The emergence of electronic discovery (eDiscovery) has complicated the legal discovery process, forcing lawmakers to make decisions on matters that never existed before the Internet. What is and what isn’t discoverable seems to be at the heart of the debate, with consumer privacy concerns falling in there, as well.
Laws regarding eDiscovery fall under a document called the Federal Rules of Civil Procedure (FRCP), which was amended in December 2006 to address eDiscovery. The changes impact everyone doing business in this country today, with the threat of hefty fines for non-compliance forcing many companies to pay attention. The law when it comes to eDiscovery outlines a business’s responsibility to protect itself in case legal issues arise.
Under FRCP, businesses are expected to be prepared for litigation at all times. This includes having a thorough understanding of their own business’s network architecture and taking responsibility for the daily operations of its I.T. department. With many businesses turning operations over to Cloud service providers, this has become more challenging. It’s more important than ever that businesses remain fully aware of how long information is kept and be able to find that information quickly if necessary.
There are several timelines detailed in FRCP:
- Within 99 days of a lawsuit being filed, parties must meet and confer. This meet and confer must take place no less than 21 days prior to a scheduled conference.
- A business is required to respond within 30 days of the request unless other arrangements are made. This response may accept or refuse the request, but a refusal requires a detailed explanation.
- Within 14 days of the meet and confer, parties must produce the initial disclosures
FRCP 34 defines which items are subject to discovery as any electronically stored information that can be extracted and provided in a reasonably usable form. It also stipulates that the eDiscovery request must include a description of the item to be provided and the format in which that item should be provided.
Whether legal action is pending or not, each company should have an e-mail retention policy that they can present in court. Whether e-mails are retained for six months or two years, the company should be able to provide a copy of that policy in a court of law.
In the case of a litigation hold, businesses are required to follow FRCP, as well as the specifics put in place by counsel. In many cases, pertinent e-mail must be kept for two years or longer, including all attached metadata. This metadata often contains dates and times that could factor heavily in a case.
When an eDiscovery request comes through, businesses are required to respond promptly or face fines. For this reason, companies should ensure their archives and backups are easily searched in order to prevent delays.
Most importantly, a company’s retention policy should address how eDiscovery requests and litigation holds are processed. This protects the company in the event an employee doesn’t respond to a request in a timely manner or puts the business at risk of non-compliance in other ways. While the business will likely be ultimately responsible, having employees sign off on a policy could help them see the seriousness of eDiscovery.
In the course of eDiscovery, occasionally data may be accidentally revealed. The FRCP provides protection in those cases, as long as the party who committed the accidental disclosure can be shown to have taken measures to prevent that disclosure from happening. It is also important that the person who made the accidental disclosure call attention to the mistake as quickly as possible.
In order to fall under the protection for this stipulation, the material must be either attorney-client-privileged or work product-protected information. With attorney-client privileged information, the data falls under the current laws regarding attorney-client confidentiality in communications. Work product information must relate to current laws overseeing tangible information being prepared for trial.
Even when a company takes every measure to save data, there are instances where data that has litigation potential is lost. When this happens, those businesses could face stiff financial penalties, especially if this data loss was due to negligence.
However, a provision to FRCP provides some leeway for judges in some cases. If a company’s inability to provide data is found to be in spite of a company’s “good faith operation of an electronic information system,” sanctions may be waived.
A business is obligated to begin preserving data at the very moment litigation becomes “foreseeable.” To err on the side of caution, many businesses will begin preserving and collecting data when legal action is threatened or when a particular event makes litigation seem a possibility.
At the very least, once a demand letter has been received, a business should begin taking precautions. All content relevant to the matter must be preserved, even if that content is detrimental to the business’s case. In deciding what to preserve and what to discard, parties are asked to save anything an individual knows, or reasonably should know, is pertinent to either party’s case. This includes data that has already been requested or is likely to be requested.
EDiscovery does not pertain solely to past material. In fact, a business should retain ongoing data, as well, archiving e-mails and setting aside documentation that might be used in a case in the future.
EDiscovery can be expensive and time-consuming, especially if businesses have not properly prepared. If a business does not have processes in place to easily search archives and extract data in a manageable format, that business will likely see costs skyrocket in the days following an eDiscovery request. To prevent dedicating an employee to weeks of sorting through files and documents, businesses should put in place an easily searchable data backup system and have policies in place to archive e-mails so they are readily available should a legal situation arise.
As eDiscovery continues to evolve, courts will likely expect more businesses to already have procedures in place to protect against data loss. This will lead to a lower tolerance for instances where data cannot be provided quickly in the requested format, costing even well-meaning businesses large sums of money that could potentially put them out of business.
Managing the explosive data growth problem in the enterprise is tough. You need to keep your environment and applications performing optimally in the face of this growth, keep data accessible to meet compliance and eDiscovery requirements, account for emerging data types and do it all with fewer resources and budget spend. This webinar discusses how to implement a smarter archive strategy and how Simpana software’s singular platform can help you achieve these goals.
Learn more about CommVault’s Simpana software: http://www.commvault.com/simpana-software