It’s Complicated:The Real Costs of Risk and Discovery
How E-discovery is Changing the Organization
Is anyone old enough—like me—to remember back when they told us the future was going to get easier? Robots would walk the dog and watch the kids; air cars would fly themselves. And I was supposed to have a silver jump suit by now.
But if anything the rapidity of innovation and the overabundance of information have only made life harder. And nowhere is that more true than in the murky corporate world of information management.
It’s bad enough that businesses are swept away in information and falling behind. Adding insult to injury, corporations now also have to prepare for the inevitable by-product of our complicated lives—the hidden risk of the civil lawsuit.
But that “hidden” part is diminishing. In 2006, amendments to the Federal Rules of Civil Procedure (FRCP) placed an entirely new burden of proof on companies involved in civil litigation. Businesses now have to preserve (place in litigation hold, as it’s referred to) any and all information, especially the electronically stored variety, that may be related to a particular legal action.
This is what has come to be known as “e-discovery:” the retrieval, preservation and presentation of electronically stored information, or ESI, as demanded by opposing counsel in a civil legal action. It has had an enormous impact on businesses not only in the US, but throughout the world (more on that later).
Recognizing that information related to case “A” is merely a subset of a corporation’s entire corpus of data, the FRCP amendments have also imposed new procedural processes that are intended (at least) to make sure opposing counsels have access to pertinent information, but not necessarily the whole shootin’ match (more on that later, too.) These processes DO serve their purpose, but in many ways also complicate the experience and place new demands on employees and managers across the enterprise (more on that... oh, you know).
I wanted to know what—if anything—had changed since these new rules went into place. So I sought out one of the most knowledgeable experts in the field, Ted Barassi, group manager for e-discovery and information risk at Symantec Corporation.
“If there’s any theme over the last four years since the FRCP amendments, I’d say it’s one of growing awareness,” starts Ted. “As a result, this industry that serves the litigation-preparedness market has seen significant growth year over year. We expect that to continue. For any company of any size that has multiple lawsuits going on, it comes down to cost and risk. And companies are investing in enterprisewide e-discovery software in order to get prepared, i.e., get rid of the junk while at the same be ready to quickly search and find the relevant stuff.”
At some point early on in our conversation, I admitted to Ted that the cynic in me couldn’t help but imagine a different scenario altogether... much more denial and much less willingness to take on the onerous task of preparing for litigation.
“Three or four years ago, the argument against deploying enterprise search or information management of any kind was that, with those in place, companies wouldn’t have any excuse NOT to deliver pertinent information to a case. They thought they could plead that the task of e-discovery was beyond their means, and placed an undue burden on them to do so. But we don’t hear that anymore.”
That’s because the FRCP amendments are tough. Ignorance is no longer a safe harbor.
The Process of the Process
E-discovery is not a placid thing. Ted has referred to it as a “fire-drill.” Once litigation is begun, you suddenly have litigation holds taking place. To do that, there are manual processes for freezing tape backups, restoration of the tapes, imaging of laptops...on and on, and it usually takes place abruptly and in somewhat of a panic. Not to mention the costs associated with each step, and the disruption that occurs to the normal, day-to-day business activities.
It’s a hot mess, as Chelsea Handler might say.
Ted, naturally, thinks he knows the solution: create an archiving solution that sits behind all the information management processes that are already in place. Centralize all of the data that would normally exist out in the various business repositories. That includes everything: email, instant messaging, personal archives (PST files), SharePoint and other collaborative content, fileshares, etc.. Archiving all these things together provides a central platform that allows you to manage retention against all that content from one central system. And it gives you a single view into all your data, fully indexed and searchable from a single user interface. Makes sense. But storing and protecting massive amounts of data is sort of what Symantec does, so it makes sense from a business point of view, too.
Speaking of which, as for the market, it’s primarily large—5,000 employees or more. But, says Ted, “there’s a fairly healthy business with smaller firms that are engaged in businesses that often are exposed to litigation—-hedge fund companies, for example, or healthcare/pharma. Increasingly, there are more government users, not because they have civil challenges, but they have FOIA-type challenges.”
Changing Roles
The stakeholders in litigation preparedness have remained the same, but their attitudes have changed, Ted thinks. “Previously, in-house counsel would leave a lot of what they consider ‘discovery’ to their external, hired firms. Attorneys detest discovery. By discovery, they mean review materials, case management material and the like. Then the external counsel would throw the request back over the fence to someone in the IT organization who would have to figure out how to respond to the collection and preservation challenges.” That meant the burden—and cost—of discovery would fall into the IT department’s lap. “Now, there’s more willingness from other areas in the business to come up with budget and resources,” says Ted. “We’re also seeing a much closer collaboration between IT and legal, with some participation from records and/or compliance. It’s certainly a much more multi-faceted discussion,” he says. But there’s an important distinction to be made from a marketplace view, explains Ted. “We sell software. We used to look to the IT department for budget to tap into. But now we’re seeing legal actually come up with budget for software. That’s a pretty dramatic change.”
As a direct result, Ted’s group is noticing another trend, and that is the emerging position of “IT/legal liaison” on many businesses’ org charts. In most cases this is a technical person by background who’s been given some exposure to legal requirements (often through formal paralegal training) and is able to understand what the legal department needs and is able to articulate that to IT. Turning that around, says Ted, these liaisons are also “able to tell legal to go fly a kite if their expectations are unrealistic.” Thus, these liaisons act as advocates as well as in-house experts regarding retention practices.
Which comes in handy when it comes time to comply with those other “procedural” issues mandated by the FRCP amendments. There is a new, complex and disruptive component to legal discovery referred to as the “meet and confer.” Meet and confer is the term for the requirement of the FRCP that opposing counsel sit down prior to an action going to court to agree on which items are pertinent and thus discoverable and which are protected or irrelevant. Information may be protected by non-disclosure agreements, for instance. Information may have already been disposed of in an appropriate way according to and in compliance with the company’s existing retention policies.
This is not a typical IT person’s role, and, according to Ted, many IT professionals don’t want to be pulled into these legal matters. I suggest that it might be considered a promotion, and would give the liaison a unique position of power in the organization. “That’s true, but your typical IT person is not accustomed to getting deposed. That’s why, in large part, this role has been created. Typical IT folks are terrified of getting pulled into a legal proceeding,” he says.
It’s huge procedural pain. “This is how these meet-and-confers go down: it’s basically a fight over search terms,” Ted explains. It’s not unusual for a meet-and-confer negotiation to belabor the issue with detailed bickering about what can and should appear as part of a search string, for example. These “Boolean negotiations” can result in search queries that are themselves pages upon pages long, and take as much time and effort to negotiate as the issue itself. Mama didn’t send her son to law school to spend the weekends learning semantic taxonomy.