January 21, 2011, 6:19 PM — If your organization is sued, many IT and data handling procedures can change, some radically, and perhaps forever. The ability to effectively manage the process of litigation or regulatory inquiry mandates bridging the communications gap normally found between IT management and staff, and the legal departments (or other legal counsel) of an organization. It's a non-trivial exercise, and can have a huge result on the desired outcome of the inquiry.
"One of the disconnects is that IT doesn't understand what their legal department needs in terms of a case, and equally important, legal departments often don't understand the issues that IT faces in complying with (discovery) needs."
The processes of litigation or regulatory investigation are similar yet have slight differences, as while litigation may eventually finish, the ongoing needs of regulators may never cease. Either legal process uses something called discovery, or ediscovery in its ‘electronic' form, which amounts to the discovery, search, containment, and contamination-prevention of pertinent information and evidence.
The actions of litigation are well-known. There's an initial complaint, which if it goes to court as litigation does, then spawns various processes. One of the initial processes is a response to the complaint, followed by a period and process called discovery. In discovery, facts are revealed. The facts consist of information that responds to the regulatory questions, or the specific nature of the litigation/suit.
IT usually has the charge of storing all but perhaps paper documents. Financial information, databases, emails, correspondence, and any/all other organizational data might be examined during the discovery phase, or regulatory examination. How IT responds to the needs of their legal departments becomes crucial to the outcome.
Legal and IT Allegiances
"One of the disconnects," says Anthony Diana, co-leader of Ediscovery and a litigation partner at the law firm Mayer Brown, "is that IT doesn't understand what their legal department needs in terms of a case, and equally important, legal departments often don't understand the issues that IT faces in complying with (discovery) needs."
Legal departments must often "freeze" evidence, such as documents and email or even txt correspondence, and often believe that the process is just the matter of "a few clicks." IT often knows the devil of the details. The preservation procedure is often needed to ensure that evidence isn't tampered, altered, appended to unnecessarily, or accidently deleted or even overly responded to. Preservation often also means preserving the state of the evidence, including the applications used to access pertinent data. As each case is different, so will be the procedures to match needs.
"As an example, certain things need to be preserved to have compliance with legal obligations when a hold is put in place, " Diana continues. "Courts don't understand the burdens placed on IT when they make preservation holds. (Like the legal department) they think it's a click for preservation, but IT clearly has to communicate the burdens. "
Are there going to be issues in terms of preserving the data, as in storage, space, and/or server costs? Limits can be put into place so as not to take costs out of control when an organization's legal department talks to the courts, opposing counsel, etc. Requests can go on for years, and the boundaries must be clearly expressed. It's got to be done proactively between IT and legal departments, and discussions need to take place to find procedures that are tenable in terms of cost and IT production/budget needs. Specifics must be defined and acknowledged in terms of constructing the IT framework needed to achieve legal goals.
Appointing interdepartmental liaisons that communicate progress and identify ongoing needs or changes in needs can be a successful strategy. Establishing clear procedures and assigning specific employee responsibilities can help these two very diverse departments to interact sanely.
Says Mayer Brown's Diana, "You'll need to monitor the preservation, knowing its lifecycle, and what the implementation does from a process standpoint" so that everyone understands where and how to access the preservation.
IT must think about what the impact is to the legal obligation, and what the absolutes are in terms of mistakes that can be avoided in an upgrade process. IT does well to consider data collection techniques - how will the collection be done? What does it look like in terms of output? What kind of burden does it impose, and on whom and what processes?
And there are still more questions that IT and legal departments/counsel must answer, according to Diana.
- How will the data collection be done?
- What kind of collection techniques will be employed?
- When does a Standard Operating Procedure/SOP go to extraordinary measures?
- Will full forensic images be needed?
- What about file formats?
- The term/time of collection?
- Should deleted documents be looked hunted?
- What devices need to be examined, and to what extent, and for what duration?