United States: Planning Ahead To Respond To E-Discovery Requests

The newly enacted amendments to the Federal Rules of Civil Procedure have had the legal community abuzz for months as lawyers, both in-house and outside, have worked to determine what the revisions mean to them. One thing the revised rules do is place more emphasis than ever on the importance of effective litigation hold programs within companies.

Preparation begins with records management. Records management is the science (and some argue the art) of retaining records just long enough to meet legal and regulatory requirements as well as business needs – and no longer. In the absence of a legal requirement, information should be kept only for business or regulatory purposes. If it is not valuable to the organization or required to be kept by regulations, laws, or other reasons, it should be discarded. Storage is cheap but not free and information clutter has its own costs. As a result, accumulated data generally should go through automated destruction that is scheduled based on a company’s records retention policy.

When an organization implements a legal hold in response to a discovery request or other data-preservation order, it is like pressing a pause button on the destruction of records. Of course, it is not quite that simple. With records housed in multiple formats in many different places with disparate custodians and retention requirements, knowing which pauses to hit can be a question worthy of the Sphinx.

When a company is required to preserve electronically stored information in connection with a legal proceeding, each day of uncertainty regarding relevant data’s whereabouts increases the risk exponentially. Technology infrastructure and corporate IT operational processes were not designed to segregate "relevant" data and preserve it indefinitely. Furthermore, the spectrum of applications containing data subject to discovery undoubtedly crosses functional and IT management systems, making the problem all the more complex.

While the task is quite daunting, it is more manageable if people within the organization already know the answers to several questions. For example, what data may be applicable to specific issues or business processes? Is the data on-line, off-line, or in legacy systems? Where does it reside? What application(s) generate the information? Who manages the information (e.g., individual users or a database administrator)? What are the current retention practices? What options exist for preservation? Is data routinely overwritten or archived?

These questions can be very difficult to answer, and nearly impossible to determine quickly with a pending discovery request, if they were not previously established. Even if company representatives are able to figure it all out, the likelihood is that some relevant documents and data will be destroyed through normal IT operations in the interim. Preparation in the form of knowing where your information is, who is responsible for maintaining it, when it is scheduled for destruction and how to stop that, and other relevant facts will make a company’s efforts in implementing a litigation hold less intrusive, more effective, and less expensive.

While each organization is unique in its business processes and IT management practices, some general principles apply in most cases when it comes to preparing for the eventuality of litigation and regulatory inquiries and the related preservation orders. The following steps are meant to provide an idea of what preparation for discovery might look like.

1. Convene a discovery response team consisting of, at a minimum, representatives from the legal department, records management, IT infrastructure - applications, IT data storage, e-mail messaging, finance, human resources, and, if identifiable, other business units typically subject to discovery requests.
2. Develop a systems inventory. Create a map of business applications, e-mail, and other systems that manage user documents. The map should include physical locations, operating systems, backup systems and schedules, business owners, and IT owners.
3. Do not overlook e-mail. Does the company maintain e-mail centrally? Are copies of mail files stored on local machines? How is e-mail currently identified in response to requests? How long is it kept?
4. Understand your financial systems. Organizations are often called upon to preserve financial data. Based on circumstances, the definition of financial data can be narrow or broad (e.g., preserve all customer sales records, or preserve all data related to the company’s profit and loss calculations)
5. Examine the corporate retention schedule. Is the retention schedule current? Does it accurately reflect the information generated by the organization? Are the retention periods accurate? Most importantly, is it currently being followed in managing both paper and electronic records?
6. Examine historical discovery requests and data-preservation orders to identify trends. For example, if 70% of past discovery requests related to financial information while 30% related to human resource information, the team will at least want to focus on those areas specifically.
7. Prioritize the focus of the discovery response team to a particular type of information, business unit, or system based on the historical data and thorough risk analysis.
8. Develop a response plan. The records manager, business owners, IT owners, in-house counsel, compliance officers, and others should work together to design a plan based on the high-priority scenarios. For instance, the team may determine that a particular type of request or order may result in the need to obtain additional IT resources or even change the systems, tools, and processes for data storage. Similarly, they may have found that a predecessor system from which the data has not been migrated may need to be resuscitated. The team even may decide the company no longer needs certain information or that a routine rotation cycle is prudent. Of course, they will want to consult with the corporate retention schedule and the legal department before destroying any information or changing retention periods.
9. Develop a stakeholder-notification process to let relevant people know that certain information is subject to a hold or a data-preservation order. The process should include validation that the recipient has received the notice and a requirement for a plan of action.
10. Develop the process to monitor compliance. This may include follow-up with those who must retain documents and even in-person interviews with primary custodians of relevant records. The discovery response team should meet regularly during the enactment of any litigation hold to examine and address preservation requirements and the effectiveness of the plan in place.
11. Develop the process to implement the response plans. For example, for a given situation, determine the roles to be filled by the business owner, the IT manager, and the data storage group, among others. Standardize the documentation of the process.
12. Develop scenarios to test the system based on historical and anticipated discovery requests and data-preservation orders. The scenarios should include best- and worst-case situations. They also should include a wide variety of likely information storage types, applications, and media (e.g. mainframe, email, custom applications, network share drives, laptops, PDA).
13. Revise the plan continuously as necessary. Return to step 10 and consider a better, more efficient way to preserve this information as different situations or real-world experiences inform the process.

This effort creates the process by which an organization may rapidly respond to a discovery request or preservation order. It also may identify areas where its obligation to preserve may be of concern or overly burdensome, which is crucial in negotiating with opposing counsel and the court.

Planning for discovery response also helps a company determine where it may need to strengthen its records-management procedures. This will afford the organization the opportunity to both improve operations and correct any weaknesses before it is required to preserve or produce documents. In doing so, the company’s legal department or outside counsel will be in a position to strongly defend the collection and preservation process. Finally, having a program in place reduces the risk of not complying with a discovery request or inadvertently misrepresenting the scope of the production.

By preparing a legal hold program, organizations can ease their own discovery-response experiences and possibly protect themselves in court should mistakes happen. That in itself will serve the organization well in the long run, whether it endures one lawsuit a week or one in a generation.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.