When it comes to enterprise migrations, the terminology and meanings can vary widely between companies, business units, and disciplines. With so many interpretations of the same language, it can be difficult to keep the proper taxonomies straight. On the other hand, ensuring consistent and coherent understanding across the organization is a key component to any successful migration project. In the realm of ediscovery and compliance, this often creates challenges for stakeholders from the two most important constituencies: legal and IT.
Take the word “migration” for instance. The term itself has various meanings to different stakeholders. To some it may mean migration of a business process, tool, or platform (i.e. moving around case or matter data) while to others it could mean enterprise-wide data migration to an on-premise infrastructure or to the Cloud. Additionally, the term “migration” can imply a complete transfer of data or process in its current state, or it can imply a transformation of data or process to a new, revised state. A little confusion can go a long way, and pretty soon everyone feels like the proverbial Druids from Spinal Tap, “No one knows who they were, or what they were doing.”
Here are a few of the common types of migrations we encounter in the ediscovery world:
- Platform Migration: The transfer of an existing business process or tool (such as case management) from one underlying technology platform to another.
- Data Migration: Migrating a case or matter (both structured and unstructured content) within the enterprise into a different repository.
- Defensible Data Migration: Migrating legally sensitive content, usually pertaining to a case or matter (both structured and unstructured content), within the enterprise into a different repository in a way that’s legally defensible to ensure the data being moved maintains the compliance metrics.
- Legacy Data Remediation: Defensibly remediating or dispositioning old or irrelevant data, either due to policy or in the interest of improved data hygiene.
- Legal Archive Migration: Migrating data which is part of an organization’s legal or compliance archive, and which may be subject to legal hold. By nature, this is required to be a defensible process.
Here are some other types of migrations, not necessarily specific to legal or compliance processes but which may come into play:
- Content Migration: Often associated with Enterprise Content Management (ECM) systems, this is a type of platform migration which can be either transformational or integral, depending on the particular nature of the project.
- Business Process Migration: Similar to a platform migration, this can be the transfer of an established business process or workflow from one tool or platform to another, but may also imply the transfer to a new department or team.
- Storage Migration: Transfer of data from one secure storage location to another.
- Database Migration: Transfer of databases or indices from one format to another.
Within the domain of ediscovery and compliance, these distinctions generally become most important when discussing the migration of sensitive data that either is subject to legal retention/legal hold or constitutes records and must be preserved according to regulatory requirements or the organization’s established retention schedule. In these cases, the term “migration” is strict in application, the data to be moved intact with all compliance attributes maintained including preservation of metadata, attributes, and hash values. All migrated data must have full chain of custody maintained throughout the process to show the entire sequence of steps. Any data which is remediated or dispositioned must be handled defensibly, in accordance with documented process.
At present, one of the most frequent scenarios in which this comes up is with the transformation to the Cloud, the move from an on-premise world (with organizational data residing behind physical walls) to a cloud-enabled world where organizational data governed virtually is profound, and the implications for migration of sensitive data are huge. If not done correctly, the risk of exposure can be vast in scope and consequence.
When contemplating the move to the Cloud, it’s important for legal and compliance teams to understand the overall migration plan and to work closely with IT to determine what is getting migrated and how. As with any other large initiative, being clear in our vernacular helps improve organizational alignment and helps reduce risk.