Facing Up to the E-Discovery Challenge

By Tom Schmidt

In today's electronic world, financial services organizations increasingly communicate and store valuable business-related information in unstructured content repositories such as corporate email systems, file servers, Web portals and personal archives.

But while these repositories weren't initially designed for long-term storage (or to be easily searched), they are often included in initial search requests from attorneys, auditors, internal HR personnel, law enforcement officials, and other interested parties looking for information on internal or external communications. In addition, an increasing number of external regulations include specific long-term storage and retrieval requirements.

How important is it to properly manage such data? Just ask Morgan Stanley.

In the course of a high-profile lawsuit brought by billionaire financier Ronald Perelman, Morgan Stanley couldn't reliably produce emails for the court. That didn't sit well with the judge in the case, who in 2005 ruled that the company deliberately violated her orders. The jury in the case awarded Perelman $604.3 million in compensatory damages and $850 million in punitive damages. (Although Morgan Stanley in 2007 ultimately won an appeal of the jury verdict against it, the case cast a legal pall over the firm that eventually led to the departure of its then-CEO. Lawyers for Perelman have said they plan to appeal the latest ruling.)

As The Wall Street Journal observed at the time:

"Morgan Stanley is in serious trouble because of the way it mishandled an increasingly critical matter for companies: handing over email and other documents in legal battles. Lawsuits these days require companies to comb through electronic archives and are sometimes won or lost based on how the litigants perform these tasks. Morgan Stanley kept uncovering new backup tapes, couldn't perform full searches because of technology glitches and gave material to the other side that was sometimes incomplete or late."

Nor was this the first time Morgan Stanley was rebuked for the way it stores and turns over documents. In 2002, Morgan Stanley and five other firms paid regulators $8.25 million for violating rules requiring securities firms to retain emails for three years. In 2004, it was one of three firms fined $250,000 each for failing to hand over documents in investor-complaint cases. Also in that year, it agreed to pay $2.2 million to regulators for delays in disclosing 1,800 complaints and misconduct incidents.

New rules now in effect
Not surprisingly, the issues that were raised by the Perelman case (and others like it) generated widespread demand for better rules dealing with electronic evidence. As a result, a series of amendments to the Federal Rules of Civil Procedure were drafted in August 2004. New rules were eventually ratified by the U.S. Supreme Court and went into effect on December 1, 2006. The rules specify standards related to the requirements for parties to store, preserve, search, retrieve, and produce electronic information in litigation. They even formalize a requirement to disclose data management practices to the other side early in the course of litigation. These rules apply to any participant in U.S. Federal Civil Court, whether it's a large, regulated business or a small, private company.

The need for automation
One lesson to be drawn from these recent events is that, without a robust archiving solution and a fully audited enterprise search application, the task of manually finding and producing electronic information will be a severe drain on human and capital resources. After all, financial institutions must either reassign internal personnel or spend an inordinate amount of time and money to outsource the project. Even if an institution chooses to outsource e-discovery processing and legal counsel, internal resources will be needed to collect information from the internal technology infrastructure, including application servers, enterprise storage devices, personal computers -- even PDAs and portable memory sticks.

Another lesson is that financial institutions have their work cut out for them to prepare for these changes. Many legal and IT departments likely haven't contemplated the ramifications of disclosing every potential repository of electronic data relevant to every piece of civil litigation filed against them. Institutions must have access to all potentially responsive data to minimize the cost and manage the impact on IT and legal departments. Some institutions may try to push everything to tape to make data "inaccessible" (new Rule 26(b) (2) potentially exempts offline or tape backups from the normal course of discovery), but that's hardly a wise or realistic policy to pursue.

More importantly, preparing for these changes actually creates an opportunity for financial institutions to take control of important business knowledge scattered across their network in hidden shares or buried on encrypted laptops and in password-protected files. This is possible only if all aspects of the user knowledge base are effectively "owned" and managed.

Conclusion
The pressure on organizations to protect and manage data has intensified with the recent growth in unstructured data and the reliance on email to communicate and exchange documents. Many companies now consider email to be mission-critical. In fact, recent studies by the Enterprise Strategy Group suggest that email and other messaging applications store as much as 75% of a company's intellectual property.

The urgency to protect and manage this data is underscored by the recent amendments to the Federal Rules of Civil Procedure, which set firm guidelines for the e-discovery process, what records an organization should be prepared to produce, and in what format.

IT administrators who have had to respond to a corporate lawsuit or monitor compliance understand the difficulty of aggregating and delivering files, messages, or other content for legal scrutiny.

Tom Schmidt writes frequently about information security topics. He has more than 15 years' experience as a writer and editor in high-tech publishing.