E-Discovery: Are You Ready?
Compliance for e-discovery goes beyond technology. It encompasses legal, constitutional, political, security and personal privacy issues. The amendments to the Federal Rules of Civil Procedure (FRCP) have fostered the need for higher accountability in all sectors of business. Understandably, many organizations remain uncertain about accountability and lack management strategies to effectively handle discovery and litigation readiness.
Before Litigation—The Role of Management
What preparatory steps are necessary for your organization to deal with the discovery process? First, management should consider creating an e-discovery team comprised of legal, records information management (RIM), information technology (IT) and security personnel. It’s especially important to include RIM professionals who can identify potentially costly, time-consuming errors that could impact any pending discovery activities. To be effective, these e-discovery teams must be armed with the proper skills to maintain the chain of custody that is critical during the discovery process.
As part of the e-discovery team, management must employ qualified and competent RIM professionals who are knowledgeable about federal, state and industry regulations regarding electronic information management. This may include (but is not limited to) knowledge of the different stages of managing electronic discovery such as strategizing, collecting, processing, reviewing and retaining data. When unqualified individuals are accountable for e-discovery functions, the organization is at risk for non-compliance.
Second, management must clearly define the roles and responsibilities of the e-discovery team and develop documented processes to handle the discovery process. It is then management’s role to discuss how these processes can lead to the implementation of a sound e-discovery strategy that is aligned with the organization’s compliance objectives.
Finally, to ensure e-discovery preparedness, RIM and IT professionals must maintain ongoing education, training and competency in acknowledged electronic systems applications and standards, such as HIPAA, Sarbanes-Oxley, FRCP, US DoD 5015.2-STD, ISO 15489.1-2002, and ISO 15489.2-2002. To ensure regulatory compliance, management should establish a records retention committee that meetsregularly and develop a records retention policy that takes into account any changes to statutory or regulatory obligations.
During Litigation—The Role of the E-Discovery Team
If litigation occurs, the e-discovery team will be ready to handle the activities needed to preserve electronically stored information (ESI) and physical documents. It will be their responsibility to determine the means for obtaining and screening of ESI. As part of the e-discovery team, the RIM professional will be responsible for preventing the accidental destruction of ESI to avoid sanctions or fines to the organization during litigation.
Beyond Litigation
The e-discovery team should create and distribute a records retention policy to all employees and test employees on their knowledge of records retention. This records retention policy should outline the lifecycle of document management from the creation of a document, to its declaration as a record and through its possible role as evidence. RIM professionals can provide best practices to strengthen the organization’s e-discovery preparedness plan.
The RIM professional enforcing records retention decides when documents can be destroyed and is the mediator between the compliance people who say, "This can go now," versus the business person who insists, "I still need that." It becomes the RIM professional’s responsibility to determine how to weigh the risks of each stance and decide which position is correct. The amendments to the FRCP acknowledge that some information will be deleted or destroyed in the normal course of business. A "safe harbor" rule (what lawyers refer to as a "clawback") prevents organizations from being unfairly penalized in such instances.
Maintaining open lines of communication with legal professionals is essential. Lawyers can determine if data should be archived in an alternative format, what triggers should be in place for ESI holds or data collection, and who should be trained to testify in court about IT practices of the organization. Likewise, assigning specific roles to lead IT professionals will smooth the effort between legal, IT and security, which can facilitate communication for operational issues and manage projects to improve e-discovery processes and policies.
Long before the threat of a lawsuit, the e-discovery team should identify which requests for information via a potential subpoena will present an undue burden or cost to the organization to produce. An assessment of what is stored across the organization is necessary to ensure only essential business information is stored and made available for discovery purposes. It is advisable that the e-discovery team establish a "subpoena response plan" for objections to production of certain types of data, including seeking a court order when data requests are determined too costly and burdensome to produce.
Be Proactive!
E-discovery preparedness enables organizations to reduce the cost and risk of e-discovery while driving real efficiency benefits to the day-to-day operation of the organization through the ability to find and share information quickly. E-discovery preparedness leverages the value of a records management program and retention policy as an integral part of a sound business program. It’s more than a reaction due to the threat of litigation; it is a systematic, organized approach to developing policies and procedures to establish accountability within the organization and credibility with the courts.