Electronic Discovery: Being Prepared For Litigation

1. Introduction

   As the amount of electronically stored information (ESI) being created and received by corporations continues to grow, corporate legal departments are being challenged to address e-discovery obligations in cost-effective and efficient ways. Corporations are developing more and more systems and programs to run their operations. Additionally, corporate use of social media has added another complicating wrinkle to managing a legal department's e-discovery obligations.

   There was a time when corporate attorneys might have relied on information technology (IT) staff to manage their e-discovery obligations. That is not so today. Attorneys are expected and obligated to understand the technology that affects their practice. The Sedona Conference, an organization that has provided guidance on e-discovery issues to attorneys and the judiciary, has issued a set of guidelines noting that the "ultimate responsibility for ensuring the preservation, collection, processing and production of electronically stored information rests with the party and its counsel."1 Just last year, the ABA revised its Model Rules of Professional Conduct to state that "[t]o maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology."2

   Counsel need to understand their company's document management situation and they need to be prepared to preserve documents when there is a reasonable expectation that litigation or a regulatory investigation will be commenced. In-house counsel who educate themselves and become knowledgeable about their company's technology infrastructure can be an asset to an organization and work with their teams to streamline the collection and review process and implement e-discovery in an efficient manner.

2. Document Management

   In order to be prepared for a possible litigation, it is crucial for a company to have in place sound document management practices. This ensures that when litigation or the threat of litigation arises, the company will know where to find relevant documents and may be better equipped to manage the cost of identifying and collecting such data. It is estimated that the amount of ESI will be forty-four times larger in 2020 than it was in 2009 (35 zettabytes compared to 800,000 petabytes).3 It is essential for counsel to know where and how information is stored and for a company to have comprehensive document retention policies. Counsel must also be able to identify and understand data from their corporate proprietary systems and be able to identify live and archived data sources. In a document management plan, it is also crucial to understand that policy for data sources of former employees.

   One of the best ways to manage a company's documents is to create a data map of all ESI that is being maintained at a company. Especially in light of the increased obligations of counsel to be abreast of the latest technology affecting their practice, in-house counsel responsible for document management should know where and how their company's ESI is stored and should have detailed summaries of all of the networks, systems, programs, and databases. There should be an understanding of the types of ESI that exist (emails, Word documents, Excel spreadsheets, PDFs, etc.), where such data is located (laptops, desktops, servers, backup tapes, iPads, smartphones, etc.), and how and where it is backed up.

   If federal litigation is commenced, companies may, within weeks, find themselves in the midst of a meet-and-confer conference under Rule 26(f) of the Federal Rules of Civil Procedure. In the comments to Rule 26(f), the committee notes that "[i]t may be important for the parties to discuss [the clients' information] systems and accordingly important for counsel to become familiar with those systems before the conference."4 It is therefore critical that in-house counsel, outside counsel, and any third party e-discovery vendors or consultants all have a clear understanding of the company's electronic data and internal document retention policies early on in a case so that they can understand how best to preserve and collect data for that particular matter.

   In developing a data map and preparing for eventual litigation, it is important to involve the corporation's IT department; cooperation between the legal and IT departments should be encouraged during this process. As has been noted in recent case law, failure to properly communicate and coordinate with the company's IT department can be a supporting factor for a judge's imposition of sanctions.5

3. Document Retention Policy

   In addition to understanding where and how the data is stored, it is also important to have in place a retention policy that governs the retention and automatic deletion of data being kept by a company. Having a retention policy in place is important for a variety of reasons. In fact, the first guideline of the Sedona Conference's Best Practice Guidelines & Commentary for Managing Information & Records in the Electronic Age states: "An organization should have reasonable policies and procedures for managing its information and records."6 It used to be more feasible for companies to save all of their ESI if they wanted to, but that option is becoming more and more untenable as the amount of data being created and stored on a daily basis continues to grow exponentially. That being said, unless a company takes proactive action, often the default measure is to retain all data. It has become clear in e-discovery circles that organizations have been over-retaining ESI even after it is no longer needed for business or legal reasons.

   A well-planned retention policy will reduce the data that is being saved, as the company and its employees will know what they can and cannot delete. Reducing the amount of ESI can make collecting documents and complying with discovery requests much more manageable. Additionally, policies that require employees to retain certain types of documents, or all documents for a certain period of time, ensure that important documents will be available for investigation when a corporation realizes that it has a claim against another party and wants to initiate litigation.

   It is also critical to understand that there is no one-size-fits-all document retention policy. Rather, a company or its consultant must tailor a document retention policy that fits that particular company. Some factors to consider include the legal requirements of the different jurisdictions where a company has employees and stores data, any industry-specific document retention requirements that might be in place, and whether there is certain data that a company might not want subject to deletion under a retention policy. Some of the industries that have detailed retention requirements include finance and health care. Broker-dealers have requirements put in place by Dodd-Frank7 and Sarbanes-Oxley8 that must be addressed in any retention policy. In addition, health care companies have specific retention requirements under the Health Insurance Portability and Accountability Act (HIPAA)9 and must be aware of the various statutes of limitations affecting their industry.

   For document retention policies to work and have their intended effects, implementation of the policies is as important, if not more important, than their creation. Many companies spend money and time...