It is common knowledge in this day and age that data exists in various forms and in a myriad of locations. This is especially the case with data as it relates to a corporate entity. It is crucial for corporate entities to stay one step ahead of the “litigation storm”—which can be accomplished by having a solid plan in place for electronically stored information (“ESI”) and eDiscovery. There are a few fundamentals, i.e. best practices that corporate entities should keep in mind relative to ESI and eDiscovery, that include: (1) setting up a data retention policy/scheme, (2) identifying the key custodians that may possess relevant data, (3) knowing the technology and engaging the information technology (“IT”) department and (4) communicating across all departments.
Data Retention Policies
Email is one of the most utilized forms of communication within corporate environments. Depending on the size of a company, thousands upon hundreds of thousands of emails are generated per day. It is not possible to expect people to generate fewer emails, so the goal is to retain fewer emails. So how does a corporation address the issue of data deletion while maintaining defensible practices as they relate to ESI and eDiscovery? The initial step is to determine where the emails are going, which can be done with the assistance of your IT department. Once it has been determined where the email is housed, it would be wise to work with your IT department to determine how to get rid of duplicate copies of emails (which is also known as “deduplication”).
A corporation must ensure that a clear and consistent email retention policy is in place and adhered to. This policy should be in written form and adhered to across the board in an effort to maintain defensibility in practice. Corporations should consult an attorney to determine how long data should be retained based on the size of the organization. Finally, while a retention policy that is adhered to can very well be defensible, when a corporate entity reasonably anticipates litigation or is currently involved in litigation, preservation of relevant data (or a “legal hold”) is required. It is imperative that any automatic data deletion policy be thoroughly reviewed and possibly amended so that relevant data is not being deleted merely because of an automatic and standard process.
Identification of Custodians
Another important component of preparing for litigation is knowing who has responsive data in the first instance. Identifying who has your data and keeping a clear and consistent record of the data types that each custodian has access to will prevent a mad-scramble when a corporation receives discovery requests. There are many ways to track custodians, but no matter which method is used, having the right information will make responding to discovery requests more efficient. Names of custodians, the department they are in, their position, hire dates, etc. are all pieces of information that can help narrow down the list of individuals who would potentially have the data relevant to a particular discovery request.
Know Your Technology and Engage Your IT Department
From desktops to laptops to tablets to smart phones, both online and inline—data is everywhere. It is crucial for a corporate entity to work with its IT department to track the different types of technology and devices utilized by the corporation. This step helps ensure that once preservation and collection need to occur, there is a clear path that leads to all sources of the relevant data.
While most of us believe we are technologically savvy, the reality is that eDiscovery is best understood by IT/litigation support professionals. The IT department is a huge component in a corporation’s ESI roadmap and the eDiscovery process, especially given the continuous increase in the volume of data that can be generated within a given entity. The corporate IT department should have records of all data types, sizes, locations, custodians, etc. and should work in conjunction with the corporate litigation department, as well as outside litigation counsel, to ensure that all relevant data is properly stored, preserved and available for collection in a well-managed infrastructure that allows for operational efficiency and ease of access.
Communication is Key
In both preparing for and tackling the eDiscovery storm, a corporation must keep the lines of communication open with all members and departments. Duties and responsibilities, as they relate to data, must be clearly communicated to all members of the corporate environment. Data retention and preservation protocols must be established and a corporation’s legal and IT department must take measures to regularly communicate, assess and ensure compliance with all facets of the IT infrastructure, preservation processes, data retention and litigation holds. Failure to do so could result in eDiscovery omissions and non-defensible practices—both of which can cause not only reputational harm, but also adverse consequences in the context of an ongoing lawsuit and/or sanctions.
While there is much more to be said about these topics and others, the moral of the story is that a corporation should take measures to address ESI and eDiscovery issues both prior to and during litigation. Taking a proactive approach to ESI and eDiscovery will not only better-equip the corporation in weathering the litigation storm, but it can also lead to fairly substantial time and cost savings.