New litigation rules put IT on the front lines of data access

Rule 26 requires both parties to disclose all information that is relevant to either their claim or defense. The parties must identify information by category and location, Zantaz’s Lambert notes. If pertinent data is not disclosed up front, it may not be admissible later.

Free IT resource Hear how top CIOs turn change into a competitive advantage. Sponsored by HP Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft

However, the more interesting part of Rule 26 is (b) (2) [B], if only because interpretation of it may change depending on the case at hand. For instance, if a lawsuit is for $150,000, it may not behoove the judge to force a company to spend $2 million accessing hard-to-retrieve data that exists only on legacy disaster-recovery tapes. However, if the case involves a $50 million lawsuit it could be another matter altogether.

This means a company should have a pretty good idea how much it will cost to restore data from various media, file types, and locations. The tricky part is that before you know how much it will cost to retrieve the data, you must know which data is stored where.

The solution lies in mapping your data sources. This should be a joint effort between legal and IT, PSS’s Paknad says. But mapping data sources is easier said than done. For one thing, it assumes that someone in the company knows what data is relevant and where it all is. In a large company, this may be a wholly unwarranted assumption.

With mobile executives storing information on their notebook hard drives, any given piece of data might be on a notebook flying to Milwaukee, in an Access database across the hall, or scattered across dozens of different tables built for end-of-year financial statements.

The solution is to create the data map before you need it. Because there is no business software currently available that can automatically seek out all your data sources and dump them into a document of some kind, IT and legal must come together, not only to map what the data sources are but to record which business processes they touch.

Of course, if you already have a good records-retention policy in place, it will dictate what data your company is going to keep and where it is located. Obviously, the “where” is the link to the data sources.

Companies must identify the departments and employees with custody of the data, and they must create a stewardship that includes a container expert (data source), content expert, or business unit that owns the data -- and a policy owner for retention, privacy, and security, Paknad advises.

4. Rule 34 (b): Form of production

Supposedly, the standard for data retention and disclosure is always “reasonableness,” but Rule 34 (b) can lead to difficulties when the format for delivery is considered. Unless otherwise specified, data is supposed to be delivered in its native form. However, there are issues. For instance, if the data is in an Excel spreadsheet, it can easily be altered. But if you deliver the Excel spreadsheet as a PDF document, it won’t capture the formulas.