Although an IT shop could tie up its servers running lengthy databases searches, and then organize and store vast amounts of e-mails and documents, it's often more cost effective to outsource e-discovery projects. Holland & Knight uses the eClaris e-discovery consultancy to handle much of its work. "eClaris has the capability of setting up the database for me, and I would then access it through the Internet," Row says. "So I go to a Web site -- it's password protected -- I log in, and then I can review [the data] through this Web-based system."
While the Web interface addresses IT managers' user access concerns, what about privacy and security issues? Education is the key to calming managers' fears, says Jacques Nack Ngue, eClaris' CEO. "One effort we do is engaging companies, and just providing as much information as possible about the e-discovery process," Nack Ngue says, such as "what the risks are, how to assess them, and how to handle and manage those risks."
Row agrees that once a manager begins working with an outsourcer and understands what needs to be done to maintain security and privacy, the risks suddenly appear much smaller. "It's a collaborative process," he says.
Outsourcing opportunity No. 3: Regulatory compliance
The financial scandals of the late 1990s and early 2000s led to several new federal compliance mandates, most notably the Sarbanes-Oxley law. These mandates, as well as an array of other state, local, and industry-based compliance measures such as California's privacy breach notification statute and the payment industry's PCI standard, created new record-keeping, document-tracking, and other demands on IT shops that tend to sap productivity and slow other critical work.
[ The financial meltdown will likely increase the regulation burden on IT, argues InfoWorld's Ephraim Schwartz. ]
Despite the added IT burden, many enterprises have been reluctant to outsource regulatory compliance tasks, believing that the work is too business-critical to place into the hands of an outsider. Many managers also worry about the security and legal implications of sending such work off-site.
Michael Rasmussen, president of the regulatory compliance advisory Corporate Integrity, says the key to successful outsourcing lies in finding the organization that knows the most about the relevant type of regulatory compliance needs. "There are FDA regulations, different elements of privacy regulations, and disaster recovery and continuity regulations, and each of these requires something different," he says.
Christine Applegate, CFO of East Coast Cable & Communications, a firm that provides installation services for area cable companies, got drawn into the regulatory tangle when Massachusetts enacted a customer privacy law. Not having anyone on staff with the skills or experience needed to ensure that the company was living up to its compliance obligations, she turned to East Coast's primary IT service provider -- Boston-based Vitale Caturano & Co. -- to develop a solution.