Electronic Discovery: Are You Really Ready?

IT executives are overconfident about their ability to respond to litigation events due to recent infrastructure investments to address new e-discovery rules, according to a new research report by IDC (a sister company to CIO.com’s publisher).

MORE ON CIO.com

Legal Issues: 5 Tips for Electronic Discovery

Rules of Evidence – Digital Forensics Tools

How to Comply With E-Discovery Rules Before You’re Hit With a Lawsuit

Electronic Records Management: Are You Sure You Want to Save That?

In late 2007, FTI Consulting Inc. commissioned IDC to survey 118 IT executives to evaluate their knowledge of their firms’ current electronic discovery and regulatory audit activities, assess the current state of litigation response and readiness among U.S. businesses, and identify current and planned technology investment priorities in support of litigation response and readiness initiatives.

The study concluded that IT executives are confident about their current abilities to respond to a litigation event, given recent investments in records management, archiving and information retention intended to address some of the amended Federal Rules of Civil Procedure (FRCP) for electronic discovery.

However, the data from the survey highlights an urgent need for organizations to adopt standardized policies and IT practices for activities related to the identification, preservation and collection of potentially responsive data. The existence of ad hoc and manual business processes exposes a litigant firm to potential challenges to its litigation hold practices.

Is Your Corporate Information Infrastructure Ready for a Litigation Event?

The tight deadlines imposed by Rule 26(f), combined with the continued explosion of ESI (electronically stored information), require corporations to adopt a records management and information retention practice (also known as information management), an e-discovery response plan, and a legal-hold best practice. Corporations need to accomplish these activities so that they are able to meet their expected conduct and responsibilities—and, more important, have sufficient information to craft their e-discovery and legal strategies when needed.

Nearly 79 percent of the IT executives surveyed rated their ability to respond to a litigation event from above average (rating of 4 on a scale of 1 to 5) to very well prepared (rating of 5 on a scale of 1 to 5). This confidence is primarily based on existing records management and information retention infrastructure investments. Companies deployed records management, messaging, document management, archiving and information security solutions to demonstrate the consistent enforcement of their records management and information retention policies.

These investments serve as the first line of defense against “spoliation.” The visibility that a well-developed records management and information retention practice provides facilitates legal strategy. However, a separate IDC survey, “Active Archiving: Preservation, Retention and Reuse,” conducted in the summer of 2007, suggests that corporate records management and information retention practices are, for the most part, application-specific and relatively immature. Corporations are only starting to address their potential legal liabilities from the absence of a well-defined governance practice for other content types such as Microsoft SharePoint, voice and video. A large majority are also grappling with the disposition of legacy data.

Litigation Hold and Enforcement

A litigation hold is designed to preserve all documents and electronically stored information that may be relevant to litigation. Enforcing and managing a legal hold involves discrete processes and requires corporations to orchestrate activities across multiple stakeholders. Courts have imposed severe penalties against parties who have failed to meet these preservation obligations.

The FRCP requires that companies have demonstrable and consistent practices for responding to and enforcing a litigation hold across a myriad of applications and content repositories and across heterogeneous platforms and distributed IT environments.

In theory, adopting litigation response best practices and using tools to automate key activities around the legal-hold process would benefit the organization in several ways:

• It could provide manpower cost savings and process efficiencies.
• It would facilitate the management of multiple litigation events.
• It would enable the organization to demonstrate the consistency of its litigation response practices to the courts.

According to the data, companies have a long way to go to realize those benefits to their fullest extent.

E-discovery practitioners recommend that corporations adopt policies and procedures for enforcing the legal hold. IDC’s research concludes that corporations are enforcing the legal hold on an application and content-store basis. When the potentially responsive ESI is located in an archival or records management application and the application features the relevant workflows and business rules, they would enforce the hold in place. Some corporations are also making the decision to ingest ESI from legacy media (like backup tapes and drives) and uncontrolled data stores (like their network file shares, servers and desktops) back into their content archives as a way to meet their preservation obligations.

Automated in-place legal hold is predicated on the existence of documented policies and technical procedures for the suspension of routine deletion practices. IDC’s interviews with the legal and compliance practitioners conducted a month before the survey fieldwork suggest that corporations were only starting to formalize these practices. Yet the study shows an unusually high proportion of IT executives who claim that their existing content archiving and records management applications support automated legal-hold workflows.

While 86 percent of survey respondents claim to have formalized litigation communications policies in place, adoption of standardized processes and the ability to automate and document communications across records management, legal and compliance departments is lacking. Approximately 55 percent of the companies surveyed are still in the early stages of automating the litigation communication process, 29 percent are using voice communications and in-person notices and 13 percent are still using paper-based surveys. There should also be a way to provide continuous and auditable transparency of the hold duties and create linkages that validate custodian attestations with the actual state of the legal hold in the content repositories.

All Dogs Must Learn New Tricks

The absence of formalized processes, communications policies and means to enforce litigation holds underscores an urgent need to educate IT organizations and their legal and compliance counterparts about each other’s actions and activities during a litigation event.

• IT professionals need to better understand the language of their compliance and legal discovery counterparts and be more cognizant of the technology requirements for managing and processing data during a litigation event. For starters, it is important to recognize the distinct but complementary relationship between their information management practice and their legal hold procedures. A resulting lack of understanding between the two can contribute to IT’s overconfidence in its infrastructure’s abilities to support the legal-hold process.
• IT should be aware of issues that would interfere with the IT infrastructure’s ability to automate the consistent enforcement of information management and retention policies.
• Additionally, IT needs to do a better job understanding the potential dormant liabilities that may arise from its technology decisions in processing and handling data.
• IT executives need to work more closely with their compliance, records management and legal counterparts to ensure that the IT processes and infrastructure are able to support the end-to-end records management and information retention lifecycle.

An effective means to begin communication between IT and other functional areas is to create cross-functional core litigation response teams—groups assembled for identifying custodians and scoping out litigation holds.

For companies prioritizing automated legal-hold workflows as a critical requirement, coalescing policies and best practices for enforcing, managing and tracking legal holds by application and content is the place to start. Initial efforts should focus on the most popular target sources for electronic discovery in litigations, investigations and audits.

Vivian Tero will present the full findings and recommendations from this study during a live webcast on June 19 at 1 p.m. Eastern Daylight Time. For complimentary registration, please click here.

Vivian Tero is the program manager for IDC’s Compliance Infrastructure Service. Ms. Tero’s primary focus is research, analysis, and strategic advisory on information and system infrastructure technologies that facilitate legal discovery, data privacy and IT GRC (governance, risk management and compliance).