Law.com Subscribers SAVE 30%
Call 855-808-4530 or email [email protected] to receive your discount on a new subscription.
ESI Management from Server Room to Board Room
In response to increasing volumes of electronic data generated and maintained, corporations are forming response teams to develop and implement protocol designed to comply with legal requirements for the preservation and production of electronically stored information (“ESI”). In furtherance of this mission, the role of IT has gone through a radical evolution ' and IT is leading the charge in creating and implementing IT protocol designed to safeguard corporations against the future threat of litigation or investigation.
Corporate reliance upon IT has been fueled by amendments to the Federal Rules of Civil Procedure (“FRCP”) and influenced by a sharp decline in corporate wealth and the corresponding uptick in corporate civil case filings. In December 2006, the FRCP were amended to accommodate changes in the way electronic information is managed in the context of litigation. Contemporaneously, the market experienced an increase in interest rates, slowing of real estate appreciation, and an increase in civil court filings and corporate investigations. As corporate litigation increases in a downward economy, businesses have felt the pressure more than ever to take inventory of its ESI and prepare for the day its data management practices are called into question. As such, IT's technical knowledge has become integral to corporations' efforts to “get the house in order.” Concurrently, the amended rules, along with ensuing case law, have provided sorely needed instruction and guidance to corporate counsel and IT professionals regarding ESI discovery in civil lawsuits.
Recent Findings
Not surprisingly, a recent study reveals that an ever-increasing number of corporations are, in fact, creating and implementing procedures to properly manage ESI. However, many of these policies are flawed due to a lack of clear
communication between IT and legal. For example, the failure to define even the simplest of terms (such as “preservation”) may lead to failures in the overall process. In addition to clearly defining the terms, IT and legal must work together to ensure that data management protocol is repeatable and defensible.
With the advent of technology, the judiciary has become progressively sophisticated about the legal and technical issues involved in the discovery of ESI. In fact, recent case law reveals that courts are holding corporations to stricter compliance standards in the development of repeatable and defensible data management and e-discovery protocol. This has incentivized corporations to create and implement mitigation risk strategies ' as well as converge legal and IT professionals in ways no one could have envisioned even five years ago.
Recent interviews of 403 in-house counsel conducted by Minneapolis-based Kroll Ontrack, published in its 2008 ESI Trends Report, reveals that 70% of U.S. companies have document retention policies in place, up from 30% just one year prior. This finding heralds a change in how businesses assign responsibility for ESI preservation, destruction and maintenance, which evinces both an increased awareness and escalated level of preparedness in this new era of e-discovery.
This new emphasis on document retention policies does not ensure the accuracy of the policies, however. In fact, many policies remain flawed because the creators, typically legal and IT management, do not confirm or clarify what actually happens within the corporate environment. To illustrate, a CIO was recently asked what the company e-mail retention policy was, and stated “30 days.” Upon further questioning of the IT staff responsible for the MS Exchange e-mail server, it was discovered that e-mail remained in the user's Inbox for 30 days, and then was moved to the Deleted Items folder for seven days before being moved to the server's Dumpster area for another seven days. Since the e-mail may be recovered from the Dumpster by an administrator, the effective retention period was actually 44 days, not the 30 days originally identified by the CIO.
Current Cases
Case law from the past two years demonstrates the judiciary's decreasing tolerance for corporations and corporate counsel who assert ignorance as a defense to instances of ESI mismanagement. A 2006 decision from the Southern District of New York, Phoenix Four, Inc. v. Strategic Res. Corp., imposed substantial sanctions against a corporate defendant and its counsel for spoliation and late production of data. To prevent this type of sanction, legal must work with IT to understand where the data is, when the last point of possible collection is, and to develop the procedures to collect and preserve the data. IT also must understand the scope of the request from legal, and the timeframe in which the data must be collected so that legal may have adequate time to review the data.
In another groundbreaking case from the past year, Qualcomm v. Broadcomm, the court cited the “impressive education and extensive experience” of Qualcomm's attorneys to justify significant sanctions for their failure to produce relevant e-mails. Most recently, in August 2008, the Northern District of California held, in Keithley v. Home Store.com, Inc., that Home Store's failure to issue a written document retention policy well after its duty to preserve arose was among the “most egregious” discovery misconduct the court had ever seen. The Keithley court criticized the defendant for not involving IT in the preservation of electronic evidence that was crucial to the underlying suit. The court recognized that proper preservation of ESI is best achieved through a joint effort of IT and legal disciplines. These cases further emphasize the need for clear communication from legal to custodians, and just as importantly, clear direction to IT concerning the data sources that must be preserved, how they should be preserved, and for what duration. Once again, legal cannot provide this information without assistance from IT.
Interestingly, the 2008 ESI Trends Report reveals that an increasing number of organizations are, in fact, entrusting IT professionals ' who have no legal training ' with increased responsibility for developing and enforcing ESI strategies and policies. IT departments, not legal departments, are now taking primary responsibility for ESI policy creation in 35% of companies (up from 18% in 2007). This finding is not surprising when considering that IT's technical expertise is integral to the shift from hard-copy documentation to ESI.
The recognition of IT's importance marks a shift toward what must become a more collaborative and team-oriented approach to e-discovery. Corporate counsel is recognizing the need to partner with IT and draw from each other's expertise. Few in-house attorneys understand the technical intricacies of IT, and few IT professionals understand the complexity of procedural and discovery rules in the context of litigation. In addition, IT and legal often approach data retention and e-discovery from different perspectives. For example IT is focused on “data” as a whole; concerned with managing its growth, backing it up, and restoring it quickly in case of an emergency. Legal, however, is focused on the “content” of the data and often does not understand how IT could not know where certain types of documents are kept. Further, the risk of litigation and the corresponding cost of electronic discovery do not diminish in a downward economy; rather, the opposite is true. In hard economic times, litigation increases as businesses and government agencies restructure and realign.
Case law also illustrates it is far more expensive in the long run to fail to take action than to be proactive. As the imposition of costly sanctions in Keithley demonstrates, ignorance is not a legitimate excuse for data mismanagement or e-discovery transgressions. Cooperation and communication are essential elements of the relationship, which must exist between IT and legal in order for a corporate ESI policy to be a success.
Bridging the IT/Legal Gap
This raises the question: What is the first step in encouraging the cross-share of knowledge between IT and legal? How should a corporation encourage synergy between these two seemingly disparate disciplines? The answer begins with open, clear communication between IT and legal, where expectations are communicated surrounding what will be preserved and how it will be handled. With litigation and the corresponding amount of electronic discovery on the rise (85% of civil cases now involve the exchange of electronic data) in a time of increasing budgetary pressure, in-house counsel must drive the legal aspects of litigation preparedness, work with IT to avail themselves of the necessary technical knowledge, and marshal internal and external assistance (if needed) to prepare for the day litigation strikes or an investigation ensues.
The sooner corporate IT and legal teams begin communicating, the better. As stated in the 2008 ESI Trends Report, corporations cite lack of time and resources as the primary barrier to the execution of effective ESI policies. This finding is a cause for concern when coupled with the revelation that the biggest challenge for corporations over the next five years is predicted to be unmanageable volumes of ESI. In fact, IT and legal professionals agree that managing increasing volumes of data will be a major challenge in the next five years. Finding ways to manage the “data” while retaining the location and description of the actual content will require new processes, up-to-date application inventories, clear descriptions of the types of content created by each user group, and possibly some advanced content management and search capabilities. As the world becomes increasingly mobile, relevant and potentially discoverable data is collected from text messages, voicemail, blogs, instant messages, GPS and other emerging tracking devices. If today's corporations lack resources, how will they manage the increase in ESI volume in the upcoming years?
Cases such as Phoenix Four, Qualcomm and Home Store.com stress the importance of enlisting the technical knowledge of IT professionals when drafting and implementing policies around ESI. These policies must be reviewed by legal and IT management, but should also be reviewed by the technical staff that actually manages the systems involved. Only these individuals can accurately describe how data is created, stored and ultimately disposed of. These cases also serve to remind corporations that improper handling of ESI can lead to serious consequences. It is next to impossible to predict the market climate in upcoming months and years. However, corporations must diligently strive to take proactive measures to guard against loss stemming from the mismanagement of ESI.
Drafting, promoting and enforcing a litigation readiness policy, in addition to getting one's arms around the location of a company's electronic documents and the law that pertains to the discoverability of these documents, is an increasingly important element of corporate risk management. The policy must address the full range of activities, from matter initiation, including identifying custodians and potentially relevant data, to the specific hold notices that are sent to the custodians and clear directions to the IT staff, data preservation, collection, review, production and ultimately the final disposition of data. Corporations must rely on the technical knowledge of its IT professionals to ensure proper litigation preparedness measures are in place ' before the process server steps off of the elevator.
To see the complete findings of Kroll Ontrack's 2008 ESI Trends Report, visit: www.krollontrack.com/library/esitrends_krollontrack2008.pdf.
Regina A. Jytyla is a Managing Staff Attorney at Kroll Ontrack. She tracks and reports on the evolving law and technology in the areas of litigation readiness and management of ESI, electronic discovery, and computer forensics. David E. Canfield is a Managing Consultant in Kroll Ontrack's ESI Consulting group.
In response to increasing volumes of electronic data generated and maintained, corporations are forming response teams to develop and implement protocol designed to comply with legal requirements for the preservation and production of electronically stored information (“ESI”). In furtherance of this mission, the role of IT has gone through a radical evolution ' and IT is leading the charge in creating and implementing IT protocol designed to safeguard corporations against the future threat of litigation or investigation.
Corporate reliance upon IT has been fueled by amendments to the Federal Rules of Civil Procedure (“FRCP”) and influenced by a sharp decline in corporate wealth and the corresponding uptick in corporate civil case filings. In December 2006, the FRCP were amended to accommodate changes in the way electronic information is managed in the context of litigation. Contemporaneously, the market experienced an increase in interest rates, slowing of real estate appreciation, and an increase in civil court filings and corporate investigations. As corporate litigation increases in a downward economy, businesses have felt the pressure more than ever to take inventory of its ESI and prepare for the day its data management practices are called into question. As such, IT's technical knowledge has become integral to corporations' efforts to “get the house in order.” Concurrently, the amended rules, along with ensuing case law, have provided sorely needed instruction and guidance to corporate counsel and IT professionals regarding ESI discovery in civil lawsuits.
Recent Findings
Not surprisingly, a recent study reveals that an ever-increasing number of corporations are, in fact, creating and implementing procedures to properly manage ESI. However, many of these policies are flawed due to a lack of clear
communication between IT and legal. For example, the failure to define even the simplest of terms (such as “preservation”) may lead to failures in the overall process. In addition to clearly defining the terms, IT and legal must work together to ensure that data management protocol is repeatable and defensible.
With the advent of technology, the judiciary has become progressively sophisticated about the legal and technical issues involved in the discovery of ESI. In fact, recent case law reveals that courts are holding corporations to stricter compliance standards in the development of repeatable and defensible data management and e-discovery protocol. This has incentivized corporations to create and implement mitigation risk strategies ' as well as converge legal and IT professionals in ways no one could have envisioned even five years ago.
Recent interviews of 403 in-house counsel conducted by Minneapolis-based Kroll Ontrack, published in its 2008 ESI Trends Report, reveals that 70% of U.S. companies have document retention policies in place, up from 30% just one year prior. This finding heralds a change in how businesses assign responsibility for ESI preservation, destruction and maintenance, which evinces both an increased awareness and escalated level of preparedness in this new era of e-discovery.
This new emphasis on document retention policies does not ensure the accuracy of the policies, however. In fact, many policies remain flawed because the creators, typically legal and IT management, do not confirm or clarify what actually happens within the corporate environment. To illustrate, a CIO was recently asked what the company e-mail retention policy was, and stated “30 days.” Upon further questioning of the IT staff responsible for the MS Exchange e-mail server, it was discovered that e-mail remained in the user's Inbox for 30 days, and then was moved to the Deleted Items folder for seven days before being moved to the server's Dumpster area for another seven days. Since the e-mail may be recovered from the Dumpster by an administrator, the effective retention period was actually 44 days, not the 30 days originally identified by the CIO.
Current Cases
Case law from the past two years demonstrates the judiciary's decreasing tolerance for corporations and corporate counsel who assert ignorance as a defense to instances of ESI mismanagement. A 2006 decision from the Southern District of
In another groundbreaking case from the past year, Qualcomm v. Broadcomm, the court cited the “impressive education and extensive experience” of Qualcomm's attorneys to justify significant sanctions for their failure to produce relevant e-mails. Most recently, in August 2008, the Northern District of California held, in Keithley v. Home Store.com, Inc., that Home Store's failure to issue a written document retention policy well after its duty to preserve arose was among the “most egregious” discovery misconduct the court had ever seen. The Keithley court criticized the defendant for not involving IT in the preservation of electronic evidence that was crucial to the underlying suit. The court recognized that proper preservation of ESI is best achieved through a joint effort of IT and legal disciplines. These cases further emphasize the need for clear communication from legal to custodians, and just as importantly, clear direction to IT concerning the data sources that must be preserved, how they should be preserved, and for what duration. Once again, legal cannot provide this information without assistance from IT.
Interestingly, the 2008 ESI Trends Report reveals that an increasing number of organizations are, in fact, entrusting IT professionals ' who have no legal training ' with increased responsibility for developing and enforcing ESI strategies and policies. IT departments, not legal departments, are now taking primary responsibility for ESI policy creation in 35% of companies (up from 18% in 2007). This finding is not surprising when considering that IT's technical expertise is integral to the shift from hard-copy documentation to ESI.
The recognition of IT's importance marks a shift toward what must become a more collaborative and team-oriented approach to e-discovery. Corporate counsel is recognizing the need to partner with IT and draw from each other's expertise. Few in-house attorneys understand the technical intricacies of IT, and few IT professionals understand the complexity of procedural and discovery rules in the context of litigation. In addition, IT and legal often approach data retention and e-discovery from different perspectives. For example IT is focused on “data” as a whole; concerned with managing its growth, backing it up, and restoring it quickly in case of an emergency. Legal, however, is focused on the “content” of the data and often does not understand how IT could not know where certain types of documents are kept. Further, the risk of litigation and the corresponding cost of electronic discovery do not diminish in a downward economy; rather, the opposite is true. In hard economic times, litigation increases as businesses and government agencies restructure and realign.
Case law also illustrates it is far more expensive in the long run to fail to take action than to be proactive. As the imposition of costly sanctions in Keithley demonstrates, ignorance is not a legitimate excuse for data mismanagement or e-discovery transgressions. Cooperation and communication are essential elements of the relationship, which must exist between IT and legal in order for a corporate ESI policy to be a success.
Bridging the IT/Legal Gap
This raises the question: What is the first step in encouraging the cross-share of knowledge between IT and legal? How should a corporation encourage synergy between these two seemingly disparate disciplines? The answer begins with open, clear communication between IT and legal, where expectations are communicated surrounding what will be preserved and how it will be handled. With litigation and the corresponding amount of electronic discovery on the rise (85% of civil cases now involve the exchange of electronic data) in a time of increasing budgetary pressure, in-house counsel must drive the legal aspects of litigation preparedness, work with IT to avail themselves of the necessary technical knowledge, and marshal internal and external assistance (if needed) to prepare for the day litigation strikes or an investigation ensues.
The sooner corporate IT and legal teams begin communicating, the better. As stated in the 2008 ESI Trends Report, corporations cite lack of time and resources as the primary barrier to the execution of effective ESI policies. This finding is a cause for concern when coupled with the revelation that the biggest challenge for corporations over the next five years is predicted to be unmanageable volumes of ESI. In fact, IT and legal professionals agree that managing increasing volumes of data will be a major challenge in the next five years. Finding ways to manage the “data” while retaining the location and description of the actual content will require new processes, up-to-date application inventories, clear descriptions of the types of content created by each user group, and possibly some advanced content management and search capabilities. As the world becomes increasingly mobile, relevant and potentially discoverable data is collected from text messages, voicemail, blogs, instant messages, GPS and other emerging tracking devices. If today's corporations lack resources, how will they manage the increase in ESI volume in the upcoming years?
Cases such as Phoenix Four, Qualcomm and Home Store.com stress the importance of enlisting the technical knowledge of IT professionals when drafting and implementing policies around ESI. These policies must be reviewed by legal and IT management, but should also be reviewed by the technical staff that actually manages the systems involved. Only these individuals can accurately describe how data is created, stored and ultimately disposed of. These cases also serve to remind corporations that improper handling of ESI can lead to serious consequences. It is next to impossible to predict the market climate in upcoming months and years. However, corporations must diligently strive to take proactive measures to guard against loss stemming from the mismanagement of ESI.
Drafting, promoting and enforcing a litigation readiness policy, in addition to getting one's arms around the location of a company's electronic documents and the law that pertains to the discoverability of these documents, is an increasingly important element of corporate risk management. The policy must address the full range of activities, from matter initiation, including identifying custodians and potentially relevant data, to the specific hold notices that are sent to the custodians and clear directions to the IT staff, data preservation, collection, review, production and ultimately the final disposition of data. Corporations must rely on the technical knowledge of its IT professionals to ensure proper litigation preparedness measures are in place ' before the process server steps off of the elevator.
To see the complete findings of Kroll Ontrack's 2008 ESI Trends Report, visit: www.krollontrack.com/library/esitrends_krollontrack2008.pdf.
Regina A. Jytyla is a Managing Staff Attorney at Kroll Ontrack. She tracks and reports on the evolving law and technology in the areas of litigation readiness and management of ESI, electronic discovery, and computer forensics. David E. Canfield is a Managing Consultant in Kroll Ontrack's ESI Consulting group.
Major Differences In UK, U.S. Copyright Laws
This article highlights how copyright law in the United Kingdom differs from U.S. copyright law, and points out differences that may be crucial to entertainment and media businesses familiar with U.S law that are interested in operating in the United Kingdom or under UK law. The article also briefly addresses contrasts in UK and U.S. trademark law.
The Article 8 Opt In
The Article 8 opt-in election adds an additional layer of complexity to the already labyrinthine rules governing perfection of security interests under the UCC. A lender that is unaware of the nuances created by the opt in (may find its security interest vulnerable to being primed by another party that has taken steps to perfect in a superior manner under the circumstances.
Strategy vs. Tactics: Two Sides of a Difficult Coin
With each successive large-scale cyber attack, it is slowly becoming clear that ransomware attacks are targeting the critical infrastructure of the most powerful country on the planet. Understanding the strategy, and tactics of our opponents, as well as the strategy and the tactics we implement as a response are vital to victory.
Legal Possession: What Does It Mean?
Possession of real property is a matter of physical fact. Having the right or legal entitlement to possession is not "possession," possession is "the fact of having or holding property in one's power." That power means having physical dominion and control over the property.
Removing Restrictive Covenants In New York
In Rockwell v. Despart, the New York Supreme Court, Third Department, recently revisited a recurring question: When may a landowner seek judicial removal of a covenant restricting use of her land?