Print this article | Return to Article | Return to CFO.com
New federal rules governing electronic-document storage may catch some businesses unaware.
John Edwards, CFO Magazine
January 10, 2007
Ask Jeffrey J. Greenbaum, a litigation partner at Sills Cummis Epstein & Gross PC, to describe the new electronic-discovery statutes recently added to the Federal Rules of Civil Procedure, and he doesn't hesitate. "It's a wake-up call for corporations," he says, "particularly those that have yet to grasp their obligations to produce electronic documents."
The rules, which took effect on December 1, make electronic discovery a standard part of federal legal proceedings. That means a company must recognize, declare, and produce E-documents whenever it is involved in civil litigation.
In the past, courts were likely to accept incompetence or computer problems as an excuse for failing to meet E-discovery requests. Not anymore. Indeed, attorneys say judges are increasingly likely to view noncompliance as a sign that a company has something to hide.
Greenbaum says the rules cover just about anything that can be construed as electronic communication. "[The statutes] include more than just E-mail; they address anything that can be stored in any type of electronic manner," he says.
The sweeping changes have created a big compliance headache for all but the most forward-thinking managers. The rules hit hardest at companies with haphazard document-storage and -tracking practices — which is to say most companies. Those outfits will have to begin building a compliance framework from square one. "If nothing else, this is a real eye-opener," says Julie Gable, president of Gable Consulting, a company that specializes in document-management services. "The mandates are certainly much broader than what's required under Sarbanes-Oxley."
Space Shuttle, Discovery
The penalties will likely be stiffer, too. In a preview of what awaits archiving laggards, a judge in 2005 hit financial giant Morgan Stanley with a $1.45 billion judgment in a suit brought by financier Ronald Perelman. The award was due in part to the firm's failure to retain and deliver specific E-mails. "That verdict was broken down into $604 million in compensatory damages and $850 million in punitive damages," says Greenbaum. "Those are numbers that should get people's attention."
The new E-discovery rules mandate a range of policies and procedures. The statutes, which do not apply to criminal cases, require a conference between parties to discuss the handling of archived data. After attorneys seeking information present their needs, a business is expected to disclose what information is available and where it is stored, how the files can be accessed, and why any relevant data may be missing. All sides are also expected to reach a consensus on information that is not reasonably accessible.
To meet the new requirements, businesses must offer up a detailed inventory of their data assets, systems, retention policies, and backup strategies (for example, storing via third parties, on optical drives, on data cubes, and the like). "The basic idea is to simply understand your own information system and to be aware of who knows what is inside those information stores," says Gable.
But not everything is simple: the new guidelines don't address the basic question of which electronic documents must be kept and for how long, an issue that has long bedeviled corporate executives. Some managers, concerned about landing on the wrong side of the new rules, may try to take advantage of increasingly cheap storage costs and save everything forever. Cautions Gable: "That's foolish and will cost a fortune over time."
Why? Because before shuttling documents over to opposing attorneys, each item must be carefully examined for relevance and admissibility. Saving every E-mail and file ever generated within a company would require spending a whole lot of money on attorneys and researchers to pore over that vast store of information. These data retrievers, who tend to bill by the hour, generally move with all the speed of a sloth on Robitussin.
Given that prospect, it's hardly surprising that a growing number of companies are seeking outside help to establish E-discovery best practices. Mostly, these businesses are turning to law firms and content managers that have a specialty practice in E-compliance, which is also a thriving industry. Technology consultancy Gartner believes sales of E-discovery software and advisory services will grow at a 30 percent annual clip through 2010. One survey estimates revenues for the industry will top $2.7 billion this year alone.
Typically, E-discovery advisers help a business set up an electronic-discovery policy: that is, what gets saved, when, and for how long. Once the policy has been created, a specialized technology (known as enterprise content management, or ECM) does the work of storing and tracking corporate documents. "When someone puts something into a content management system," explains one consultant, "a rule is automatically associated with it for its retention."
Chuck Piotrowski, records manager at Central Vermont Public Service, an energy utility located in Rutland, says ECM software has made it much easier for him to meet E-discovery requests. "It's a supermarket of corporate information that I can walk into," he says. "I know that I can go down an aisle and find the information I need on a specific shelf."
The systems are not foolproof, but then again, they may not have to be. "There's nothing in these rules that says things have to be perfect," notes Bill Forquer, executive vice president of compliance solutions business at document-management specialist Open Text. "What it does say is that you've got to have a process in place, you've got to be following it, and you've got to show evidence that you're following it."
Moreover, the new rules provide a universally recognized E-discovery framework, meaning companies no longer have to guess at the appropriate way of responding to E-discovery requests. "Rules were being developed on a haphazard basis around the country by individual judges," says Greenbaum. "There was really no consistency."
Consultants also point out that the law offers a new safe-harbor provision — Rule 37(f) — that acknowledges that data can be inadvertently altered or lost during routine IT operations. Admittedly, a company failing to cough up requested data must provide documented proof of good-faith attempts to preserve the information. That effort alone could prove to be an expensive, uphill slog.
Still, 37(f) does make it more difficult for judges to penalize firms for failing to provide data that was genuinely lost. Greenbaum views the rule as a safety valve. "It makes sense," he says. "Nobody is going to be sanctioned for acting in good faith."
John Edwards, a frequent contributor to CFO, is the author of The Geeks of War.
For companies that still back up data on tape cartridges, Rule 26(B)(2) may present a possible financial lifeline. It allows a business to declare such offline information inaccessible, due to the difficulty and cost of retrieving tape-stored data. But managers intrigued by this apparent loophole may want to think twice. In these cases, the burden of proof rests on the company making the it's-on-tape-so-we-can't-get-it-(no, really) defense. The rule also allows a data seeker to demand sampling to verify the data's relevance. If that happens, a corporate defendant may have to pay for expensive data restorations by outside vendors — the exact thing the defendant was trying to avoid in the first place. For information stored on now-obsolete formats, the cost could be very high. — J.E.