station in Brussels, Belgium.

Data Warehousing and the Lifecycle of Information Management

Monday, March 30th, 2009
How Much Is Too Much?

How Much Data Storage Is Too Much?

The lifecycle of information management refers to the determination of which information and data your small business must preserve and protect and over what period of time. It is not productive for any small business to secure and back up information that has become obsolete. (It also raises the risk of human error, as your employees may inadvertently work with files that have aged out of use!) This requires some discipline for properly disposing of out-of-date electronic files. As you develop a strategy for lifecycle information management, here are some of the issues you should consider:

Liability management. The more sensitive customer data you store, the greater your liability for a breach of data. The news media report that computer hackers may have accessed up to 100 million customer records of Heartland Payment Systems, a credit card processor. They are not the only payment processors to report possible data breaches; RBS Worldpay and CheckFree have also been exposed, as has, an employment site. These breaches are costly: $202 per compromised customer file, according to the Ponemon Institute, an organization that researches and consults on privacy and information security matters. What accounts for this cost? Customer attrition is one source of loss, as Ponemon found that health care businesses lost 6.5% of customers and financial businesses lost 5.5% of customers after data breaches. In addition, after a data breach, the affected company must undertake expensive security and legal procedures to deal with the intrusion and offer, at its expense, credit monitoring services to the customers whose data may have been compromised. In some states, there is a legal requirement to offer such a remedy; in all cases, it is a good business practice.

Marketing needs. Customer data may be a valuable asset for new product development, customer retention and customer acquisition. At the recent Information Security Best Practices Conference held at the Wharton School of Business of the University of Pennsylvania, marketing professors Eric Bradlow and Peter Fader discussed the conflicting needs of liability management versus marketing needs. As personally identifiable data are increasingly a liability for companies, Professors Bradlow and Faber recommend a “data minimization” strategy: keep the customer data your business needs for competitive advantage and purge all other data. Too many businesses, they believe, are data pack rats, storing information that serves no marketing purpose.

Legal and compliance requirements. Your business may be subject to certain legal or regulatory requirements for preserving data over a certain period of time. It is best to seek advice from legal counsel when developing your lifecycle information strategy.