Litigation Readiness and your IT Infrastructure: Spring Cleaning
What is litigation readiness and why is it important? It is the measure of how prepared a company is to respond when litigation arises. It is important because failure to prepare can, in the best case, lead to inefficiencies and higher costs in responding to discovery to the worst case of facing legal sanctions (fines and penalties) for failure to produce relevant evidence.
How is it measured? Most companies are unsure of how to formalize readiness, and even the most prepared companies are tested since litigation always presents surprises. Because companies face different regulatory requirements and business needs, this answer is not the same in each case.
How prepared a company is for litigation is a solid indicator of a company’s overall IT infrastructure and information governance health and functionality. Because litigation and IT are inextricably related with regard to eDiscovery, “litigation readiness” relies on the IT infrastructure to be ready with the people in place to execute an effective plan.
The barometer to measure this “preparedness” employs numerous factors which should include: staff scalability and expertise, back-up storage with implemented expiration timeframes, proactive classification for information generated and received by the company, archiving capabilities for preservation and litigation hold, records management policies, internal data collection and early case assessment capabilities and data deletion policies.
Some important considerations are below that, at a minimum, should be addressed in order to be prepared for litigation regardless of how frequently the company litigates:
- How is the back-up of information being managed by the company? Is information being expired on a consistent basis? How easily accessible is the information on back-up tapes and is there excess volume, leaving the company unnecessarily exposed to discovery? It is important to delete with confidence in accordance with the company policies to avoid unnecessarily restoring data.
- Is there a central archive where information is being proactively organized with retention, litigation hold, and deletion capabilities in place? Is this archive applicable to all of the company’s information, including all file types and sources? Is there a data map for the corporation to identify sources and locations?Technology exists to help corporations easily accomplish archiving for preservation purposes, as well as manage all types of information. Not having the capability to archive presents serious preservation challenges as well as a nightmare for responding to litigation requests.
- Is there a company policy that outlines the records retention and the responsibilities of employees for managing the lifecycle of all types information?While the records retention policy of an organization will evolve to meet legal requirements and business needs, a repeatable policy and procedure should be followed for all eDiscovery projects. Many of these processes can be automated by technology, but there will always l be exceptions.
- Are there persons in place within the corporation that have full knowledge of how to deploy the technology and efficiently use it?Better yet, is there a designated eDiscovery liaison that can serve as a bridge between Legal’s requests and IT functionality? Can this person (s) also serve as a 30(b)(6) witness? If the answer to this question is no, then uncertainty remains regarding full technology usage, and that the same process is being correctly followed and contemporaneously documented. Without this, a company is vulnerable to spoliation and chain of custody challenges.
- Have the employees been trained and audited on those policies for compliance? Having a policy is necessary, but having a policy and not following it is treacherous.
While not an exhaustive list, the above provides a checklist for taking the pulse of a corporation’s litigation readiness. We are constantly taking not only our customers’ pulses, but our own, as our new releases emerge. Our own readiness is key. For example, we just deployed Enterprise Vault 10 on a company-wide basis for 18,000 users. As of Tuesday April 26th everyone at Symantec will start having their data ingested by the new 64-bit indexing engine, and searches will be federated across old and new indexing technologies. This is a significant achievement by both Engineering, IT, and a cast of hundreds that support us in getting a release to market.
We look forward to helping our customers get their data houses clean and to be litigation ready with our products as well. Also new with our Enterprise Vault 10 release, we took our 18,000 users and the data they generate, and implemented a Unified Archiving Platform. This will move less-frequently accessed information off of expensive primary storage and servers such as: Microsoft Exchange and SharePoint, IBM Lotus Domino, file servers and more, to lower-tiered storage. This will enable us to reduces our storage footprint and costs by up to 60% by moving deduplication closer to the source, while retention and deletion policies keep information for only as long as needed.The iterative nature of “checking-in” on how prepared a company is requires upgrades and the revision of polices and technology frequently to make sure everything is working properly.