What's on the Minds of Corporations? Preparedness, Response and Ownership of ESI

Kroll Ontrack recently conducted its Third Annual Electronically Stored Information (ESI) Trends survey, which aimed to track and understand the measures corporations in the United States and United Kingdom have in place to manage ESI.

The survey also gauged the success of strategy implementation and collaboration between the two most critical seats at the ediscovery planning table – legal and IT. The results revealed important findings about overall ESI preparedness, response, ownership and challenges among legal and IT departments.

ESI Preparedness According to the survey, 87% of U.S. and 80% of U.K. corporations have a document retention policy in place. However, a much smaller number, 46% in the U.S. and 41% in the U.K., claim to have an ESI readiness strategy. This disparity demonstrates a lack of knowledge regarding the difference between the two policies and suggests a false sense of security within corporations that the existence of a document retention policy is comprehensive enough to protect an organization when litigation and/or regulation strikes.

The failure to implement a litigation readiness protocol invites costly repercussions and risk. As demonstrated in recent case law, courts are unsympathetic to ediscovery shortcomings. For example, in Micron Technology, Inc. v. Rambus, Inc., the District of Delaware imposed evidence preclusion sanctions against the defendant after determining the defendant's engagement in "shred days" was intentional and in bad faith. Likewise, in Phillip M. Adams & Associates, LLC v. Dell, Inc., the District of Utah relied on an ediscovery expert's declaration that the destruction of e-mails was not the result of a "routine, good-faith operation" and denied application of the safe harbor provision. The court found the defendants' "[irresponsible data retention] practices invite the abuse of others" and found sanctions to be appropriate (the court stayed action on the final sanctions to be imposed until discovery closed).

ESI Response Another core theme from the survey was ESI response. Seventy-seven percent of U.S. and 56% of U.K. companies believe their ESI discovery readiness policy is repeatable and defensible. However, only 57% of U.S. and 39% of U.K. corporations have an indentified means (such as a litigation hold policy) to preserve potentially relevant data when litigation or a regulatory investigation is anticipated. Without an appropriate means to suspend the expulsion of potentially responsive data, many corporations are not positioned to execute proper preservation protocol or claim their discovery policy is effective.

Corporations who fail to institute a repeatable litigation hold policy and are later sued will discover the defensibility of their policy is at issue. For instance, in Pinstripe, Inc. v. Manpower, Inc., the plaintiffs sought sanctions alleging the defendants failed to preserve relevant documents. The defendants' counsel had drafted a litigation hold, but the defendants failed to issue it and hired an outside vendor to recover deleted e-mails. The Northern District of Oklahoma determined that the defendants failed to meet preservation obligations by failing to issue a litigation hold and awarded future deposition costs to the plaintiff. The court also ordered the defendants to pay $2,500 to the local bar association to fund a seminar on litigation holds and preservation of electronic data.

Ownership Implementing an ESI readiness strategy is important, but whose responsibility is it to put these measures in place? Thirty-five percent of U.S. and 21% of U.K. companies say responsibility lies jointly with IT and in-house counsel to develop and institute an ESI discovery strategy. Traditionally, these two departments have not always been on the same page, but good news exists for the legal-IT relationship as 84% of U.S. and 69% of U.K. companies surveyed believe legal and IT are working effectively together when responding to ESI requests.

While IT and legal have joined forces and taken steps in the right direction, ongoing differences in communication, priorities and expertise make implementing and monitoring repeatable and defensible protocol a daily challenge. In addition to the language barriers between IT and legal, other significant challenges in implementing and maintaining sound practices exist among these departments. These challenges include time restraints, differences in day-to-day priorities, and legal and technical expertise discrepancies. Corporations must still take steps toward soothing these challenges to provide an efficient and proactive relationship between these two vital departments. This cooperation will allow for more timely responses to requests involving ESI.

Everything learned from this year's ESI Trends Report suggests that awareness of ESI and acknowledgment of its relevance to litigation and regulation has reached a pinnacle. Managing the effects of increased litigation and increased government regulations while operating with tighter budgets presents unique challenges that corporations must face effectively. Implementing ESI readiness strategies now will help ease the strain on resources in the future once an ediscovery request occurs. Not being prepared increases the company's vulnerability to ediscovery shortcomings that could cost the organization significantly in the form of sanctions. Increasing collaboration among IT and legal departments is also important to ensure complete and efficient responses to ESI requests, from properly securing critical business data to establishing effective litigation hold procedures.