Reduce Legal Risks With E-Discovery Best Practices

By Courtney Macavinta

When Ralph Rodriguez was a CIO and CTO, the practice of retaining, archiving and retrieving electronic records for legal proceedings -- now known as e-discovery -- was a pretty new concept at most companies. Today, as senior vice president of the Research Technology Markets Group for the Aberdeen Group, Rodriguez surveys CIOs about topics like e-discovery and says that although the challenges and regulatory obligations have increased for CIOs, the range of best practices have as well.

“The Federal Rules of Civil Procedure (FRCP) changed everything,” says Rodriguez.

In December 2006, the U.S. government implemented amendments to the FRCP that created new rules, requirements and penalties related to e-discovery. Companies now face strict criteria when responding to legal discovery requests. They must supply the correct electronic records on time, which has directly impacted many companies’ data archiving and retention policies and procedures.

However, Rodriguez also found, in a study entitled e-Discovery and Message Archiving: Can Your Business Afford to be Served, that “best-in-class” companies saved 38% on legal discovery costs. Best-in-class companies were defined as those that completed legal discovery requests on time and retrieved archived data within less than an hour. Only 20% of the more than 300 companies surveyed fell into this category.

“Because of the regulatory issues and maturity around governance risk compliance (GRC), you do have organizations that are performing well,” he says.

However, what CIOs found overwhelming was "understanding the scope and complexity of the requirements and the anticipated cost of the solution.”

Here are best practices recommended by experts to help CIOs master e-discovery:

Get aligned with the legal team
CIOs need to work closely with their firm’s general counsel to take inventory of the current electronic records archiving and management process so they can ensure adequate response times for legal discovery requests, says John Bace, research vice president for Gartner Inc. CIOs should also designate an IT staff member as liaison to the corporate legal department and request that an attorney be designated as the legal team’s technical expert.

“It's a whole new ball game for the CIO and general counsel, and there is a very big need for them to work together,” Bace says.

Take inventory
The bottom line for a CIO is that the organization or enterprise needs to create a working inventory of potential discoverable information. While email is still the most requested record, according to Brian Babineau, senior analyst for Enterprise Strategy Group, database records, invoices, instant messages, financial statements, telephone call recordings and other digital audio and video files are also being called up in legal discovery. Bace recommends that CIOs work with their counterparts in legal and other relevant departments to take stock of the data landscape, including what electronic information the company creates, who’s the custodian of that information, and how long classes of information need to be retained.

“They need to create that inventory ahead of time,” Bace says. “It's not just a data map. It's a tool lawyers need to try to limit the scope of discovery.  The trick is to not “boil the ocean.” Look at where you have the greatest potential risk and where most of the lawsuits come from, and then prepare yourself for that.”

Get outside help
While IT can help invest in products that reduce the overall legal expenses related to the e-discovery process, Babineau says that it often pays to get outside consulting, such as a litigation support specialist who understands the general counsel’s needs and e-discovery regulations.

“The first thing CIOs need to understand is that this is not about a product or solution -- it’s a process,” he says.

Before investing in software or hardware, however, Rodriguez says an enterprise should first meet best practice requirements such as implementing a records management process that creates an audit trail or integrates e-discovery needs into an overall data management process. He also says savvy CIOs should do a cost-benefit analysis of any potential vendor products.

Ultimately, e-discovery might require a collective effort when it comes to the people, policies and processes involved, but the goal is simple, Bace says. He adds that “It’s about making sure that you have a good documents retention policy in place that meets the needs of the business.”

Courtney Macavinta is a Silicon Valley-based business and technology writer. Her articles have appeared on Web sites including CNET News and Inc., as well as print publications such as Business 2.0, Red Herring, Wired News and The Washington Post. She is also the managing editor of the online program The Online Family.