The Burden of eDiscovery Proof Shifts to IT
The weight of complying with any legal request is now squarely on the shoulders of the IT department.
Nothing can waste valuable IT time like a document discovery request. The sad thing about that, however, is that everybody knows that such a request is coming. In fact, if you work in a large company, the chances are good that you're going to see multiple requests for documents every week.
Up until recently, a lot of companies attempted to hide behind the fact that courts might accept that the burden of looking for a particular document was just too hard and costly to find. But in recent months the legal system has become a lot more savvy about what can be accomplished these days using eDiscovery systems.
Unfortunately, a new survey of 2,000 worldwide organizations conducted by Applied Research on behalf of Symantec finds that the vast majority of companies are reactive when it comes to dealing with such requests, which means they have no real eDiscovery system in place that can find all relevant documents related to any case in a matter of minutes. Without such a system, the company is "naked" from a legal perspective that inevitably winds up with the IT organizations being forced to spend weeks, if not months, manually looking for those relevant files. More often than not, they don't find those documents, which usually results in someone from IT testifying about how incompetent the IT organization is, which is usually followed by a sharp rebuke from the judge and some stiff fines for the company.
Allison Walton, Symantec eDiscovery attorney, says eDiscovery should generally be approached as an extension of the company's overall information management system, which, when properly implemented, usually includes an eDiscovery capability that just doesn't focus on email, but also all the file systems in use.
The single most important thing a company can do, recommends Walton, is define a consistent document retention policy and then make sure they have the technology in place to back it up. That doesn't necessarily mean saving everything, but the courts are going to frown on any policy that amounts to deleting every document.
While the responsibility for any lawsuit will always rest with the legal department, it's pretty clear that the burden of proof now rests with the IT department. In fact, IT organizations need to ask themselves how much time do they really want to spend looking for documents versus actually managing the IT environment, because last time anybody checked, no one invests in IT just so employees can spend time combing through file systems looking for documents.