Information Governance (IG) is never the sexiest topic for organizations. Records retention policies are even less so. These policies are generally considered when business is slow, in response to a cyber breach, or post-audit by a regulator. While many businesses and organizations are proactively updating and reviewing their holistic IG strategy, many others postpone what they consider to be a non-revenue generating aspect of carrying on their business, or in the case of a government agency a non-core aspect of their work.
In yesterday’s Globe and Mail article it is reported that the RCMP has ordered a review of its Records Retention Policies in response to a finding by the Civilian Complaints and Review Commission that the RCMP destroyed various records and transcripts relating to the death of Coulton Boushie. This review makes it clear why having a records retention policy is only one part of good information governance. While the RCMP had a policy in place, that was not enough in this case. In addition to the records retention policy, organizations also need to ensure that the policy is being properly implemented and that it integrates with a Legal Hold Policy which creates a trigger for when records should be preserved.
Best practice guidelines in Canada tell us that a Legal Hold should be triggered by parties who safeguard records as soon as litigation is reasonably anticipated or when an investigation has commenced. In those cases, the retention period that allows for the disposition of records in the ordinary course of business must be immediately suspended so that the potentially sought after evidence is preserved.
The Civilian Complaints and Review Commission announced in March, 2018 that it was investigating the death of Colten Boushie. A civil suit launched by Mr. Boushie was also filed before August 2018. Despite those announcement, the RCMP deleted police radio and telephone calls when the two year retention period arose, but after they should have been aware of the investigation and possibly the litigation. A Legal Hold Policy would have triggered the preservation of these records as soon as the RCMP became aware of the investigation.
When developing an IG Strategy there are a series of policies and procedures that should all be in place to ensure data is properly managed. All together these make a defensible IG Strategy.
For more information about developing an IG strategy, contact Susan Wortzman at firstname.lastname@example.org.
What keeps e-Discovery professionals up at night? One challenge is - Did we produce the “right” information in the right format?
Redacting privileged, commercially sensitive and personally identifiable information is one way that we protect client data. In a recent CBC article, the federal government mistakenly sent information to a lawyer in the form of redacted documents with text hidden behind the black boxes. Unfortunately this is an all too common occurrence, and there are various examples of information being inadvertently shared because redactions were not properly burned in.
It’s not surprising this kind of mistake can happen which is why organizations need processes in place to ensure redactions are properly burned into records. This is something we do whenever we are redacting records for litigation and regulatory matters.
At MT>3 we use state of the art redaction tools to conduct redactions, but technology has its limitations. At the end of the day you still need a human to check the records that are being produced and to ensure that the redactions are properly (and permanently!) burned into the records.
Susan Wortzman and Michael Lalande
Our clients hear from us all the time that we are using AI and machine learning to help us with our data analysis work. The powerful analytics, combined with lightning fast evaluations, make it an essential tool in our review toolkit.
Two recent articles highlight the challenges organizations can face when using AI. The first one, bias in medicine, highlights how using historical data to train an AI system can introduce unintentional racial bias into diagnosing medical conditions, while another article discusses how Department of National Defence failed to follow the government’s privacy impact regulations when employing third party AI technology, opening up the possibility that bias could be introduced into in their recruitment process.
Bias in AI/Machine learning is a real issue. In 2016, Microsoft technicians were developing a “conversational understanding” AI system that was designed to learn from chatting with people, and eventually be able to engage in conversations. In order to speed up training, the technicians decided to attach it to a Twitter account. People could tweet with the system, and the system would respond. Unfortunately, within 24 hours, the system developed a very well defined misogynistic and racist personality. It proved, once again, that garbage in=garbage out. There was nothing wrong with the underlying AI technology. The problem was with the data used to train the AI.
While AI / Machine Learning is powerful, organizations need to be aware of potential biases that can be introduced during the training/model development phase. These biases, if left unchecked, will dramatically affect the results. In document review, biases and errors are expected, and a robust, independent validation of results needs to be included in all review projects.
At MT>3 we continually conduct quality control, testing, and validation of the Machine Learning and AI tools in order to verify the results.
Susan Wortzman, Chuck Rothman, Michael Lalande