This is a guest post by Deborah Galea…
The process of preparing for and responding to eDiscovery has become both increasingly important and more complex as companies produce more and more electronically stored information that is relevant to litigation. eDiscovery refers to the process of obtaining forms of electronic communication to be used in civil litigation proceedings and includes email, instant messages, voicemail or data stored on a smartphone or PDA. The process can be incredibly time-consuming, expensive and complicated, so it is important to have procedures in place from the outset so archiving and data retrieval is easy, accessible and integrated as policy throughout your company.
To ensure that organizations are properly retaining such information, the federal government and several regulatory agencies have enacted compliance requirements that differ per industry. It is crucial for management and executive teams to understand the specific requirements for their business. However, companies looking for general eDiscovery standards can look to the Federal Rules of Civil Procedure (FRCP), which govern how litigation is carried out in U.S. district courts, and apply to any company that faces litigation, independent of industry and size.
In 2006, changes were made to the Federal Rules of Civil Procedure to better reflect the growing inclusion of Electronically Stored Information (ESI) in discovery requests for lawsuits. This trend has only accelerated since then, as companies rely on email for business communications more than ever and continue to produce more ESI.
How can you prepare for eDiscovery?
Below are a few guidelines that can help organizations of all sizes prepare for the possibility of an eDiscovery order.
1. Plan Ahead: eDiscovery Threat Assessment
All industries can be subject to audits or litigation. The first thing organizations must do is to conduct an internal litigation risk assessment in order to identify likely threats specific to the business industry and employee profile. This assessment should include team members from the IT, HR and legal divisions and should honestly evaluate the information categories that would most likely be relevant in a legal proceeding. Questions such as how employees share confidential information via email in or outside of the organization and how passwords are secured within the organization must be asked. The answers will differ depending on vertical industry; retail pain points are different from say, financial services or government security issues.
In the event of an eDiscovery analysis, it’s important to note that the general discovery process starts even before initial disclosures are carried out. Under the Federal Rules of Civil Procedure, the plaintiff will initiate a conference for the two sides to meet (known as a meet and confer) and discuss the process for discovery.
As the requirements related to ESI state, a party must produce a copy, or description by category and location, of all documents, ESI and tangible evidence in its possession, custody or control that it may use to support its claims or defenses.
2. Create a Data Map
Once an assessment of threats has been explored, organizations should put in place documented procedures on how certain data types can be preserved and excluded from automatic deletion. The Federal Rules of Civil Procedure suggest a “data map” so organizations have clear knowledge of the information in their data storage centers. An updated data map should list where, how and in which format a company’s electronic data is stored. The data must also be easily and quickly accessible. It is recommended that a point person be assigned to ensure the data map is up-to-date at all times. And, make sure the point person in charge of the data map is using state-of-the-art email archiving and storage solutions.
If any Electronically Stored Information needs to be produced as evidence, this information will need to be preserved until the end of the trial, and a legal hold will be placed on the data.
3. Archive, Store and Secure your Electronic Information: No Exceptions
A lawsuit can arise at any time and an organization does not want to be caught with their pants down. Time is of the essence when it comes to eDiscovery, which is why service and solutions providers are constantly touting the speed and accuracy in which particular products can retrieve ESI and why companies are focusing on better email archiving and data storage habits to ensure information is readily accessible.
If needed, evidence is collected using digital forensic procedures and usually placed in a PDF file for court use. Failing to meet any of the eDiscovery deadlines issued by the court can result in sanctions and monetary fines levied by the judge, the result of which could cause the offending party public embarrassment, or, worse yet, cause them to lose the trial completely.
The fact is, eDiscovery does not have to be a headache if your company has the proper procedures in place for ESI. Review what policies are in place for your company and conduct a risk assessment, create a data map and use stringent email archiving and storage solutions to protect your assets.