Creating a Digital Evidence Policy

By John Wagley

One way to address the issue of data volume is to have a well-thought-out routine data destruction policy, says McIntyre. It’s also important to have good archiving so that it’s not hard to find where data is located, she says. These provisions should be part of an overall information security plan. Sometimes people intend to create such a plan, she says, but “don’t implement it.”

Organizations should conduct a survey to assess what data should be kept and for how long. To make such an assessment, McIntyre says people should consider looking to trade organizations in one’s industry for best practices; she also says that a company may want to get legal advice to ensure that policies comply with all state and federal laws that may apply.

Certain documents, including those related to areas such as the creation of the business or to insurance, she says, may need to be kept indefinitely in some cases. However, McIntyre says “very little else typically needs to be kept forever.” Much of how long certain information should be kept will likely relate to the statute of limitations on litigation in certain jurisdictions, she says. If litigation arises, organizations should be sure to let employees know to begin retaining certain kinds of data.

Some programs, such as Microsoft Outlook, can be set to automatically delete or store data after a certain time period, she notes. If a case arises after relevant data has been routinely deleted, it can be acceptable to rely on people’s memory during litigation, she says. The company should, however, always endeavor to remove from routine destruction any data that might be subject to discovery as part of any ongoing or anticipated lawsuit. Destroying data once litigation is underway can result in hefty fines.

Organizations may want to audit certain computers or databases to ensure that they do not contain information they aren’t supposed to. Some companies use technological tools, for example, to search employees’ computers to look for information that shouldn’t be stored there, McIntyre says. Employees should be reprimanded if they repeatedly fail to comply with an organization’s data destruction and storage policy, she says.



The Magazine — Past Issues


Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.