The statistics may seem jolting. In a survey of more than 100 information technology managers in medium and large American corporations, only 6 percent said they “immediately and confidently” can field electronic discovery requests. Just 9 percent told pollsters they receive proper legal guidance and funding for electronic discovery procedures; 40 percent said they receive no guidance at all. Fewer than half feel they have IT professionals competent to testify in court regarding electronically stored information (ESI). More than half said their companies have no enterprise search tools. Three-fourths lack effective e-mail intelligence systems.
In sum, 70 percent of the companies participating in the Summer 2007 study simply aren’t ready to respond to litigation.
The report undoubtedly raised eyebrows—except among those of us who help corporate America deal with electronic discovery demands. Our only surprise is that so many IT managers acknowledged the problem. We’re often engaged by corporations whose administrators and staff don’t understand what litigation readiness is. They don’t see why they need to do more than they’re doing already. After all, aren’t they storing every bit of potentially meaningful data the company accumulates? Aren’t they maintaining a bevy of IT and legal professionals who can sort out the data if necessary?
To answer those assertions: “Yes and yes. But no, you’re not prepared for litigation.”
What does it mean to be litigation-ready? Amendments to the Federal Rules of Civil Procedure demand that corporations keep a grip on their stored information. Moreover, organizations must be able to produce specified portions of it on fairly short notice. To do that, they need effective tools and resources. Equally important, they must have close collaboration between legal and IT staff.
Step 1: Assess What You Have
When corporate clients ask us to help them strategize litigation technology preparedness, we start with assessment. What tools do they have? What do they lack? We begin by auditing their information technology environment.
Most organizations contact us at the point of litigation—something has triggered the event. It’s a funny thing: Corporate leaders care about preparedness, but they just aren’t willing to do anything until they’re pressured. A lot of folks who run IT and legal departments don’t know how to stay on their game. We see people who could have the budget and the resources to do it, but they’re overwhelmed by something else.
The most appropriate first step is to map out your company’s technology, break it into pieces and conduct a physical audit of the media you have. You’re going to have active and archive servers. You’re going to have disaster recovery and back-up systems. You’re also going to have loose media—USB drives, DVDs, external hard drives, decommissioned systems. When you start to put it together, you may notice some raised eyebrows in your IT department. “Ohhh . . . we forgot about those.” And “Ohhh . . . we thought we had those archives up-to-date in the other data center.”
Once you draw a picture of what’s there through your first audit, then you’re able to create logs and such.
Step 2: Map Out Your Data
Create a data topology map. The new rules that came out in December 2006 clearly state that an organization has not only the duty to preserve its electronically stored information (ESI); it has to have a process to begin handling it early in the litigation, as per Rule 26(f). A lot of people approach Rule 26(f) “naked.” They send a couple of corporate representatives into a deposition or courtroom with limited knowledge of the IT environment, and they play cat-and-mouse, either telephonic or physical.
It’s a game of 10 Million Questions. “Do you have servers?” “Yes.” “Where are they?” If you go in with a data topology map—the result of an ongoing or completed technology audit—you’ll have a much better understanding of how to answer these questions. You won’t be evasive. You’re going to have a well-informed, detailed “map” to guide you as you talk about your data.
Step 3: Strengthen Your “Hold” on the Data Giant
At this point, you’ve audited your environment. You’ve begun to build a data topology map so you know exactly where your information is. The next big concern for your organization is to carry out your duty to preserve. You have a duty to avoid loss or spoliation. An immediate need is to make sure you don’t delete or overwrite tapes or other storage media subject to hold.
A lot of processes are involved in preserving information. A fundamental—and often neglected—process is hold order management. When your typical litigation trigger happens, your inside counsel gets the notice. Counsel gathers the folks within the organization known as custodians who need to be involved. Who your custodians are depends on the nature of the suit. How broad is your duty to preserve? Who has the relevant information?
Counsel identifies custodians by department, title, country, state and city, among other distinctions, and sends out a hold order notice to those custodians: “Do not talk about the case. Do not discard information. Do not overwrite media that may contain relevant data.” Such instructions seem obvious, but put them in writing. Your custodians have to abide by the court rules. Too frequently, we find custodians on the list who delete information. It’s your responsibility to ensure this doesn’t happen.
Asynchronous to that, you need to establish a sound methodology, a defendable and repeatable process for hold order management. Unfortunately, most organizations don’t have a defined process that addresses how they notify the custodians, how often they notify the custodians, and so forth. The landmark Zubulake case resulted in strong opinions concerning hold order management, including the notification of custodians not to delete information.
The Great Incentive for Litigation Readiness: Cost Savings
So you have a lot to put together: a process that is repeatable and defendable, that demonstrates you followed your duty to preserve, that is not over or outside the customary IT management of your business. Daunting, but well worth the effort—literally. It can save you substantial litigation costs. They include the costs of attorney review, e-discovery processing, restoring and selectively processing information across the corporate environment.
A lot of corporate executives believe litigation readiness is no big deal. “We keep everything, and storage is cheap,” they say. That’s a false positive. True, you can add a terabyte to your storage system for several hundred dollars. But storage involves more than byte counts; it requires efficient processes and management, if your stored information is to be useful.
When a company is sued, the logical response is to preserve broadly. Cast the big net. Inside it, you have the universe—all the data which possibly could be relevant. Now it’s your task to reduce the information inside the net down to the smallest manageable set possible in order to defend your company.
The cost of electronic discovery can be as high as 20 percent of the total cost of litigation. Obviously, the Big Mac there is outside counsel. You want to get out of the realm of having to hire a hundred contract attorneys to review data for a month, only to find out they need to process more data. To remedy that, we advise a crawl-walk-run method. Identify various pieces one by one, credible ways by which you can narrow the process of outside counsel review.
Few corporations can attest, “We’re totally ready for litigation. Bring it on.” However, you do have the necessary components. Have you audited your IT environment? Have you created a dynamic topology map? Have you implemented a controlled hold order management preservation system that is repeatable and dependable? When you can answer yes to those questions, you’ve laid the groundwork for litigation readiness.