E-discovery gets an F

E-discovery in the age of Web 2.0 has a long way to go, according to industry experts, who recently convened at a Symantec Inc.-hosted Webinar to bemoan the state of record compliance in enterprises today.

"E-discovery has always been an issue for lawyers to handle, but now there's that added complexity with wikis, Facebook, Twitter, and other new technologies," said George Socha, a litigation attorney who works with the Electronic Discovery Reference Model (EDRM) Project. "A lot of lawyers' eyes roll back into their head and they curl up like possums because they just don't want to deal with it."

"Now that people are more dispersed across time zones, people are revising and sharing everything on a constant basis. These (Web 2.0 applications) have a lot of utility but they are essentially creating new sources of information that people haven't had to deal with before," said Annie Goranson, discovery counsel for Symantec. "And the legal department is often the last to adopt these technologies since keeping up can be a real challenge."

This is creating a real "toxic landfill" of conditions in the legal system, according to research vice-president John Bace of research firm Gartner Inc. He said that IT managers are often leading the pack when it comes to considering the e-discovery implications of Web 2.0 applications, but there is still a lot of work to be done, especially when it comes to working in closer conjunction with the legal teams.

For example, said Matt Kesner, CIO with the law firm Fenwick & West LLP, "It's hard because the context is part of the conversation. Like on a Facebook page, those bits of information are all stored on different databases."

It is important to understand what sort of social networking technologies are being used in the workplace when setting up a more comprehensive Web 2.0 record-keeping strategy. One good place to start is the sales force, according to Kesner. They often are active users of Web 2.0 and collaborative tools that are so vexing to e-discovery teams.

Another good starting place is fellow engineers and IT staffers. "They tend to push the boundaries," he said.

That way, you will start to get a baseline of the collaborative output at your company that must be monitored and stored for future e-discovery purposes. "You need to understand, eventually, what all the business units are doing. You need to be able to, on the legal side, have a framework for obtaining whatever type of information in this environment might be needed," according to Goranson.

Next comes the policy-making. "It's important to distinguish between speaking for one's self and speaking for the company," said David Fong, director of risk management with Qwest Communications International Inc.

A good rule of thumb, said Kesner, is to start treating each employee like a record manager. This way, they will always consider their output and its storage requirements.

This goes hand in hand with establishing a very firm, transparent policy around usage and compliance expectations. "Instead of trying to suppress, formalize it. Otherwise, it'll just go underground," said Fong.