Symantec hosted a virtual round table last Friday that touched on some of the e-discovery issues troubling IT managers today, including the challenge of knowing what to chuck and what to keep.
Gregg Davis, CIO and senior vice-president of the US-based construction company Webcor Builders said, "There are some challenges around information management--you can really upset the records management people. A lot of people don't bother to classify information. But IT has to stipulate that if it exists, it exists."
He said that writing overly specific rules on what types of e-records should be kept can actually cause trouble down the line. "If someone has something somewhere that can be detrimental to the case, you can have lots of penalties, or they could think you're hiding something--even a lunch order can mean something. We save everything," said Davis. "Recognizing whether or not you classify something as a record doesn't matter in litigation."
One thing that is very important, said Redgrave Daley Ragan & Wagner's Jim Daley, is to get everyone on the same page. "There are distinctions between the IT and legal community in terms of information management lifecyles. But the bottom line is that relevant information is about the content, not the container. You can easily see that you might have general rules (around information retention) for business reasons, but with legal hold notices, the exceptions quite quickly swallow the general rule."
The IT department can meet the legal department half-way by scheduling regular meetings to discuss retention strategies. Davis said that he has joint meetings with his company's legal team on a quarterly basis to ensure that everyone knows what's going on. "It's a moving target," said Davis. "With legal and IT, when they talk to each other, they think they're talking about the same thing, but there are often major miscommunications," said George Socha of the Electronic Discovery Reference Model Project.
One thing to consider, said Daley, are the privacy issues surrounding e-discovery. He said, "If a company has a large amount of consumer contact that involves personal information being captured, the case needs to be taken even more seriously."
Another issue is that of remote workers, according to Davis, who said that IT teams need to be wary of the data collection laws in the areas where their workers are stationed to avoid any compliance or discovery no-no's. This could also be a growth market for an IT staffer looking for an in-demand niche. According to Socha, many large corporations who often deal with high-risk, high-stakes lawsuits often have sizeable, in-house, combination IT/legal teams that deal with these issues on a full-time basis.
Another thing that the eagle-eyed IT manager should look out for, however, is the traps that small and medium-sized businesses can fall into with e-discovery. These small and medium-sized businesses often do not have an in-house IT team, let alone an in-house legal team, so the seemingly tiny cases can actually bankrupt a small business, said Socha. "These mum-and-pop businesses have to worry about things like simple overtime cases, as risk is high when electronic e-discovery tools come into it," he said.
And, if worse comes to worst, it's always good to be prepared, hardware-wise, said Davis. "I always keep a spare hard drive around, (so if something happens), you can just replace their hard drive with an imaged one and send the other hard drive to the lab," he said.