Sloppy e-discovery can cost you millions

New federal guidelines could result in big problems for organizations lacking strong e-mail and electronic records-retention policies

New federal guidelines could result in big problems for organizations lacking strong e-mail and electronic records-retention policies.

"It makes sense," says Gregg Davis, CIO at Webcor Builders, a construction firm in San Mateo, Calif. "Before five years ago, we never allowed change orders or changes in price or scope to happen through e-mail; everything was signed and faxed and kept on paper. But now, everything we do is e-mail. It's our primary tool for business documentation. Now 90% of everything we do here is done electronically."

That puts a heavy burden on IT, says Browning Marean, partner at DLA Piper, a global law firm. "If it's digital and it's relevant, it's discoverable. So it all has to be found, preserved and examined," he says. "And IT plays a key role in that because it is the keeper of the information -- it knows where and how information is stored, and IT is the one that has to find and present it."

Gregg Davis

New ground rules

In the U.S. court system, the onus of ESI discovery took on new weight on Dec. 1, 2006, when amendments to the Federal Rules of Civil Procedure (FRCP) went into effect. The new rules, which govern suits filed in federal court, specifically outline an organization's rights and obligations in e-discovery. The FRCP amendments apply to all organizations, public or private.

"With the amendments to the FRCP, the courts are saying, 'We know the technology exists to do this stuff. We want to see you take some reasonable steps to put processes and technologies together to do e-discovery. And if you don't, we're really going to hold you accountable for it,'" says Barry Murphy, principal analyst at Forrester Research.

He cites the recent case of Morgan Stanley vs. Ronald Perelman, in which Perelman charged the investment firm with duping him into believing Sunbeam -- for which Perelman was accepting stock in a buyout offer -- was financially successful. Morgan Stanley was hit with a $1.57 billion jury verdict, which hinged primarily on the company's lax e-discovery procedures. "The courts are saying that there's no plea to ignorance here. The rules are there to be followed," he says.

In a nutshell, the new rules require opposing parties to discuss e-discovery issues within 120 days of a lawsuit's filing. This means each party's legal team needs to be versed on its client's IT infrastructure; how, where and for how long data is kept; and how the company plans to provide discoverable information.

The rules also address a legal concept called the litigation hold: At the first sign that a company reasonably can expect to be a party to a suit, even before a suit is filed, it must implement a litigation hold. That is, it immediately must put a stop to any automated or regular purging of relevant ESI. It also must be able to prove, via an audit trail or similar means, that data relevant to the suit has been preserved unaltered.

Several companies have gotten into serious trouble for forgetting to turn off automatic-deletion features in their e-mail systems, and therefore losing potentially relevant documents, says Arthur Smith, a partner in the dispute-resolution practice group at Husch & Eppenger. "That loss of relevant information is known as spoliation. It's not just a matter of saving it, but also saving it without alteration, without changing the file-creation date or the last-read date on a document. It's a high standard," he says.

If the opposing side can prove the litigation hold was not implemented properly, the result can be devastating. "You go straight to damages, and the issue of whether or not what's alleged transpired never gets to the jury," says Richard Davis, director of litigation risk management at Constantine & Aborn Advisory Services. "That's the worst possible scenario."

Technology can help

In the face of these challenges, organizations are looking to technology to help them search, cull, preserve and present discoverable ESI. In addition to the traditional storage and document-management vendors -- for example, EMC, HP, IBM's FileNet division and Symantec -- numerous specialty companies, such as Clearwell Systems, Index Engines, Kazeon Systems, Recommind and Reconnex, are offering e-discovery appliances.

The product landscape is very muddled, however, Forrester's Murphy says. "You can source the litigation-hold capabilities from a pure-play, whose focus is giving you the framework and some workflow technology to actually do the litigation hold, or you can do it through your e-mail archiving vendor or your records-management vendor or your storage vendor. It can get confusing fast," he says.

And that is especially true because each vendor typically attacks one slice of the problem. Many e-mail-archiving vendors offer powerful, policy-based data-management tools that work well for instituting litigation holds, but many don't offer strong search or culling tools. In addition, the search portion can be a big cost.

"I worked with an organization that spent $4 million simply on searching and culling data for e-discovery, and that was before even one hour of attorney time was spent," Constantine & Aborn's Davis says.

Some appliances, such as Clearwell Systems' Intelligence Platform, provide robust search capabilities but need to be paired with an e-mail archive for implementing litigation holds. The appliance can search an e-mail archive or can be pointed at an online file server, and it can produce relevant information, culling out duplicates and streamlining the process. Once the data is found, however, it's up to the archive to set the policies and enforce the litigation hold.

Other products, such as Kazeon Systems' IS1200, provide effective online search without needing to be pointed at any specific data store. The appliance crawls the entire online environment and produces an index of ESI that can be searched, culled and stored. It also can implement a litigation hold once the data has been tagged as relevant, a major differentiator. However, Kazeon's product doesn't deal effectively with ESI stored offline. For example, if relevant data is stored on tape, the tape must be restored to online media before it can be indexed, which can be a large added cost.

Examining offline data is where a company such as Index Engines comes in. Its e-Discovery Platform appliance attaches directly to offline tapes (stored using a variety of backup products) and indexes the contents. Organizations can discern which tapes need to be preserved and which don't, without going through the lengthy and costly process of a tape restoration. Still, Index Engines does not offer a way to implement a litigation hold and requires a separate technology to handle that aspect.

Other vendors go beyond keywords and offer context-sensitive search. For example, a keyword search for "SEC" might return results having to do with a soccer commission, which has little to do with pending litigation. Appliance maker Recommind does context-level searching, which cuts down on false hits.

"It captures data related to a concept, not just a keyword," says DLA Piper's Marean, who uses Recommind's Mindserver 5.0 in his law practice. "Recommind saves a lot of time, money and effort. Otherwise, you have lawyers making those connections manually, and that gets expensive."

Other vendors, such as Reconnex, grew up in the security arena and are making a play for the e-discovery market. Reconnex's iGuard Appliance monitors and captures all inbound and outbound traffic. Randy Barr, CSO at Web-conferencing vendor WebEx Communications, says he initially implemented the appliance to make sure intellectual property wasn't leaving the company illegally. It worked well for that purpose, but also came in handy for e-discovery.

"When we have litigation, Reconnex is the first place we look now," Barr says, noting that in addition to logs of inbound and outbound traffic, it has a GUI that lets users search via keywords on specific individuals or devices. "And it will bring up all the information along with the e-mail attachments, and none of it is modified in any way," he says. "It's a fast way to get a handle on the scope of a suit."

Forrester's Murphy says his clients are interested in the capabilities of these new appliance makers, although few know much about them. Instead, the majority are looking to their current storage or content-management vendors. "If someone had already invested in IBM FileNet, they'd be more interested in something like the FileNet Records Crawler, which works specifically in searching FileNet," Murphy says. He notes, however, that many large vendors have yet to build key functionality, such as crawl-anywhere, into their wares. That makes the appliance makers vulnerable to bigger vendors like EMC and IBM, which will either buy them or replicate their products' functionality, he says.

Proactive policies

Even if a company has tools in place to search, cull and preserve discoverable information, it can hit a stumbling block building vigorous e-records management policies. At least 14,000 rules govern record retention in the United States, most aimed at such specific industries as financial services or healthcare, Marean says. And many of those rules overlap.

WebEx's Barr knows that frustration. "There's [a European Union] directive that requires us to only store information as long as the business requires it," he says. "We collect personally identifiable information to do tracking and billing, but there's another regulation in the [United States] that states that you can keep that information for only X period of time. So it's a bit of a challenge for us to balance those."

In addition, record retention gets even murkier when litigation holds are set.

"We had no idea how to set the policies and procedures," Webcor's Davis says. Webcor uses Symantec's Enterprise Vault e-mail and file-archiving product, together with its new e-Discovery Accelerator search tool. "We started slow and continue to increase the policies and adjust them for our business needs. It's surprising how much we had to engage the executive staff and attorneys to come up with reasonable practices, policies and procedures. We're not used to doing that for a lot of IT projects. We buy the software, we put it in, and we turn it over to the group that wants it and they're off and running. E-discovery is a different animal," he says.

Good proactive policies are key, especially policies on data destruction. ESI that has no relevant business use and is not subject to litigation should be destroyed or it will become a "dormant liability," Constantine & Aborn's Davis says. "If you retain stuff you don't need and your records-retention policy says you can destroy, it's just sitting there waiting for some lawsuit to happen," he says. "And when it does, it's discoverable. That's huge."

Cummings is a freelancer in North Andover, Mass. She can be reached at

< Previous story: Green storage means money saved on power | Next story: Five e-discovery must-haves >


Copyright © 2007 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022