E-discovery rules double-edged sword for CIOs

By Linda Tucci, Senior News Writer 19 Oct 2006 | SearchCIO.com

Digg This!     StumbleUpon     Del.icio.us

CIOs, however, might want to hold off on the celebrations.

"We have definitions. We have terms, but no court has interpreted those definitions. Until the case law defines these terms in a meaningful way that can have broad application, a CIO's job is potentially more difficult," said John C. Thomure Jr., an attorney at Michael Best & Friedrich LLP in Milwaukee.

Barry Murphy, senior analyst at Cambridge, Mass.-based Forrester Research Inc., said these new rules will require CIOs to prove that their companies' policies and procedures regarding electronic information are consistently enforced and auditable.

"The hard part about this is that often the policies and procedures may not be set well, so IT will be reacting to requests."

On the plus side, the new rules acknowledge that electronically stored information (ESI) is a fact of doing business and a trove of potentially useful data in a lawsuit. They also acknowledge that in a digital age where vast amounts of information are stored, litigants cannot be expected to produce anything anybody asks for. But because the new rules also leave open to debate what exactly constitutes reasonably and unreasonably accessible data, a company's electronic information system policies will be subject to legal scrutiny as never before.

"That puts the CIO right in the witness chair," Thomure said. "They are going to be in an uncomfortable position, because they are the gatekeeper for information."

Brian Babineau, an analyst at Milford, Mass.-based Enterprise Strategy Group, recently surveyed 500 IT professionals across industries. During the past 12 months, 50% of them had been affected by a case that required electronic discovery. Babineau said 70% of those professionals had to retrieve an email as part of that electronic discovery.

Good enough?

Under the new rules and amendments, parties in a lawsuit are now required to address the issue of electronically stored data very early in the proceedings, in mandatory "meet-and-confer" sessions. The preservation of electronically stored data and its disclosure, as well as any claims of privileged information, for example, are now on the table in these early meetings, per amendments to Rule 26(f).

"It is not a given that the CIOs should be in those meetings, but they should be," Thomure said. "Having a CIO involved in the early discovery meetings to advise on how to best handle and manage e-discovery issues will help lawyers create a plan that can be implemented. It's like anything else: If you have a good plan, the plan will probably work well."

Some IT executives say having a well-laid plan is their best hope. The rule's vagueness makes it nearly impossible to be assured that firms are doing all they need to do. "It would be nice to know that where I'm going is where I need to be going as we want to make sure we are doing the right thing," said Robert Pappagianopoulos, chief security officer at Partners HealthCare System Inc. in Boston. "But at the end of the day, you just have to know that you've done everything you could."

The government's attempt to sort out what is fair game for discovery of electronically stored information is more problematic, in Thomure's view. The new rules state that a responding party is not required to produce electronic data it identifies as "reasonably inaccessible because of undue burden or cost." What is reasonably or unreasonably accessible information, however, is not spelled out and almost surely up for extensive and expensive legal debate.

"Parties will do their best to sort that out, and a party that is not satisfied with a response of a litigant in not providing access to certain e-discovery requests will go to court. The litigation and case law will have to give meaning to what is reasonably accessible and what is not reasonably accessible," Thomure said.

More is better

In the absence of clarity, companies and their CIOs would be wise to "overpreserve the rule," Thomure advises, which means CIOs should factor in litigation "holds" when planning for data storage.

The new rules do provide a "claw-back" provision, or the right to essentially get back or protect privileged material that was inadvertently produced during discovery. The rule recognizes that e-discovery can move fast and move vast amounts of information that is hard to screen, Thomure said. It should ease CIO anxiety about giving up sensitive company information.

Perhaps the most controversial of the changes taking effect Dec. 1 is the safe harbor rule, 37 (f). This section recognizes that data is modified and deleted during the normal course of business. Companies that destroy information in a "routine, good faith operation of an electronic information system" cannot be sanctioned by the court. But what constitutes routine, good faith operation? Critics of the rule are worried that companies will delete relevant data under the guise of business-as-usual. But Thomure said an examination of the notes accompanying the rule suggest a narrow safe harbor.

Companies excused under the safe harbor rule could still find themselves in the hot seat about preserving data because of a provision stating that litigation "holds" attach not only at the time litigation begins, but also when the company could have reasonably anticipated litigation.

"This puts the onus on counsel to advise the company correctly, but it also puts the CIO in that witness chair," Thomure said.

Let us know what you think about the story; email: Linda Tucci, Senior News Writer. Shamus McGillicuddy, news writer, and Kate Evans-Correia, senior news director, contributed to this story.

This article originally appeared on SearchCIO.com.

Tags: Lotus Notes Domino Email Compliance,  Lotus Notes Domino Archiving,  Industry,  VIEW ALL TAGS

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Lotus Notes Domino Email Compliance IT governance in an IBM Lotus software environment IM, blogs next target for litigation Symantec peddles enterprise vault tool Compliance software essentials: Build a technology toolbox School district hooks up affordable compliance archive Top 10 best practices for e-mail archiving Email archiving and compliance considerations Study: SOX-compliant firms see drop in costs in year 2 Top 10 best practices for e-mail archiving Credit union takes top-down approach to compliance Lotus Notes Domino Archiving Avoid Lotus Notes Domino email archiving ACL issues with AdminP Archiving Lotus Notes documents to a specified folder IM, blogs next target for litigation Symantec peddles enterprise vault tool Changing a Lotus Notes database mail file from 'archive' to 'mail' Email archiving for SMBs: No experience required School district hooks up affordable compliance archive Exporting email from Lotus Notes to .EML messages Email archiving: What's right for your enterprise? Email archiving: Should storage pros keep everything? Industry Lotus makes mobile partnerships and Notes Traveler top priorities IBM Lotus to end Notes/Domino 7.x support Are you ready for LotusLive hosted email services? Getting ready for Lotusphere 2009 Managing and maintaining mobile devices on Lotus Notes Domino Considerations for deploying mobile devices on Lotus Notes Domino Admin2008: administrators and developers speak up Developers mixed on direction of IBM Lotus R&D IBM showcases Notes/Domino 8.5; new products at Lotusphere Looking forward, IBM Lotus needs back-end improvements

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary