CIO Council Report: Addressing e-Discovery

Author: David L. Rotman

July 2008

Do you remember the name of the carrier for your home insurance?  What is the face value of your policy?  Most of us would have to pause for a while to come up with this information, but a person who has had a recent house fire would have the information immediately in mind.  This is not unlike e-discovery discussions:  somewhat interesting but not gaining focus until you are involved in an actual case.  Unfortunately, actual cases are increasing to the point where every IT manager needs to have a strategy for addressing e-discovery requests.  Ignorance carries a high cost!

What is e-discovery?
In order to help both parties to a court case have a fair opportunity to examine potential evidence, attorneys representing the parties will meet to develop a process for sharing potential evidence.  Traditionally, this discovery process has focused on paper documents (contracts, letters, handwritten notes, etc.).  E-discovery extends this process to cover sharing of electronically stored information (ESI).  ESI can include email messages, voicemail messages, instant-messaging, data files, software, etc.

Why does e-discovery exist?
The Federal Rules for Civil Procedures (FRCP) were modified in December 206 to include extensive application of e-discovery.  Theoretically, the FRCP applies only to Federal courts, but many state and local courts operate under the same procedures.

Who pays for e-discovery?
Costs for e-discovery in major cases can be millions of dollars, so the issue of who pays for the work is critical.  Judges are encouraged to consider multiple factors in determining what e-discovery to approve and how to apportion the costs of that discovery.  Law Pro Review (September 2005) lists some of the relevant factors:
•    Is the request tailored to the specific legal case?
•    Is the information sought available from other sources?
•    What is the cost of production versus the potential damages?
•    What is the cost or production versus the litigant’s resources?
•    How important are the legal issues in the case (i.e., any precedent-setting or constitutional issues)?
•    What are the relative benefits to the various parties?  (Costs can be born by either litigant or shared.  The cost sharing can be by mutual agreement or as per the judge’s order.)

How can I minimize my company’s exposure?
Minimizing risk related to e-discovery is based on (1) having an appropriate document retention policy, (2) enforcing the policy, and (3) formulating a response plan in advance of any actual litigation.  Record retention policies should be established for all forms of electronically stored information (ESI).  In general, business records are of large value for a period of time after their creation but start declining in value with age.  Some records actually become a financial liability if they are kept too long.  For example, an e-discovery request to search all email messages will be more costly if the company has a two-year retention policy rather than a one-year retention policy.  (Attorney Dino Tsibouris has published information on the retention issue at www.tsibouris.com.)

In addition to having a document retention plan (that is enforced), companies should develop an approach for complying with e-discovery requests.  Some issues to be decided include which IT employees respond to requests, in what fashion retention periods are modified, what records are kept of information that is delivered, and how proprietary information is protected.

When do I need to activate my response plan?
The Federal Rules for Civil Procedures place a responsibility on potential litigants to preserve evidence when there is reason to believe that litigation will ensue.  This “reason to believe” might be an informal contact with a potential litigant’s attorney or a statement from a potential litigant that he/she is considering suing.

Could my response put my company in jeopardy?
Yes!  There are constitutional protections regarding self-incrimination, but no protection against exposure due to negligence or ignorance.  Some common pitfalls include:
•    Failure to preserve documents (waiting for a formal litigation hold rather than triggering preservation earlier, not following your established document retention policies, deliberate destruction of records)
•    Sharing too much information (providing information that was not requested or not related to the particular case)
•    Sharing proprietary information (disclosing trade secrets, marketing plans, etc. that are incidental to the particular case)

Where can I go to get additional information?
One of the best sites for information on e-discovery is the Sedona Conference (www.thesedonaconference.org).   This conference has produced white papers for United States courts and Canadian courts with advice on how the courts should implement e-discovery.  Since revisions to the FRCP are fairly recent, there is very little case law for judges to use as precedents.  The Sedona documents provide guidance in the absence of case law.

How can I train company employees?
The following web sites provide information on training (online and in-person):
•    www.wecomply.com (We Comply training))
•    www.woli.com (Washington Online Learning Insitute)
•    www.complianceweek.com (Compliance Week)

Conclusion
Navigating e-discovery rules and processes is not easy.  As with other regulated activities, having a plan and making a good-faith effort to implement the plan will provide appropriate protection to the company and its managers.  Hopefully, your preparation will result in an insurance-like situation:   Your company has good protection against a catastrophic situation without consuming massive amounts of your time and financial resources.