E-discovery: Take action with information
Managing stored data means being able to find what you need when you need it.
IN APRIL, I introduced the concept of Intelligent Information Management (see "Turn data into intelligent information," Storage, April 2006), along with two of its components, information classification (organizing information into categories) and information management (taking actions against data). Beyond the basic management tasks--copying, deleting and migrating data--there are several other discrete actions an organization may need to take with its information assets. Two of these actions, information quarantine and review, are usually forced upon an organization and its IT department as part of the electronic discovery (e-discovery) process.
|E-discovery touches all market sectors|
I'm not an attorney (and I don't aspire to be one), but I'm fascinated with the methodical transition the legal industry is undergoing as pertinent evidence is frequently extracted from digital sources, including storage media. Recently, Enterprise Strategy Group (ESG) asked approximately 500 IT professionals and records managers about the impact of e-discovery. Forty-two percent of respondents' organizations had experienced an electronic evidence discovery event.
E-mail, productivity files, databases and many other forms of digital content are now treasure chests of discoverable information that may be subpoenaed at any time. High-profile cases like Enron, ImClone (Martha Stewart) and Zubulake v. UBS Warburg were centered on e-mail communications. However, other electronic information, such as data from financial reporting applications, medical records, student transcripts and even multimedia files may also be requested by opposing counsel or courts. And while it might have received the most attention recently, the financial services industry isn't the only sector subject to electronic evidence inquiries. The graph "E-discovery touches all market sectors" is taken from recent ESG research, and it clearly demonstrates how financial services companies are far from alone when it comes to being subjected to e-discovery events.
Similar to the way companies maintain compliance with information privacy and records-retention regulations, organizations should combine people, processes and technology to define repeatable steps to prepare for and respond to e-discovery requests.
But before sinking a lot of cash into a ton of technology products, companies need to bridge the gap between the legal and IT departments. If you're in a litigious industry or may be involved in several ongoing legal matters, these two groups will be spending more and more time together. Whether it's hiring an attorney with knowledge of IT systems or educating IT resources on the intricacies of chain-of-custody and legal hold requirements, an organization must cross-pollinate these groups with knowledge of e-discovery mandates.
After ensuring that the right people in the organization are working together, it's time to define processes and policies to expedite the discovery of information. These procedures must begin with information-retention programs (what data to save, where to keep it and how long to hold onto it) and conclude with the review and preparation of files as evidence for opposing counsel or trial.
With the right people and processes in place, a company can then procure the appropriate technology to support e-discovery events. There's no shortage of available software to address the retention of files and other data for specified time periods. E-mail, database and file-system classification and archiving software products can facilitate the preservation and quarantining of potential evidence. Sophisticated search software, including natural language processing and content analytics solutions, enable attorneys to locate relevant data faster. Lastly, litigation support software helps attorneys redact privileged information and further prepare data to be presented to the court.
It's important that the discovery processes developed are repeatable because it's likely that the frequency of inquiries and subpoenas will increase. Consider the following facts derived from ESG research:
- 7% of respondents receive multiple electronic evidence requests per week
- 12% of respondents receive multiple electronic evidence requests per month
- 35% of respondents receive multiple electronic evidence requests per year
As organizations create and store substantial amounts of data, litigators and regulators will look for evidence in e-mail, business apps, PCs and storage systems. Technology solutions can expedite the location and review of evidence, allowing attorneys to spend more time preparing legal strategies around the most relevant evidence. Without the correct combination of people, processes and technology, an organization increases its risk and potential legal liability; failing to produce evidence, producing the wrong evidence or not understanding the entire landscape of a case can result in substantial fines or unwelcome settlements.
You may wonder why I didn't mention any vendors by name when I discussed the potential technology that can assist in an e-discovery event. Ticking off the names of a few vendors might be helpful, but a little advice on selecting hardware and software products to support your litigation processes would probably be far more useful. When evaluating vendors, I suggest asking how internal counsel at these technology providers handle their legal matters.
Over the past few months, I've met with a few vendors that have grappled with the "people" part of the e-discovery process. EMC's associate general counsel is working with internal IT resources to facilitate e-discovery processes and, as a result, is also the lead for the company's e-discovery products. Attenex, a maker of content analytic software for e-discovery, was spun off from a large Seattle-based law firm. Computer Associates, via acquisition, boasts some legal supervision capabilities with product management headed up by an attorney. Zantaz picked up significant legal talent when it acquired Steelpoint Technologies.
These vendors are trying to avoid the "cobbler's children have no shoes" syndrome, but by no means do they represent a comprehensive list of e-discovery vendors in the marketplace today. But having met with the legal experts in these companies, I'm comfortable they understand that people and processes are just as important to the e-discovery process as any hardware or software they may sell.
"If you store it, they--regulators and litigators--will come" might not be a terribly original or creative tagline, but it underscores the importance of taking e-discovery seriously. Companies must prepare to mitigate the risk and cost associated with electronic discoveries. The alternative just might be seeing your company sharing headlines with the likes of Enron, ImClone and MCI.