Exploring: data loss prevention systems for legal holds and e-discovery.

• Author: Daley, M. James

[ILLUSTRATION OMITTED]

Data loss prevention (DLP) systems police electronic communications to prevent intellectual property and a variety of other sensitive information from falling into the wrong hands. They also pose a challenge to records and information management, legal, and IT professionals, who must work together to ensure that the information DLP systems capture is addressed properly to meet the organization's legal holds and discovery requirements.

Many organizations use data loss prevention (DLP) systems to monitor and guard against unauthorized use and transmission of proprietary and/or confidential electronic information, as well as against communications violating their code of conduct policy (e.g., insider trading or sexual harassment). However, they may not know that their DLP systems store information that may be relevant to actual or reasonably anticipated litigation, government investigations, or audits. And, this is a situation where what they don't know can hurt them.

DLP systems are designed to monitor and classify electronic information while it is:

* In motion (as users send e-mails or instant messages)

* In use (as users create or modify documents on their c:\drive)

* At rest (as users store documents on network file shares)

DLP systems generally work in a way that is invisible to users. They are primarily familiar to information technology and information security personnel and those responsible for addressing violations. Thus, others who need to know - such as inside counsel and records and information management professionals--may not even be aware such systems exist.

Because DLP systems may separately store copies of communications, including web browsing conduct, that may be relevant in certain regulatory and litigation contexts, this results in the risk that such systems will be overlooked as a potential source of electronically stored information (ESI) that should be considered for legal holds and e-discovery purposes. In fact, DLP systems may need to be included in an organization's targeted ESI data map for purposes of Federal Rules of Civil Procedure Rule 26 meet and confer disclosures.

Following are key questions an organization should ask to gain a more thorough understanding of whether its DLP system contains information that may be subject to legal holds and/or discovery obligations.

1. What, if any, DLP systems are being used?

2. What communications are being monitored and for what purpose?

3. What information is being saved within the DLP system?

4. How long is such information saved?

5. When implementing legal holds, is information being saved by the DLP system being taken into consideration?

Answering these questions will better position an organization to evaluate what steps it can take to ensure compliance with legal hold and discovery...