One of the worst things that can happen to a modern company is to for it to get sued. Here in the 21st Century more often than not, lawsuits require that the firm being sued produce electronic documents early on in the whole messy legal process. Good examples of how tricky this can get are the White house's attempt to retrieve firing emails, Intel's fight with AMD, and Morgan Stanley's issues with the SEC. As the Morgan Stanley case shows, if a firm can't produce the email and electronic records that are asked for it can end up costing the company a lot ($10M in the case of Morgan Stanley). What does all of this legal stuff have to do with a CIO?
Michael Lunch is the CEO of Autonomy Corp. and he does a good job of describing how the search for electronic documents is currently done:
"The old-fashioned way of doing this was having a lot of lawyers doing a lot of simple things, you would literally have lawyers reading though things saying 'there was chicken for lunch.' You don't need lawyers to know that it's a lunch menu."
Ouch - what kind of hourly rate does a firm have to pay to have lawyers read old email? This is exactly the type of situation that begs for the IT department to step in and lend a hand. Recognizing that this is an issue, the good folks at HP, Xerox, and IBM are getting ready to jump in and offer products and services.
This new reality of living in an electronic document lawsuit-happy world opens a unique door of opportunity for forward thinking CIOs. When a firm gets sued, everything has to shut down as it relates to documents while the requested material is searched for. If an enterprising CIO had already set up a system to track and categorize the firm's electronic records, email included, then a lawsuit's requests could be easily handled. Being able to produce the requested material the next day instead of weeks or months later and being able to do it for much less than a roomful of lawyers would cost would enhance the CIO's standing among the company's senior management.
Careful - there's a right way and a wrong way to go about doing this. The wrong way is the classic IT way: I don't need anyone else, I (and my department) can do this all by ourselves. Discovery of records as a part of a legal proceeding is really the domain of the company's legal department. This is clearly a case where the IT team needs to work WITH the legal department. Since any sort of automated search process will be taking cash out of the pockets of outside law firms who traditionally supply the human resources to do information searches, the CIO is going to need to have the full support of his in-house legal team. The moment the lawsuit is filed, the outside firms will be whispering into the CEO's ear that he/she really needs their pricey assistance. Without the support of the in-house legal team any IT created solution will be discarded in favor of going with a "sure thing".
Having a solution in place before it is needed is the key to ensuring that the IT team looks good. If a CIO is running around after the event trying to find a solution, then expensive mistakes are going to be made. Finally we have found one area where a CIO can once and for all show the company the true value of the IT department.
Have you ever worked at a company that got hit with a lawsuit that required electronic documents to be produced? How did it go - was it quickly and easily handled or was it an ongoing nightmare? Did this event have any lasting impact on how the firm handled and tracked its electronic documents? Leave a comment and let me know what you think...
Tags: CEO, CIO, business, it strategy, business alignment, lawsuit, document discovery
2 comments:
While I haven't been associated with an organization that has been required to provide e-discovery documentation as a result of litigations, I understand some of the concerns.
Contibuting factors that could complicate compliance with requests such as this have come up before. Most organizations are not well known for their ability to collaborate information across systems due to in large part to accessibilty of both structured and unstructured data.
It isn't unusual for organizations to support 'stove pipe' systems for specific business units or related organizational operations. Proprietary systems with proprietary file types create a difficult consolidation, or collection solution.
Another consideration would be the integrity of the data while it is being reviewed. I have a little knowledge on the subject of information security and can say that if any part of the process compromises the integrity of data, you will have a tough time using it in court proceedings.
Even within the field of computer forensics where technicians investigate cyber crimes, they must replicate the drives and work from copies to negate claims of tampering. Simply starting a machine or shutting it down can trigger embedded code to execute commands to destroy, remove or modify data, files, records or other information that could prove as evidence of criminal activities or malicious intent.
And what about corporate information that is persisted in 'cloud computing' environments? How accessible and reasonable are those solutions in relation to e-discovery techniques and compliance? From everything I have been reading lately on this platform, they have enough problems with aspects of availability in general which has a significant impact on accessibility of the data.
Not to mention the integrity concerns if backup plans are incomplete or ineffective. Gaps in critical information could cause accusations that a company is intentionally 'hiding' relevant data pertaining to the case.
Working closely with the legal department or outside consultants can significantly reduce cost, time, and resources associated with these types of projects. Its the difference between saving what 'will' be requested, and saving everything under the sun increasing discovery costs with regards to unrelated content as illustrated by Michael Lunch's comments.
Bingo. What I didn't say in the original post that should probably be stamped on every desk in IT is that having a document disposal policy and making sure that it is correctly enforced is another way that the IT department can show its value.
The legal guys say it best when they let us know that it's ok to throw stuff away as long as you have a published policy that tells everyone the rules. Now it's up to IT to make that policy happen...
Post a Comment