eDiscovery, IT and What to Do About It
The new federal rules are changes only lawyers who sue companies tend to like. Other lawyers, like the ones who work in your General Counsel's office are not that happy about them. And maybe those who work in the CIO's shop feel the same way.
On December 1, 2006, after several years of review by the legal industry, and agreement with the U.S. Supreme Court and the U.S. Congress, new Rules of Electronic Discovery became the model rules that federal courts follow. If history is any guide, state courts will also soon adopt most, if not all, of these provisions.
These rules take into consideration the major technical innovations effecting digital files and documents over the past few years. They change the game for storage and records retention, as well ongoing litigation support within your company. It's critical that you are aware of the impact of these new rules, and understand both the positive and negative consequences of them.
Most major corporations today hold more than 3TBs of user data and messages. Trends also indicate this mass of data will grow by double digits year upon year. As that happens, the likelihood is great your company might maintain a document your records retention policy said should have been destroyed. As well, the likelihood is great your company might misplace a document within the network that some regulatory body requires you to keep.
From an eDiscovery standpoint, the critical idea is during a lawsuit, a court will have little patience if a corporation can't find records it should or must have. If you can't find those documents, you may well break trust with the court. Or worse, your company could be liable for money penalties, or sanctions, by the court.
In the last few years, several financial services companies have actually been cited for discovery failures and courts have imposed multi-million dollar penalties. Then, of course, there's the underlying lawsuit that may be lost, and from that, more liability.
Rule 26 & 26(b)2
There are two key elements that will directly affect all companies. The first of these is captured in Rule 26 and its sub-chapter, 26(b)2. Rule 26 describes what is discoverable. For the purposes of this article, let's assume everything in your corporate files that is the subject of a lawsuit, and not privileged communication, is discoverable.
This is, of course, a very broad provision, and it subjects companies to potential liability, in the first part, by what a document might contain (a "smoking gun," for instance). And the second part is just as damaging. Since companies must turn over all relevant files, if you miss an important one, by oversight or by the difficulty of retrieving it, your company might have a problem.
Rule 26(b)2 comes to the rescue, at least for now. It deals with how hard you need to look for files. You do not need to produce electronically stored information that can be identified as too hard to access.This "reasonably accessible" test suggests that you have to search your files in earnest, but you dont have to "jump through hoops" to find data that's just too hard to get to. On motion, you must show the information is not reasonably accessible, even though you tried to retrieve it.
But stay tuned here, many practitioners believe there will be significant ongoing litigation surrounding rule 26(b)2, as companies wrestle with the cost and expense of eDiscovery.
The second key provision that will affect us is Rule 37(f). This is the "safe harbor" provision of the rules that states if you make a good faith effort to maintain your data in an active records retention policy, you will not be liable to produce the record if it's been deleted in the normal course of business.
This, of course, is a good thing for most companies. However, it does require you to be active in enforcing your policies. If you delete records consistently, programmatically, and you can demonstrate your program, you have the power to control the depth of an eDiscovery search according to where you think Rule 37 will end up.
If you don't actively implement your own programs, and in so doing, you aren't consistent, then courts will give your company limited access to this safe harbor.
So with the new rules comes a call to action. IT is the critical element within a mix of departments of any organization. There are several steps that should be taken, including:
In conclusion, 2007 will see significant activity in the courts, as these new rules play their part in discoveries and law suits. You need to get ready for the fallout. There are real sanctions in these rules, and as a result, the way data is created, managed, stored and searched will all be affected in the coming year and beyond.
Michael Sears is the principal advisor on eDiscovery at Mathon Systems. He is a member of the California Bar Association, and a frequent commentator on the nexus of the law, business and technology.