New litigation rules put IT on the front lines of data access

On Dec. 1, when the latest version of the FRCP (Federal Rules of Civil Procedure) goes into effect, CIOs and their IT departments will find themselves on the firing line in most major business litigation. [Read about the cases that started it all.]

Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft Free IT resource Attend the SOA Executive Forum: Breaking SOA Bottlenecks SOAExecForum.com/may2007 Sponsored by InfoWorld

The process in which businesses decide which data they are legally required to save, and which they can safely throw out, is known as “e-discovery and e-hold.” Until now, businesses have been forced to make e-discovery and e-hold decisions based on a mixed bag of individual court decisions, balanced by guesswork by their corporate legal teams. The new FRCP changes all that, codifying a dangerously confusing situation.

Your company’s chances of winning in court -- or staying out of court altogether -- will be greatly enhanced by creating appropriate enterprisewide procedures for retention and disposal of data and documents.

Here are five significant changes to FRCP, and the processes your company should establish in order to be legally secure.

1. Rule 26 (f): Early discussion preparedness

This rule mandates that the pretrial conference between opposing attorneys will now have a very specific purpose. A sweeping requirement obliges the company being sued to cite all storage systems that hold data relevant to the litigation, all relevant data sources and data formats, and the steps counsel has taken to prevent relevant data from being deleted. To comply, companies will need a retention program that allows the litigation department to provide and describe this information accurately.

In other words, attorneys will now be required to know how the company’s entire electronic data processing system works. According to Trent Dickey, a litigation attorney at Sills Cummis Epstein & Gross, this puts IT directly on the firing line.

“Outside and inside lawyers [must become at least somewhat] proficient in computer information systems,” Dickey says. Under the new rules, he explains, during the pretrial conference, company counsel will be required to describe, in detail, all data retention practices, discovery protocols, and preservation processes -- plus exactly which data is accessible, which data isn’t, and why.

This is the most challenging hurdle that a company will face in litigation under the new rules, according to Deidre Paknad, president and CEO of PSS Systems, an ISV that creates software to help businesses manage the e-discovery and compliance process. She says the new rules make the e-discovery process more crucial than ever.

“Companies that can prove they made a good-faith effort won’t see the brutality of a judgment like that made against Morgan Stanley,” says Paknad. In that case, the company was hit with $1.45 billion in damages because the judge and jury believed Morgan Stanley had not made a good-faith effort to discover relevant data.

The biggest risk, says Paknad, is misrepresenting your company’s data. If the company isn’t fully aware of exactly what it has and where it is, and relevant material is uncovered later, as happened in the Morgan Stanley case, the company will find itself in extreme legal jeopardy.

In order to mitigate that risk, legal counsel must fully understand the company’s data practices and indeed must have some control over them. Counsel must be aware of the company’s retention schedules and rules, including a corporate classification schema that identifies the major classes of information the company views as records. According to Paknad, there should be specific retention periods for information in each of those classes.