Effective Records Management Greatly Benefits the Legal Dept for eDiscovery


Many (but not all) corporate legal types consider ESI retention management as the legal hold process. Not a bad thought but really falls short of a true corporate definition of the term. To records managers ESI retention management refers to the systematic retention and disposition of the organizations electronic business records; either for the day to day running of the business, regulatory compliance or litigation support. And in this case I believe the records managers are right.

ESI retention management, also known as records management, needs to be better understood by corporate legal because the proper management and deletion of electronic business records have a direct relationship to the corporate legal department for both legal holds and eDiscovery.

A properly managed ESI records management system allows legal to quickly find and place on legal hold, all archived potentially responsive electronically stored information thereby reducing the risk of spoliation; destruction of evidence. A centralized ESI management system will also act as a on-going collection point so that when eDiscovery starts, the collection phase is already taken care of for that ESI already under management. Because the archive acts as an on-going collection point, the legal department can quickly search the ESI archive for responsive ESI and begin their culling and review responsibilities almost immediately; without the need to spend days or weeks trying to find/collect potentially responsive ESI.

Advertisements

Training Employees Before they Hit the SEND Key


Time and time again we see news stories and legal case writes ups where it has become obvious employees still have no idea that an email is not a private communication. I find most employees, even corporate legal department types, still consider an email is like a verbal conversation in a parking lot; once its ended, it doesn’t exist anymore (unless it was recorded).

A recent example came from the Goldman Sachs Congressional hearings where the following exchange took place:

US Senator Carl Levin: “And when you heard that your employees, in these e-mails, when looking at these deals, said God, what a shitty deal, God what a piece of crap – when you hear your own employees or read about those in the e-mails, do you feel anything?”

David Viniar, chief financial officer, Goldman Sachs: “I think that’s very unfortunate to have on e-mail.”

This is a prime example of a probably very smart guy never considered that specific content in that email would every show up in a blog much less the front page of the Wall Street Journal. This problem of unguarded content in emails has become a major liability for many companies and organizations. Another example is the email flap recently over the emails between various researchers at various universities around the global warming question.

Organizations are doing themselves a huge disservice by not training their employees around proper email use and its implications if not followed. I am not addressing the “right” or wrong” questions about these two specific examples, just the fact that very smart people continuously ignore the consequences of questionable emails.

So what can organizations do to protect themselves from this kind of liability? Well there are two steps that you can take to drastically reduce your liabilities around smoking gun emails. First, train all employees (not just once but at least annually) on your email use policy (hopefully you have one that addresses this kind of behavior). But also just as important is to educate them on the consequences of inappropriate email usage. Explain to them the eDiscovery process and what that means for email. Government agencies as well as attorneys regularly ask for and get emails from organizations in litigation or agency subpoena.

Also educate them on the email technology. I can’t count how many times I have had CEOs, CIOs all the way down the line to line workers explain to me that when they delete an email from their email box, it’s really gone. Show them why that’s not the case with a couple of the hundreds of case examples where company employees believed the same thing and what happened.

The second step is to put technology in place that helps you zero in on this type of behavior before it ends up in court and on the front page.  Many organizations will think this is “big brotherish” and not fitting with their organizations culture. I disagree with this reasoning…Putting protections in place to ensure proper business behavior is a common sense measure to reduce your legal liabilities. Install an email archiving system so that email is secured for some period of time via retention policies and also have content monitoring capability to be able to monitor, in real time, occurrences of content/behavior your organization has deemed out of bounds. Along with this technology, be sure to explain (repeatedly) to each and every employee that all of their emails are being captured for a period of time and that some are actually being monitored for content. I guarantee you that your employees will be overly careful what they put in emails going forward.

Putting some real teeth in eDiscovery sanctions will drive effective information management


Ok, I know there is a push back from the legal industry in reference to the problem of the cost of discovery. Yes, companies create, use, receive and delete huge amounts of electronic information on a daily basis and it is unreasonable to expect an organization to have enough of a handle on this moving target to be able to place an effective legal hold – quickly, and provide all responsive information in response to an eDiscovery request. But come on… organizations live and die by their information, especially electronic information and if an organization doesn’t have enough of a handle on their data to be able to place a legal hold on select data, then I’m sorry they have other problems.

It all comes down to effective information management. Why is it unreasonable for a Judge to expect a company knows what data it has at any point in time and can find it when it needs to?

I understand the proportionality doctrine argument, and it makes sense. If proportionality did not exist, a plaintiff’s counsel could win every case just based on how they construct their discovery request.

Many businesses in the United States have long given employees total control of the company records, with a few exceptions, with little or no central control or even knowledge the information exists and how it pertains to the business. This does not seem the best business decision for the long run.

Maybe eDiscovery can serve as the impetus to nudge companies to start taking information management seriously. If Judges start imposing even larger penalties and fines for what amounts to eDiscovery failings because of ineffective or no information management policies in an organization, then we may see a corporate change of attitude.

In a recent LTN Law Technology News article, e-discovery analyst Barry Murphy of Murphy Insights noted that very few sanctions for e-discovery have had any real teeth, and the few that have involved large dollar amounts have been overturned. In some cases, e-discovery snafus have led to negative inferences that almost certainly impacted the outcome, but he says even those rulings seem to have had little impact. “The sanctions we’re seeing are too small to register with many people, and while negative inferences may lead to a bad outcome, the impact is not always obvious,” says Murphy. “Once we see a sanction for many millions of dollars because of a failure to preserve electronic evidence, the point will be clearer.”

Let me offer some common sense suggestions around information management and eDiscovery:

  1. Have regularly updated and tested records retention policies
  2. Get rid of data your business no longer needs
  3. Really know what electronically stored information (ESI) you have and don’t have
  4. Be ready to find it quickly
  5. If you are a big enough organization, have tools on hand to help in the searches
  6. Have a tested litigation hold process. Be able to stop records deletions based on content, employee, date etc. quickly
  7. Have a tested eDiscovery process

Too many organizations are willing to risk the consequences; “It’s never happened to me before”. If you manage your ESI effectively, then discovery response should not be a problem