I met with Jerry Shafran, CEO of Compliance Assurance Corporation (CAC, Pittsburgh), this morning, to learn about the company's launch of an IdeaExchange "app store" within its Comply On Demand Enterprise (CODE) regulatory risk management software. CAC encourages its client insurers to configure their software in ways that best suits their regulatory compliance needs, then make that configuration available to other clients using the software. For example, Baltimore Life developed a capability to use the software for market conduct surveys -- if they so elect, they can make the configuration available to other companies within the platform in a way that's searchable by plain-English terms, like the iTunes store (in this case, an interested client could search "market conduct.")
When I asked Shafran about some of the other applications available through the "store," he offhandedly mentioned "e-discovery litigation hold." I hadn't heard the term, and asked him to explain it.
"Basically, e-discovery litigation hold says that if a company becomes aware that a legal action may be taken against it, any and all records -- digital and paper -- must be maintained," he says. "It's a federal concept that's been around for a few years, but it's not very old."
I replied that this sounds like a big data story -- all the customer interactions that insurers are storing and mining for sales and marketing purposes can become evidence if there's a lawsuit -- and it can't be easy to keep tabs on everything. At the same time, there's a finite amount of data center space available, so certainly some insurers must have policies about how long they will hold on to e-mails. What happens then?
"If you have destroyed that info because you have a policy at said it might have been destroyed, that's OK, but what's your policy, did you save it, can you prove it -- that's a gigantic challenge for insurers," Shafran explained.
He added that the company's software helps maintain a log of what the policy is and if certain electronic documents were destroyed as a part of that.
"That's a problem for companies with lots of people and lots of offices, like insurance companies -- how am I supposed to demonstrate what happened two years ago?" he says. "Our software helps an organization stick to a policy."
I wonder how many insurers are struggling with what that policy should be. In the "big data" age, there's pressure to store and analyze every interaction, through every digital channel. There's nothing wrong with that strategy. But are insurers prepared to go dig through that pile and find personally identifiable communications in case the courts demand it?
CAC's software can help automate that process, but the fact remains that there are unintended circumstances to the big data phenomenon. Of course saving and running analytics on interactions going back years is tempting for insurers. But balancing that with the potential need to identify certain communications at a moment's notice creates a need for a certain kind of technology and robust, strict policy.