IT law for businesses: The basics

From “IT law for businesses: The legal risks every CEO should know”

The goal of this paper is to give industry leaders an overview of the challenges and pitfalls of e-discovery from the beginning to the end of the litigation cycle. It has been outlined in a way that will give a quick glance at the key topics that should be considered at the inception of litigation, when acting as either a plaintiff or a defendant. The larger the company, the bigger the data and the bigger the costs. Managing this should be left to those who know how to do it, and all companies must prepare now for potential or impending litigation.

If a company is already engaged in active litigation, taking stock now of what has been done, what needs to be fixed and how it should proceed in dealing with future data management challenges is a must-do. E-discovery costs are single-handedly swallowing up litigation budgets. Many companies find themselves in the middle of a litigation and not able to take the case to trial because all reasonable allocated costs have been spent in a never-ending cycle of document collection, processing, review and production—hastening an unfavorable settlement or, worse, incurring sanctions for failure to comply with discovery obligations. Not getting this right from the beginning or not addressing this stumbling block during active litigation is a management failure, and boards should hold those in charge accountable.

Indeed, big law firms have grown internal departments to deal with discovery management. These departments are staffed with lawyers who concentrate their practice on all aspects of e-discovery and with litigation support technical specialists. The area grew out of the realization that having experienced lawyers who are also familiar with the intricacies of electronically stored information (ESI) advising the various departments of the firm and working closely with an internal or outsourced litigation support department—rather than as lead counsel on any one case—is essential to staying ahead of the curve and saving money and time when handling big data. This division of labor is extremely beneficial to the client. There are also many consulting firms providing these services. Unlike internal departments, most consulting companies not only sell advice but sell the technology as well, and the buyer must be aware of the inherent bias and conduct due diligence. In any case, if you do not have the expertise in-house, hiring a consultant is a must.

As a first step, whether a company is acting as plaintiff or has been sued, ESI must be dealt with early on, under competent counsel representation. As part of a company’s due diligence in selecting counsel, the company must consider the proven expertise of its counsel in handling ESI or demand that an expert be retained from day one. Regardless of a lawyer’s prowess in her field, without equal prowess in the field of ESI discovery, chances are that the client will end up incurring unnecessary costs in handling its data, at best; at worst, the client may be facing sanctions.

If counsel of choice for a matter does not possess such proven expertise, a company should either request that chosen counsel retain an outside consultant or engage its in-house legal department to handle ESI issues. In many ways, data management should be a separate exercise from litigating the case in chief because if it is not properly addressed by experts in the field, counsel can quickly become immersed in a morass of data management issues and discovery mishaps, which will cause counsel to channel efforts away from litigating the merits of the case.

Of note, the parties are off to the races immediately upon the filing of an action. As part of the required “initial disclosures” under the FRCP (or similar state rules) and the meet-and-confer process, counsel must be prepared from the get-go to negotiate the scope of ESI and discovery obligations.

Just as important as having competent outside legal counsel, or arguably even more important, companies must have a sophisticated in-house legal department with expertise in the project management aspects of ESI. Companies of significant size and those faced with frequent litigation challenges should also consider investing in an internal ESI department that is affiliated with or shares a mandate with the in-house legal department. The mandate with respect to ESI is not as simple as “reduction of e-discovery costs.” In a vacuum, that is an indefensible mandate. Rather, the mandate should be data management.

A company can manage data in large part by 1) having appropriate destruction and retention policies; 2) keeping an up-to-date data mapping schema; 3) having a ready litigation hold that can be implemented on a moment’s notice, is kept current, and is understood by employees and management alike; and 4) keeping close tabs on outside counsel and holding them accountable. Internal lack of technical expertise may lead to over- or under-collection of ESI, neither of which is advisable. Over-collection as a cautionary approach can lead to added time and data indexing, processing, storage and review costs. Under-collection can lead to sanctions or having to re-collect the data, effectively doubling the cost to the party.

The first step to put your house in order is to make sure the company has an up-to-date and workable document retention and destruction policy. Many businesses are legally required to maintain records for specific periods of time. There are a variety of statutes and regulations that impact retention policies for some industries and for some categories of information. The in-house legal department must advise the company as to its record-keeping obligations. When records exist outside that time and litigation related to those records is neither envisioned nor ongoing, companies should trim down data. In-house legal counsel should be intimately involved with this process, as outside counsel would not likely be involved during this time. Some questions to ask your in-house legal department are: What is the company’s document retention policy? When was it last revised? How is data destruction implemented? Who gives the clearance for data destruction? (Legal must be involved.) What is the retention policy for data belonging to former employees? How many subsidiaries, third parties or agents hold the company’s data? (Note that a company may be responsible for all documents within its “care, custody or control.”)

The second step is to know what you have and how to get it. A company’s IT department will be able to assist in-house counsel in putting together a data map, recognizing that this will be a living document that should be revisited every so often, perhaps a few times a year.

Litigation holds need to be implemented as soon as litigation is anticipated. Having templates for a hold and protocols to monitor the existence and effectiveness of a hold is essential to any company. Litigation holds are extremely intrusive and disruptive. If a company lacks the savvy and protocols to handle them in effectively, this will lead to lost productivity and expose custodians to depositions regarding their efforts, which can be both costly and risky. The litigation hold is also a process that must be handled by in-house counsel with the assistance of the company’s IT personnel or internal ESI department.

Some questions to ask your in-house legal department are: Does the company have readily available templates for litigation holds? Does the company have a person in charge of managing the hold? Who monitors the litigation hold? Are backup tapes covered by the hold? How often is a hold revisited? Who is the contact person listed in the litigation hold? What steps have been taken to preserve ESI and hard copies of documents? Who gives the clearance for lifting the hold? There are tracking forms that can be created in-house or licensed from ESI vendors; they are designed specifically to track and monitor litigation holds.

Finally, a key role of in-house legal departments today is keeping outside counsel under check for the duration of the ESI discovery process. That process can be divided into separate phases: data identification, data preservation, data collection, data processing, data review and data production. A project manager will be able to put together a plan to track these phases of the process. Documentation throughout all phases is critical, as are collaboration tools to keep the channels of communication open and visible at all times. An option would be to have a secured SharePoint portal where the discovery plan is outlined for everyone’s reference, documents can be uploaded and exchanged, and calendars with due dates are visible to everyone.

Managing this process is not a small undertaking and must be done by in-house counsel, lead counsel, and ESI counsel or consultants. Having an effective triad will pay dividends in the long term and can make the difference between losing and winning a case.

The risks for a company with respect to ESI discovery are, in sum, its cost and the exposure monetary or legal sanctions (adverse inferences at trial) if it is not handled properly. To alleviate the first and avoid the latter, data management must be implemented from the inception of a case. Data management is accomplished by having a triad of in-house counsel, lead counsel, and ESI counsel working together to create and implement a discovery plan to be followed throughout the life cycle of the case and adjusted as appropriate, documenting each step. Arming that team with a reputable and solid processing and hosting vendor and a properly managed outsource review team completes the package that will prevent an ESI runaway train and will save your company money, and perhaps win the case.