Companies unprepared to comply with new electronic discovery rules

Amendments to the Federal Rules of Civil Procedure pose IT challenges.

Organizations are woefully unprepared to comply with amendments to the U.S. court system’s Federal Rules of Civil Procedure that call for businesses to retain and be able to produce electronic records, recent studies show.

The new rules, which were approved by the U.S. Supreme Court in April and will take effect on Friday, require any business that could be involved in litigation in federal court to retain electronic records — such as e-mails, instant messages and text documents — and be able to retrieve them if economically feasible. The rules also require company attorneys and IT managers to be able to show how electronic records are stored, what mechanisms are in place to retrieve them, and when and how they are deleted (see graphic).

Required procedures Amendments to the U.S. court system's Federal Rules of Civil Procedure call for businesses to retain and be able to retrieve electronic documents.
AmendmentEffect on IT
Rule 16(b): A description of all electronically stored information must be presented within 99 days of the beginning of a legal case.E-mail archiving and retention software and policies should be put in place.
Rule 26(a): Electronically stored information, including e-mail, must be searched without waiting for a discovery request.IT should put in place e-mail archiving and retention policies so information can be discovered rapidly.
Rule 26(b): A party need not provide discovery of electronically stored information . . . if there is an undue burden or cost.Requires the organization to prove that putting in e-mail archiving software is an onerous expense.
Rule 26(f): Requires litigants to discuss any issues relating to preserving discoverable information.Requires legal counsel to know how e-mails are being retained and how they can be searched and retrieved.
Rule 34(b): Requires requesting party to designate the form in which it wants electronically stored information to be produced; requires the responding party to identify the form in which records will be produced.IT must be aware of how e-mails are stored — on disk or tape, for example — and how they will be retrieved.
Rule 37: Establishes a safe harbor provision for deleting records.Lets IT establish policies for the deletion of e-mail.

Virtually all businesses are affected by the new rules, analysts say. Companies involved in litigation related to lawsuits that cross state lines, Internal Revenue Service actions, and Health Insurance Portability and Accountability Act or Sarbanes-Oxley violations, for example, are expected to comply. According to industry analysts, events requiring electronic discovery are becoming more common: A survey by Enterprise Strategy Group (ESG) shows that 91% of organizations with more than 20,000 employees have experienced an electronic discovery involving e-mail in the past 12 months.

Many businesses are not aware of the new amendments, however. Of 75 company attorneys surveyed by LexisNexis Applied Discovery, more than half weren’t aware of the Friday compliance deadline. Just 7% said their companies would be able to comply with the new rules.

Similarly, a Cohasset Associates survey shows that nearly 50% of organizations have no e-mail retention policy in place. Although not all organizations’ e-mail retention policies will be the same, there are three elements that are essential to make such policies litigation ready: a clearly written records and information management policy; a legal hold-and-lift process to secure all information that will be relevant to an action; and an e-mail archiving process that includes services and software.

Vivian Tero, senior research analyst for IDC, says that businesses should “consider putting in place a corporate records-retention program as part of [their] litigation readiness.” Organizations also should involve IT, compliance officers, records managers, and in-house and external legal counsel in discovery teams, she says.

Responding to electronic discovery requirements can be difficult for organizations that aren’t prepared. According to the ESG survey, 56% of enterprises found that retrieving data from such offline media as tape was a significant challenge, and half of the respondents said that a lack of effective software tools to search for and retrieve information was a challenge. Many organizations misunderstood the electronic discovery requirements and thought they applied to only the financial services industry.

Not all enterprises have been caught off guard by the new amendments, however. Some suggest they are simply a formalization of existing requirements. “I am by no means expert in the rules of discovery, but it appeared at first glance to be simply a clarification of already-existing obligations to codify recent case-law decisions into formal rules,” says Timothy Hogan from the Office of Business Conduct at Beth Israel Deaconess Medical Center in Boston. “The new language generally emphasizes the importance of policies and standard procedures covering the routine, good-faith operation of an electronic information system,” he says.

At Beth Israel Deaconess, CIO John Halamka, is putting in Symantec’s Enterprise Vault early next year to archive e-mail.

Such preparedness can pay off. Although the new rules don’t stipulate fines for noncompliance, District Court judges have been known to fine companies for not responding to a discovery request fast enough. Last year, the Alabama Circuit Court of Appeals fined General Motors $700,000 for delaying a discovery process by 98 days.

Learn more about this topic

Legal discovery concerns fuel IT spending10/16/06How a new government rule affects your storage infrastructure08/21/06Vendors add to e-mail storage options08/21/06
Insider Shootout: Best security tools for small business
Join the discussion
Be the first to comment on this article. Our Commenting Policies