What is your ESI Action Plan?
Mark Surguy, Pinsent Masons & Tracey Stretton, Kroll Ontrack
Your corporation may be at risk when faced with litigation, investigations, or regulatory matters involving electronically stored information (ESI). Many lawyers are still struggling to even know what ESI means – let alone develop plans regarding how to manage it in litigation. Tracey Stretton, Kroll Ontrack, and Mark Surguy, Pinsent Masons, discuss.
The practice of law around the world is at a tipping point, driven by the technology revolution.
While US legal teams appear to be more concerned about the reality of growing volumes of ESI, the UK’s primary concern appears to be the lack of training in legal trends. The rise in sheer volumes of ESI and the importance of information contained within electronic communication has led to the recent amendment of rules governing civil litigation in both the US and the UK. Quite how well the rules are appreciated by lawyers is unclear. Until very recently judicial awareness was poor, but recent proposed changes to the way the Commercial Court will handle cases with large volumes of ESI, initiatives in the regional Mercantile Courts, and the increasing number of seminars on offer indicate that there is a clear change of practice.
Whilst companies in the UK and US are increasingly well prepared to handle demands for ESI, one in four organisations cite increasing volumes of data as a major challenge for the next five years, proving that ESI preparedness is no simple task. Furthermore, the evolution of technology and case law make this topic increasingly difficult to tackle. Clients and lawyers are often mesmerised by the confusing products on the market and may have no appreciation of the crucial differences until a lawsuit has begun, leaving very little time to source and engage a service provider and manage the project effectively.
Awareness and Policy
Research commissioned by Kroll Ontrack finds that there has been a vast growth in ESI awareness and policy enactment over the past 12 months. This demonstrates that high profile sanctions cases, and education regarding ESI, have been a real wake up call to corporations and their legal teams. However, British companies are lagging behind their US counterparts in their readiness to cope with the risks involved in legal actions, where huge volumes of computer-stored information plays a crucial role. Many companies are failing to appreciate the legal and logistical issues involved in responding to requests for often sensitive information from regulatory bodies and ensuring that they can provide details of anything that qualifies as electronic information.
The study found that whilst 70% of US companies have policies in place to deal with ESI in a litigation process (compared with 40% in 2007), only 53% (compared with 43% in 2007) of those in the UK can boast similar preparedness. Both figures represent an improved awareness of the need for policy relative to 2007, but they also suggest that the US is still outstripping the UK.
Lawyer ignorance could have unpleasant consequences for the lawyers for themselves. In the recent case of Heidrich & Anor v Standard Bank London Ltd & Anor [2008] EWCA Civ 905 an application for a wasted costs order was made against a solicitor for allegedly failing to obtain ESI from a client. The lawyer escaped liability but the case collapsed. It is perhaps too infrequently appreciated that the leading case on professional misconduct (Myers v Elman [1940] AC 282) is a disclosure case.
Responsibility
Though companies are increasingly looking beyond the boardroom in developing strategy for ESI, there remains a belief that CEOs and board directors should ultimately be accountable for shaping policy and its smooth functioning. This is particularly evidenced in the UK where 54% of companies say that their CEOs and board directors should be held accountable if their respective ESI policies result in governmental fines, court imposed sanctions or reputational damage. This is despite the fact that only 20% of UK companies allocate actual responsibility for policy development to such senior figures.
However, the shift in responsibility for development and enforcement can be seen to represent a more mature, collaborative approach to ESI and policy development. The undoubtedly complicated and technical nature of ESI requires a close alliance between legal and IT to ensure ESI strategies are legally compliant, all-encompassing and feasible. But, policy discussions should also include CEOs, so they are fully informed and supportive of the policy. If and when a policy is called into question is no time to play catch-up.
Drivers
Drivers in the UK differ marginally from those in the US. Here there have been fewer cases involving ESI, but companies will act when they see a threat from the regulators, or when they have faced a difficult case themselves and realise that they need to be better prepared. In the UK, there has been a slower progression and this can also be attributed to a lack of time and resources. For a company embroiled in a large lawsuit or regulatory investigation, the costs of handling the ESI quite simply dwarf the costs that are in involved in setting up and implementing a policy to ensure the organisation is fully prepared to respond in the event of an unexpected intrusion of this kind. The recently reported costs of the Siemens investigation serve as a salutary warning.
The lower incidence of document management policies in the UK may reflect the absence in the UK of the more draconian powers available to the Courts in the US. But it may also indicate that many organisations are simply not appreciating the risks involved in the disclosure of ESI. With the risk of litigation increasing companies need to take action to mitigate risk.
Even if Senior Management does not take the initiative in a pro-active way, creating effective ESI management policies and procedures, the Courts (notably the Commercial Court) are going to require them to take personal responsibility for the management of ESI in the context of a lawsuit (paragraphs 161-2 of the December 2007 Commercial Court Long Trials Working Party). The recommendations are said to be suitable for all Commercial Court cases and not just those that may be deemed to be supercases or "mega litigation".
Challenges
While gaining information and education regarding ESI was a legal team’s greatest challenge in 2007, the greatest worry this year in both the UK and the US, is the growing volume of ESI. Furthermore, most companies are increasingly looking to IT departments to shoulder some of the ESI burden - ESI management is no simple task and a true partnership between legal and IT (and indeed all stakeholders in the organisation such as Records Management, Compliance and Risk Management functions) is required to make a company’s policy a success.
ESI is a boardroom risk issue and should be treated as part of management of the enterprise's portfolio of risks. The risk of litigation itself is now greater in the current depressed economic environment and companies and organisations need to be ready.
Judges are ringing the changes in the UK. They are calling on lawyers to abandon their antiquated working practices and are now talking about getting under the technology bonnet themselves, to find out what can be done to reduce litigation costs. The spectre of sanctions for non-compliance with the rules governing e-disclosure is real. Lawyers and senior management are going to be held personally accountable for getting it right.
Mark Surguy is a Senior Associate at Pinsent Masons and Tracey Stretton is Legal Consultant at Kroll Ontrack, London.
Disclaimer
This document is neither designed nor intended to provide legal or other professional advice but is intended merely to be a starting point for research and information on the subject of legal technology. While every attempt has been made to ensure accuracy of this information, no responsibility can be accepted for errors or omissions. Recipients of information or services provided by Kroll Ontrack shall maintain full, professional, and direct responsibility to their clients for any information or services rendered by Kroll Ontrack.
Copyright 2007 Kroll Ontrack, Inc & Kroll Ontrack Legal Technologies Ltd.
