Effectively Managing ESI Risk in Litigation

Tracey Stretton, Kroll Ontrack

The financial crisis has resulted in increased litigation and many corporations are now handling more cases with fewer resources.  It has long been recognised that disclosure of documents is one of biggest costs in litigation and the volume of information now available continues to grow and burden the litigation process.  With pressure on to decrease litigation budgets and minimise litigation-related risk the management of electronically stored information (“ESI”) has risen high on the corporate agenda.  

Legal teams now have to consider, apart from large volumes of potentially relevant documents, complex IT infrastructures, cross-border and multi-lingual evidence, social and business networking sites, alternative storage locations as a result of virtualisation and cloud computing.

Close collaboration between IT and legal teams is now required to successfully respond to an ESI disclosure request.

Are companies informed?

Kroll Ontrack’s 2009 ESI Trends Survey, demonstrates that companies recognise the increased need to disclose ESI in litigation and/or regulation, the need to be prepared and the importance of collaboration between IT and legal.  Nearly half of organisations in the UK and US believe the need to produce ESI for litigation or an investigation has increased over the past 12 months and will continue to do so.  Furthermore, 46% of UK and 49% of US corporations have increased their attention to ESI readiness in the last year.

Are companies prepared?

Whilst 80% of UK and 87% of US corporations have a document retention policy in place, a much smaller number, 41% in the UK and 46% in the US, claim to have an ESI disclosure readiness strategy.  Companies appear to be under the impression that these terms are synonymous and there is perhaps a false sense of security that the existence of a document retention policy is sufficient to protect an organisation when litigation and/or regulation strikes. Document retention policies are obviously important in ensuring the retention of potentially key evidence, but it is the processes by which that data is identified, preserved, retrieved and produced that is key in a litigation process. There is therefore a risk that some companies are at risk of being without properly implemented disclosure processes.

56% of UK and 77% of US companies believe their ESI disclosure readiness policy is repeatable and defensible.  However, only 39% of UK and 57% of US corporations have an identified means (litigation hold procedure), to preserve potentially relevant data when litigation or a regulatory investigation is anticipated.  Without a means to suspend the destruction of potentially disclosable data, companies are not able to execute a proper preservation protocol and cannot claim their disclosure policy is effective.  Companies who do not have a repeatable litigation hold procedure in place may discover the defensibility of their policy is at issue in subsequent litigation.

Only half of the companies surveyed have updated their ESI disclosure policies to include commonly used corporate technologies such as mobile devices, social networking, virtualisation and instant messaging. With 81% of global executives now connected to work through mobile devices all of the time, it is clear that a readiness policy needs be kept current.  In this area UK companies face a greater risk - 38% of firms can’t say that they have updated their policies to include new technologies in the last 12 months compared to 19% of firms in the US.

This is not to say that companies are not investing in ESI discovery readiness.  The 2009 report suggests that spending in both the UK and the US has more than doubled in the last year. The question is whether that investment is resulting in a proportionate improvement in disclosure readiness. The fact that just 14% of UK companies are very confident that their disclosure policies are defensible and repeatable would perhaps suggest not.

Who is responsible?

Of the organisations that have an ESI disclosure readiness policy, responsibility for strategy creation and enforcement is co-owned by IT and legal. The undoubtedly complicated and technical nature of ESI requires increasing reliance on IT but a close alliance between legal and IT is also crucial to ensure ESI strategies are legally compliant and feasible. A multidisciplinary approach to e-disclosure readiness is also being adopted by some companies, especially in Europe.  This recognises that legal and IT are not the only stakeholders when it comes to information management - records managers, risk and compliance officers and of course business process owners have a role to play.

How are companies implementing policies?

Many organisations (39% in the UK) do not have a method to suspend document retention policies is concerning.  Without a plan to comply with the legal obligation to preserve potentially relevant evidence when litigation is anticipated, data may be deleted in accordance with a document destruction policy.  This puts companies at a serious risk of fines, sanctions or even losing a case.

In the recent UK case of Timothy Duncan Earles v. Barclay Bank Plc  , His Honour Judge Simon Brown QC, whilst finding in favour of the Defendant (Barclays Bank PLC) limited significantly the legal costs claimable by the Bank. A reduction of 50% in the costs recoverable by the Bank was a direct consequence of its failure to efficiently disclose electronic documents. The Bank did not put in place a litigation hold – in other words take steps to preserve phone and email records after litigation was anticipated. Telephone records and other documents recording instructions were not produced during pre-trial disclosure.   An email account for a Bank employee was also not disclosed and the fact that that he had retired was not a valid excuse since it could have been retained when he left the Bank or information could have been retrieved from electronic information from other back-up sources.  The Judge found that information was not deliberately withheld and so there had been no spoliation and no adverse inferences were drawn against the Bank.  Nevertheless, the way in which the Bank conducted its disclosure was criticized and evidence should have been retained.

Key challenges and best practices

The sheer volumes of ESI remains a concern for both legal and IT teams handling disclosure processes. With volumes increasing companies need effective policies and procedures that can handle this challenge.  Organisations are allocating greater financial resource to ESI management but lack of time and human resource is still a key challenge in ESI management. Having a policy in place, ensuring the executive board is part of policy creation and enforcement, and understanding the digital data landscape are critically important to litigation risk management for the foreseeable future.  Clear and focused dialogue between IT teams and in-house counsel is essential to ensure companies are in a position to handle disclosure demands.  It is also becoming critical to ensure that policies have been implemented and tested to ensure defensibility.

Tracey Stretton is a Legal Consultant at Kroll Ontrack's office in London.

Disclaimer
This document is neither designed nor intended to provide legal or other professional advice but is intended merely to be a starting point for research and information on the subject of legal technology. While every attempt has been made to ensure accuracy of this information, no responsibility can be accepted for errors or omissions. Recipients of information or services provided by Kroll Ontrack shall maintain full, professional, and direct responsibility to their clients for any information or services rendered by Kroll Ontrack.