Like many law firms, we had various network shares where users could place data. They had been around for a very long time, with no real oversight. Problems began cropping up with available space and many of these locations were not expandable. As these locations filled, IT started asking who could make decisions about what could be deleted, and it landed with the Information Governance team.
As we began to look at some of these locations, we realized that this was no small project. We wrote a business case, got it approved, and the Vortex of Chaos project was born. We gathered a team that included information governance, ediscovery and IT, ensuring all stakeholders had a voice.
The first step was pointing people to an approved location and applying some governance to the space. We set up our Case Data drive, which was readily expandable. Users can now request a folder on this drive for data that is not appropriate to store in other approved repositories. Folders are named with the client/matter number and matter name, and access is limited to those with need, negating the need to further apply ethical walls.
With some publicity, this has been fairly successful, though we know that some users still persist in using other locations, and some balk at waiting for the folder setup process, though it really takes very little time. Future plans include implementing a review of data to ensure it is in line with retention guidelines.
Now that we had an approved location for this data, we wanted to start reviewing and these older locations that had gone ungoverned. Realizing that we had a mountain of data to deal with, we knew we were going to need some help. We began a review of software that will help us identify metadata for these files, including who may have last accessed a file and when.
We started meeting with vendors, managed to get some budget money and a project manager, and then were met with several setbacks and higher priority projects that put the Vortex on hold. We hope to revive it in the near future and feel we have a solid start and a direction once we are approved to move forward again. The plan will be to acquire the right software, and begin review of some of the smaller locations, with an eye towards either moving or deleting the data and then decommissioning the space.
We have no doubt that this will be a multi-year project and there will be some lessons to learn along the way, but we are confident that will be able to make progress by eating this elephant one bite at a time.#SecurityProfessionals#InformationGovernanceorCompliance#Firm
#Very Large (over 500)
#Large (251 - 500)
#Medium (151 - 250)
#Small (under 151)