Months after new U.S. e-discovery rules took effect, some businesses remain unclear on how to comply. (For background, see "Ready to Produce IMs in Court?") Under the Federal Rules for Civil Procedure (FRCP), effective Dec. 1, 2006, firms need policies detailing how they will produce electronic documents, including e-mail, voice mail and instant messages, in case of a federal court lawsuit.

It may take "many more years" for companies to come fully into compliance, says John Bace, senior VP of research at Gartner. "Some of them are lured into a kind of false sense of security," he says. "They think, 'We have only had to do e-discovery one or two times in the last 10 years, so I don't know if we need to go through all of this rigamarole.'"

In a survey of 166 businesses conducted by file management vendor Xiotech in March and April, only 39 percent had a system in place for document "holds," demands to protect information from being deleted. Fewer than 25 percent had taken steps to comply with the new FRCP.

Forty-seven percent of U.S. companies with 20,000 or more employees, and 56 percent of those with between 1,000 and 4,999 employees, received document discovery orders in 2006, according to Enterprise Strategy Group.

More business lawsuits are filed in state courts than federal, which may explain the lack of urgency, says Gregg Davis, CIO for Webcor Builders, a construction company.

But state rules are similar to federal rules and some states are specifically adopting the FRCP, so businesses need to include compliance in their ongoing IT planning, Davis says. "It will take time for this to fully filter down, but IT managers and CIOs should have this in mind."