Tracking Recent Trends in E-Discovery
The ubiquity of email on the desk is being extended even further by the vast increase in the use of mobile devices, thus expanding exponentially the management challenges of the corporate email system. These challenges can arise in many contexts. For example, employees’ personal use of the system can result in liability for the organization if it fails to take appropriate steps to manage employees or system content. On the other hand, an effective compliance program which is enforced can prevent this. In one instance, an organization which acted within three weeks of a complaint of an offensive email by quickly investigating the complaint, disciplining the offenders and notifying its employees about the incident, the disciplinary penalties given and the company policy against offensive conduct, was held blameless by the court in a subsequent harassment suit by the recipient of the email.
An ill-considered email policy could also have damaging effects. A blanket 60-day email deletion policy could result in the loss of vital corporate information if employees are not instructed to save emails which memorialize business transactions. The consequences can be more severe in a lawsuit, as organizations have the obligation to preserve relevant information to pending or threatened lawsuits, audits or investigations. The penalties can vary from monetary sanctions, to an instruction to the jury that they are to consider the missing emails to be damaging to the organization’s case, and, in extreme situations, to a judgment against the organization.
The failure to have any policy at all can result in the organization drowning in a sea of information—about 210 billion email messages are sent each day. Aside from the obvious impacts on performance, the organization’s inability to sort out the wheat from the chaff can hinder its ability to find information responsive to requests from regulators, or from opposing parties in a lawsuit—not to mention finding data helpful to running the business.
Data security breaches are another consequence of an inadequate policy foundation. For example, employees forwarding sensitive company information to personal email accounts accessible via the Web in order to work on them at home could inadvertently expose those documents to unnecessary risk due to inadequate security controls of the third-party email hosts.
What would be the cost of not having an adequate base of both technology and policy to respond to the requests of the courts, regulators, auditors and other parties for electronic records and other information? Resulting sanctions and penalties have the potential to severely blunt the monetary advantages resulting from the implementation of technology. Organizations must take a comprehensive approach by being cognizant of business, legal and regulatory requirements in order to maximize the benefits of technology.
The Current State of Affairs
Metalogix commissioned a study last year looking at the trends in e-compliance and discovery for 2010. We found 60% of our survey respondents have not yet updated their global email usage and retention policies based on the new regulations and economic realities of 2009. Moreover, more than two in five companies that responded to this survey have no written policy for compliance and retaining their electronic communications at all, and again, two in five organizations also believe their current email practices are not in compliance with all the current regulations that apply to their organization. When combined, these facts are a little disturbing since so many of us rely on email as a major platform to deliver responses and disseminate information to recipients inside and outside of our organizations. Said differently, that’s a lot of potential risk, particularly when you consider nearly half of our responders have had at least one legal discovery request in the last five years, and for larger organizations that figure jumps to more than 60%. Even discounting the potential for discovery, we still found 57% of our responders had at least one to five requests to restore an email that had been lost/deleted every month. If you take into account a relatively small percentage of responders (between 15%-30%) would be able to find email pertaining to a particular topic in an hour or less, you have the potential for a very time-consuming and labor-intensive process. With half or more of our respondents planning to spend $10,000 or more on Exchange storage and expansion, it certainly seems wise to invest some of this budget to help reduce the growing burden on the Exchange Server from increasing file loads and help users automate their process of cataloging these files to streamline the search process and provide a mechanism to help prepare for regulatory compliance and e-discovery.
You can find the 2010 report and participate in a quick survey by following the links on our main page at www.metalogix.net/ediscovery. All participants will get a copy of the results when they are published early in 2011.
Metalogix is a leading provider of content lifecycle management solutions for Microsoft SharePoint, Exchange and legacy enterprise content environments. We enable organizations to scale and cost-effectively manage, migrate, optimize, archive and protect enterprise content whether on-premise or in the cloud. The company is a Microsoft Gold Certified Partner, privately held, and backed by Insight Venture Partners and Bessemer Venture Partners.