In order to mitigate that risk, legal counsel must fully understand the company’s data practices and indeed must have some control over them. Counsel must be aware of the company’s retention schedules and rules, including a corporate classification schema that identifies the major classes of information the company views as records. According to Paknad, there should be specific retention periods for information in each of those classes.
For instance, among financial services companies, where instant messaging is considered relevant, companies are already sampling IMs on a daily basis and matching text against a lexicon of keywords. Tape cataloging is another key ingredient in preparing IM and e-mail for retention and data discovery during the pretrial conference. Cataloging should record the dates of all information on the tape, including the server it came from and the type of data it is, says Francis Lambert, senior compliance advisor at Zantaz, a content archiving company.
In preparing for the pretrial conference, many larger companies are deploying full-time “discovery response teams” made up of litigation attorneys and IT technicians. These teams are tasked with becoming specialists in collecting and preserving data and in learning how best to go about the process of retention, retrieval, and deletion. In the largest companies, these teams are often broken out by category, such as e-mail IT teams or server IT teams.
When a trained discovery response team is notified of possible litigation, it must swing into action immediately. For instance, a key component of complying with the rule changes in 26 (f) is determining which data needs to be rescued from any automatic deletion process that may be about to destroy it. This is known as a “legal hold.”
From the time a company reasonably anticipates litigation or receives a legal request for data from another party, IT and legal must be able to identify as quickly as possible the systems and data sources where relevant information may be about to be deleted -- and they must prevent such deletion.
Employees and system administrators who are responsible for data deemed relevant to litigation must be notified of their obligations, and they must respond specifically and affirmatively when notified.
For some companies, even when an appropriate process is in place, the task of tracking notification and response on legal holds can be daunting. “For large companies, there [may be] a couple of thousand cases open at any one time,” PSS’s Paknad says. If that is the case, the math is terrifying: A company sending one legal-hold notification and three reminders to each of 50 data custodians would have to send 200 outbound notices for each instance. Multiply that, very conservatively, by 100 cases, and you’ve got 40,000 notices and responses crisscrossing on the network. And all this is merely in preparation for the pretrial conference.
There are additional changes that impact IT directly. For instance, the FRCP and the attached notes from the court recommend that at least one IT person should file a discovery deposition. “It has to be somebody that knows how the IT systems work,” Sills Cummis Epstein & Gross’ Dickey says. “Companies need to know, [beforehand] who is the spokesman, and that person should be deposed under oath.”
A deposition from IT is certainly the smartest and safest way to go, adds Zantaz’s Lambert, especially compared with the IT technician making an in-person appearance at the pretrial conference. “You don’t want him in there, because it is two lawyers and a judge, and you don’t want the IT person saying the wrong thing,” he says.