New litigation rules put IT on the front lines of data access

Typically, the acceptable format should be the way the data was managed in the normal course of business -- but suppose you’re using SAP software for invoicing. Your company might wish to deliver an invoice or an e-mail in the form of a PDF, while your adversary may demand to see your entire database. “If the metadata for an e-mail is important,” PSS’s Paknad says, “you may have to produce the e-mail in native format.”

Free IT resource Hear how top CIOs turn change into a competitive advantage. Sponsored by HP Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft

Paknad also recommends keeping relevant files in a location that’s provably secure from tampering, as whichever party wants to see the data will also want to be assured it was not, and could not have been, altered.

5. Rule 37 (f): Safe harbor

If you can prove that missing data has been deleted during “routine” data expunging, you are probably safe from legal sanctions. However, you must be able to prove that the deletion was indeed part of a routine process and not “event-driven.” Here we come back to good-faith effort, where producing an audit trail and monitoring are key.

However, Sills Cummis Epstein & Gross’ Dickey counsels that routine deletion is no excuse for destroying something on legal hold. “You must stop and suspend automatic retention and deletion systems in order to secure relevant data,” he says.

Bottom line: You are legally required to secure all relevant data. If you screw up here, the court can say you are obstructing justice, and the judge may assume that the data was detrimental to your case -- as in Zubulake v. UBS Warburg.

Software solutions

Although the onus for compliance will always be on the business itself, many companies are looking to their ERP vendors for solutions. For instance, as PSS’s Paknad notes, Fortune 20 companies are going to expect that their transaction and knowledge management systems support retention periods and legal holds. At the moment, few enterprise applications are doing that.

A sea change is exactly what the Fortune 20 will expect in the next year or two; in fact, it’s already happening. Paknad says that her Fortune 20 clients are implementing policies for 2007 that will require all systems brought online to support retention lifecycles, legal holds, and collection requests for litigation.

In 2007 and 2008, these features will trickle down to software being used by the Fortune 1000 and beyond. Clearly, every company that may face litigation will be looking for a rapid evolution of systems and features in their enterprise software to make it compliant with the new Federal Rules of Civil Procedure.

It’s more than a good idea. It’s the law.