01:15 PM
E-Discovery Compliance Growing Increasingly Difficult
Like it or not, every company will almost certainly one day face the daunting task of answering an e-discovery request. And following the revised Federal Rules of Civil Procedure (FRCP), which introduced critical new obligations for any party to a lawsuit in federal court, firms have been scrambling to come to grips with what can be an incredibly costly problem.
"In any e-discovery action, an organization needs to find information no matter where it lives," says Barry Murphy, principal analyst at Forrester Research. "At times, the discovery action will be confined to E-mail, and in such a case, e-discovery can be conducted directly within a message archive. Often, though, e-discovery must extend to other managed and unmanaged repositories, requiring organizations to invest in technologies like search, indexing, extraction and forensic desktop imaging tools."
Eyeing the opportunity, vendors have flooded the market with solutions to help firms store, manage and retrieve the necessary data. According to a Forrester report, which was written by Murphy, the solutions range from simple online applications that present legal workers with HTML views or TIFF images of information to case management applications with integrated visual analytics and advanced workflow.
Forrester estimates that technology spending on e-discovery will top $4.8 billion by 2011. "And that doesn't include all the services, such as project consulting, that will require organizations to shell out several times the cost of technology," the firm's report says.
Essentially, the new FRCP regulations have brought in precedents for e-discovery that had been set in landmark litigation in the securities industry. Cases such as Coleman v. Morgan Stanley and UBS v. Zubulake raised questions about the legal responsibility of firms to preserve and recover electronic documents relevant to litigation.
Businesses now must have clear policies on data retention so that they can easily identify which data is applicable to a discovery motion. And they are required to reveal their e-discovery policies in their first meeting with a litigation opponent after the filing of a case. This includes a plan for producing the data within a reasonable amount of time.
When a business cannot produce data subject to discovery that it should have stored, per its own policies, regulators can assess it huge fines -- as Morgan Stanley and UBS, among others, have found out. In separate lawsuits, the financial institutions lost their cases because of their failures to adequately produce E-mail evidence and the resulting assumption that evidence was willfully destroyed or withheld. Laura Zubulake, a former UBS employee, was awarded $29 million in 2005 in her sexual discrimination lawsuit. And billionaire Ronald Perelman was awarded $1.45 billion in 2005 based on his claim that Morgan Stanley defrauded him in the 1998 sale of his company, Coleman.
In more recent e-discovery trouble, Morgan Stanley garnered the wrath of industry regulator NASD, which charged the firm with falsely claiming to have lost millions of E-mail messages during the Sept. 11 attacks on the World Trade Center, where its E-mail servers were located. Morgan Stanley had reached a $15 million settlement with the SEC earlier in the year over similar but unrelated E-mail retention issues.
Given the high-profile nature of e-discovery cases, "Businesses should by now already have fairly well-defined e-discovery procedures regarding retention," says Michael Everall, a former CISO for the investment banking and markets divisions of HSBC (London) and Dresdner Bank (Frankfurt).
Growing Problem
But one of the biggest problems in the e-discovery minefield is the rate at which data is growing. The more electronic data, the more time-consuming, and therefore costly, it becomes for businesses to recover them. Further, every document that is produced in a case must be reviewed by a lawyer -- and lawyers' fees quickly spiral.
According to a recent study by The Radicati Group, in 2007 a typical corporate account will generate around 4.3 gigabytes (GB) of electronic data per user. That number is expected to grow to 6.7 GB per year by 2011.
"Companies are data omnivores -- they eat and retain every piece of information all the time," says Everall, who has worked for banks and broker-dealers both in the U.S. and internationally. "And data storage is becoming cheaper all the time. So it's easier to keep the data than apply reasonability for data classification -- in other words, deciding this is important and should be kept or this is not.'
It's also a question of indexing," Everall continues. "One day, indexing will become larger than the data itself."
"The biggest cost in e-discovery is outsourcing to specialized legal firms who help sort through and pull out responsive materials," adds Patrick Gordon, founder of Medfield, Mass.-based Compliant Systems Consulting, which specializes in electronic communications compliance. "If it's a civil procedure, just the cost of production of data is in the hundreds of thousand of dollars. The biggest problem is that IT people are producing documents and handing them over to lawyers. They are agnostic when it comes to content, and they will produce what they're asked to produce."
Gordon points out that given the importance of search accuracy, one of the trends in terms of technology will be the ability to do more federated searches: to look at content in different formats and locations in different media types. "For example, if you are searching for a particular phrase or subject in a word document, you can't automatically compare it with the identical document in a PDF file," he says.
In the meantime, as the industry grapples with the amended FRCP rules, Everall says some rules appear to contradict each other. For example, Rule 26(b)(2) addresses the discovery of data that is not "reasonably accessible" so that legal parties can discuss it up-front and determine whether it should be produced. But another rule, according to Everall, "says you have to store all computer RAM memory, which in itself is unduly burdensome and impossible."
Confusion Over Rules
Concept searchability also is a problem. Courts can ask defendants to carry out concept searches of electronic documents. "But computers themselves still can't search for concepts, only words," he asserts. "So unless you're going to create some incredibly complicated search program, lawyers are still going to have to review the material and are going to be making a fortune out of it."
Businesses also must focus on the new FRCP safe harbor rule for data destruction, according to Everall. The rule provides an exception for organizations by establishing a systematic and legally justifiable method for the destruction of electronic documents. If the company took "reasonable" steps to preserve the information, and any destruction of records was done in "good faith" by systemized practice and policy, the firm will not face penalties for failing to produce the evidence, according to Forrester.
But the key to being able to qualify for safe harbor is repeatability. If the organization has a destruction policy in place that is not met on every single record, the courts can slap fines on the company based on the fact that if one record was not subject to a company's destruction policy, many more may have been preserved and it may have deliberately failed to present them. "Ultimately, you have to have a policy and adhere to it very rigorously," according to Everall.
RELATED STORIES
Deliberating on E-discovery and the Changes to the FRCP
Changes to the Federal Rules of Civil Procedure make undiscoverable electronic documents a massive legal liability for the likes of UBS and Morgan Stanley.
Melanie Rodier has worked as a print and broadcast journalist for over 10 years, covering business and finance, general news, and film trade news. Prior to joining Wall Street & Technology in April 2007, Melanie lived in Paris, where she worked for the International Herald ... View Full Bio