Monday, March 12, 2007

How does eDiscovery impact your company?

We've been hearing a lot about the new eDiscovery rules lately. And as with any new legal standards, a lot of what we hear is conjecture, rumor or exaggeration. So I wanted to take a few minutes to help you understand what this new rule set is and how it impacts your company. Before that though, I want to recognize a friend who helped me understand eDiscovery and is available to help you, too. Her name is Susan Ippoliti and she is the President of Solutions in Litigation, LLC. I encourage you to visit her website for more information on her services.

What is eDiscovery?
To begin with, eDiscovery is NOT a law. It is in no way a piece of legislation that has been approved at any level of government. Rather, what is commonly known as eDiscovery is actually a set of changes to the Federal Rules of Civil Procedure. The FRCP is essentially the chapter and verse of how a legal proceeding is conducted. You might consider the FRCP to be a "judges bible". These particular updates specifically address the treatment of electronic data and documents in the period leading up to a lawsuit.

Simplified, the eDiscovery rules require all organizations (including governmental bodies) to immediately place a "litigation hold" on all document retention/destruction policies once the company has established a "reasonable anticipation of litigation". More simplified, eDiscovery tells you to stop destroying electronic records of any kind if you even THINK you might get sued. This point should be clearly understood: if you have a reasonable belief that your organization may become involved in a lawsuit, you are obligated to prevent the destruction of any electronic data from that moment forward.

For example, if you have a significant contract dispute with a vendor and it reaches a point where you feel it is possible that the vendor may file suit for payment, you must immediately cease the deletion of any electronic documents, data and email within your company. (Note that it is NOT ONLY once a suite has been filed - but AS SOON AS a reasonable person might anticipate a lawsuit) Further, all such electronic information must be made easily available to opposing attorneys for the purposes of discovery.

What happens if I don't comply with eDiscovery requirements?
The new rule set does not establish penalties for non-compliance with eDiscovery requirements. While this may initially sound like good news, it's not. The rules leave it up to the presiding judge to impose penalties for non-compliance. Here are four examples of actual penalties imposed so far:
  • Court ordered Nartron Corporation to pay $2.5 million and awarded General Motors Corporation attorney fees, costs and expert witness fees for failure to produce a database in response to General Motors’ discovery request.
  • Philip Morris deleted emails from the company system on a monthly basis for nearly 2½ years in violation of a Court Order and an internal document retention policy. The Court imposed a monetary sanction of nearly $3 million and fined individual corporate officers and managers $250,000 for violating the corporate policy.
  • UBS Warburg failed to retain and preserve emails relevant to the litigation. After an adverse inference, a jury awarded Laura Zubulake $29 million.
  • Morgan Stanley destroyed emails despite 1997 federal regulation and repeated court orders. The jury awarded the adversary $1.45 BILLION in damages.

The courts are clearly very serious about these requirements. And as evidenced above, the veil of liability does not restrict judges from imposing penalties on individuals. Therefore, it behooves every company and executive, no matter how large or small your enterprise, to be prepared.

What do you need to do?
To adequately protect yourselves and your organization, I would recommend the following steps at the very least:

  1. Document your document retention/destruction policy and see that it is followed.
  2. Document your procedure for halting your document retention/destruction policy should you identify a reasonable anticipation of litigation.
  3. Educate your employees and test the policies and procedures created in #1 and #2.
  4. Implement an email archiving process (see below).

In addition, I would strongly recommend consulting your attorney. While I believe this is useful info, it by no means should take the place of professional legal advice.

Why email archiving?
The challenge with email is that it can be deleted far too easily - even by accident. While it takes some conscious effort to delete data in a database or a contract off of a network drive, it is entirely possible that an employee may accidentally double-click the delete button - thereby deleting two emails instead of one. If that second email was of a material nature, you could be in hot water.

Email archiving, when done properly, captures every email as it is sent or received from each user in your organization. The archive is read-only and cannot be edited. Therefore, should you need to comply with a discovery request, you have one place to go for all email that your organization has sent or received - and you can easily demonstrate that email has neither been edited nor deleted.

Email archives can be expensive and can require continuous investment to maintain and expand as your email stores get larger. However, you can outsource this function - further protecting you because a third-party now has responsibility for your email archive. In fact, many of our clients are choosing to outsource their entire email function, saving them the cost of hardware, software, maintenance, updates and offering improved performance and reliability. Here is more information about email outsourcing and email archiving options.

I hope this has been helpful. If you have questions, please post them and I'll address them shortly.


No comments: