Mimecast Case Review App
Email remains the vital hub of business communications and continues to grow with over 225 Bn business emails sent and received every day. Huge amounts of personal information are stored in email archives including names, physical addresses, financial information, employment contracts and even medical records due to regulatory or compliance mandates. The European Union (EU) General Data Protection Regulation (GDPR) is set to trigger a sea change in how businesses collect, store and process the personal information of EU residents, including personal information contained in email archives.
With data storage doubling every 12 to 18 months* businesses will need to understand what data they have and how it will affect their operations. Over time, archived emails in some businesses fail to get examined or deleted when expiration dates come up, due to complacency or not having the right tools or resources to deal with this. The result is bloated email archives filled with redundant, obsolete, or trivial (ROT) data that have little or no business value, yet which consume expensive storage resources.
Personal information is typically part of the ROT data, so proactively identifying and removing this information forms part of good information governance. However disparate needs for information retention from multiple business stakeholders means that the ownership of information lifecycle management – which includes administration of email archives – falls to the overworked IT department. Since IT staff often do not see the legal risks of email retention, a culture of “keep all emails, just in case” persists, contributing to bulging email archives.
The enactment of GDPR will require organizations to have full visibility of their entire data estate to support mandates such as subject access rights (SARs), provide breach notification and demonstrate that explicit consent was received to use personal data.
The Mimecast Case Review App delivers a set of tools to find relevant subsets of archived email data for e-discovery, compliance, or other investigative searches such as GDPR SARs. The Early Case Assessment (ECA) workflow allows e-discovery administrators and compliance professionals to quickly collect, identify, review, cull or preserve relevant emails (including attachments), enabling informed decisions to be made in advance of the processing and review stages of Electronic Discovery Reference Model (EDRM).
This shortens the first-pass review process for GDPR SARs and decreases the volume of email files to be exported, which helps IT, legal and compliance professionals to simplify the management of the GDPR queries. As a consequence, GDPR-associated risks are mitigated, GDPR SARs and ECA-related costs are reduced, and efficiency gains are realized.