Are you ready for new compliance rules?

Ezine

This article can also be found in the Premium Editorial Download "Storage magazine: Using file virtualization to improve network-attached storage."

Download it now to read this article plus other related content.

New rules for legal discovery

    Requires Free Membership to View

    Login

Recent changes to the Federal Rules of Civil Procedure (FRCP), which became effective in December 2006, establish new standards that extend requirements in some areas while potentially reducing risks and costs in other respects. The new provisions clarify the rules for discovery and disclosure of electronic records in pre-trial court procedures.

The following highlights can serve as a starting point for discussions with your company's in-house counsel or legal advisors regarding the implications of these rules.
  • One change to FRCP Rule 26(a) requires each party to disclose, very early in the court proceedings, a description (by category and location) of all electronically stored information that may be relevant to the case. The parties to the case are also required to meet and discuss any issues related to disclosure or discovery of electronically stored information, including the forms in which it should be produced.


  • Rule 34(b) now states that the requesting party "may specify the form or forms in which electronically stored information is to be produced." In some cases, this could lead to a request for specific formats or associated meta data. In the absence of a specific format requirement, the information may be produced in the form in which it's ordinarily maintained in the usual course of business, or in a form that is "reasonably usable." If the data is ordinarily kept in a searchable format, it should be produced in a form that retains that capability.


  • The new rules provide some protection from extremely burdensome and costly discovery requests. Under Rule 26(b), a party doesn't need to produce requested information from sources that are "not reasonably accessible." The interpretation of this phrase may vary, but commonly discussed examples include information that resides only on backup tapes, and legacy data stored on obsolete and unused media. In addition, Rule 37(f) provides some protection from legal penalties for failing to provide information lost as a result of the "routine, good-faith operation of an electronic information system."
The new rules include a number of exceptions and considerations that aren't covered here. Legal interpretations will vary, and applicable case law will continue to evolve. Technology improvements may also lead to changes in the ways these rules are applied. Today's inaccessible data could become tomorrow's easily accessed repository.

Overall, it's clear that these new rules raise the bar for information and storage management. To meet these obligations, and to avoid inadvertent omissions or inappropriate disclosures, companies need to know what they have, where it's kept and how readily it can be retrieved.

Industry-specific regulations: Aside from broadly applicable laws that regulate records kept by functions such as finance and human relations, companies must comply with industry-specific regulations and standards. Record-keeping rules for highly regulated industries, such as banks and pharmaceutical firms, are well-defined and relatively slow to change. However, regulators and industry organizations are still adapting traditional paper-based rules to cover the risks of emerging technologies in electronic communications and storage.

Privacy laws: Emerging privacy laws may require you to increase data protection and information security. Privacy laws include HIPAA privacy and security rules in the U.S., along with various state and federal laws protecting the privacy of consumer information. Privacy laws in Europe are generally stronger than those in the U.S., and you should anticipate U.S. laws to evolve in the same direction. For example, you may ultimately need to locate all the information you've collected on any individual and report all disclosures of that information.

International requirements: If your company has operations and data storage in many countries, your centralized business applications and storage infrastructure may need to support different retention periods for the same record types. For example, financial records that must be retained for seven years in the U.S. may need a 10-year retention in Germany and a 15-year retention in China.

Litigation discovery: For many companies, the risks and costs of litigation discovery are more significant than regulatory compliance requirements, and may prove to be a greater motivation for improving the management of electronic records. Recent changes to the Federal Rules of Civil Procedure (FRCP) set new standards for protecting and producing certain types of company records. Going forward, you need to know--or be able to quickly discover--what information you have, where it's kept and how readily it can be retrieved (see "New rules for legal discovery," this page).

This was first published in March 2007

Join the conversationComment

Share
Comments

    Results

    Contribute to the conversation

    All fields are required. Comments will appear at the bottom of the article.
    Back to top