In recent times, many high-profile court cases have hinged on electronic records held by a company or individual.
Electronic discovery, or E-discovery as it is becoming more commonly known, is one of the hottest legal issues facing companies today. In simple terms, E-discovery is a firm’s obligation to produce all documents or information in its possession, including documents that exist only in electronic form, in the event of initiated or threatened litigation. With that obligation comes costs and risk: the costs of potentially reviewing millions of pages of electronic information, and the risk of failing to understand the information that the company itself is creating.
As the head gatekeeper of corporate information, the CIO faces many issues around E-discovery. For example, what information retention strategy should the CIO put in place in view of the fact that the company may one day face a significant lawsuit? And what should the role of the CIO be when the organization is threatened with a lawsuit?
Here are five key issues around E-discovery that the CIO needs to be aware of:
1. Litigation is an active and strategic focus of the business.
It is important to recognize that in today’s business climate, litigation is not always a last-resort alternative. Increasingly, it is becoming an active strategy of the business and is being critically assessed, based on its potential to generate a positive return on investment.
Other strategic factors, such as the potential impact on the organization’s reputation and the ability to create competitive advantage, form part of the equation in evaluating litigation as an ongoing strategic focus.
2. In-house counsel should play an important role in information access and management.
In many organizations, the in-house counsel group is treated as a separate silo – a necessary adjunct that is strictly a cost of doing business – and its role is to react to problems once they arise. But in-house counsel can also be an excellent resource for the CIO, assisting in the building of IT strategies around access to information, document retention, document destruction, information collaboration, and litigation.
We have been involved in too many situations where in-house counsel doesn’t have a fundamental understanding of the information that a company possesses – the nature of the information, where it is located, how it is being created, and how and why it is being utilized by the business.
E-discovery includes an obligation to preserve all relevant electronic evidence as soon as litigation is threatened or contemplated. That obligation simply cannot be fulfilled in the absence of complete information about the company’s information structure and technology. And whose obligation does it become, the CIO’s or in-house counsel’s? This is an issue that the company needs to address.
3. Managing the content of information should not be ignored.
For many organizations, security continues to top the list of concerns surrounding information. A great deal of attention is focussed on ensuring that an organization’s information cannot be accessed by unauthorized parties including competitors, hackers and even the general public.
It should be remembered, however, that it is vitally important to pay attention to the content of the information being protected. Failure to do so can expose the company to substantial litigation risk. Take e-mail, for example. Idle chatter that in the past might have only existed as water-cooler gossip now, in the form of a casual e-mail, can have explosive consequences. Consider the potential impact of an email from an administrative assistant, passing along a rumour that a senior executive has engaged in sexual harassment of some female employees.
Blogs are another potential trouble spot. For example, imagine the potential consequences of a blog, written by a factory employee, noting that for years he has been trying to warn the company that it was headed for its current product liability lawsuit. It has often been said that you should never put in an electronic communication what you wouldn’t write in a formal letter or say in a face-to-face conversation with an outside party. Many companies are learning this lesson the hard way. Evidence which previously would have been regarded as hearsay in the context of litigation is now being memorialized in electronic records, exposing the firm to significant risks.
A knee-jerk reaction to these risks has lead many companies to adopt aggressive document destruction policies. This reaction, however, tends to ignore the fact that the risks lie in the content, not in the quantity of the information. And it is important to keep in mind that one day there may be significant value that can be mined from the retained information.
That’s why smart companies are investing in strategies to proactively monitor the content of information, employing such aids as e-mail monitoring tools and enterprise-wide content management systems. These technologies allow value to be extracted from information while providing some level of assurance that its contents do not expose the organization to unexpected business risk.
4. A systematic campaign of education and compliance monitoring is a fundamental element of effective corporate policy around information management.
Abuse of e-mail, failure to preserve electronic evidence in the face of litigation, exposing confidential corporate information to the Internet – all are serious lapses that are often committed unintentionally by the offender. The best defence against such lapses lies in the development of effective policies around the creation, utilization and protection of information. And accompanying these policies should be a wide-ranging program for educating employees and helping ensure that they are in compliance.
Many employees are not even aware that policies exist or where they can be found, much less their obligations with respect to these policies. They sometimes fail to understand what the policies mean, when they need to act, and what their actions should be. Too often, organizations develop educational campaigns only after they have been adversely affected by poor information management.
Employees at all levels often circumvent corporate policies around information retention, based on a fundamental fear of destroying their own information. As well, information is often retained unintentionally as a result of failure to communicate policies throughout all levels of the organization. So it is important that policies be continuously reinforced (e.g., through regular or periodic e-mails) and that compliance is actively monitored.
5. Litigation needs can present a fundamental departure from otherwise highly effective information strategies.
There are inherent difficulties in trying to generate a one-size-fits-all strategy to accommodate the often unique demands presented by litigation. It is important to give proactive consideration to potential litigation when developing information processes.
However, it would be irrational to implement costly and advanced enterprise-wide information access technology to respond quickly to potential requests for information in the course of litigation. This is especially the case when the likelihood of litigation involving broad information requests is remote, and more importantly, when providing access to the information does not provide identifiable benefits to the ongoing operations of the business.
Information is often a company’s most valuable asset, and in this increasingly litigious era of business, it can also be one of the company’s biggest sources of risk. Because of this, the CIO will have to be ever more vigilant at mitigating those risks. This is yet another aspect of IT in which the CIO must step up and be a leader.
Brian J. Reny is KPMG’s National Director of E-discovery services, with responsibility for the provision of end-to-end E-discovery services entirely within Canada. He has over 14 years of experience in leading forensic and litigation support engagements in Canada and internationally.
The information contained in this article is of a general nature and is not intended to address the circumstances of any particular individual or entity. No one should act on such information without appropriate professional advice after a thorough examination of the particular situation.