Best Practices Show Direct eDiscovery Payback

If you think eDiscovery means sifting through e-mail archives, you're only part right. A new survey sponsored by Symantec sheds light on data retention and eDiscovery practices that reveal how the growing amounts of information is making compliance with legal challenges for information tougher.

Symantec's 2011 Information Retention and eDiscovery Survey, conducted among 2,000 companies in May and June, looked at the challenges enterprises are facing and how they're coping with the growth and complexity of legal requests. One fact jumped out clearly, as Symantec’s Annie Goranson told me: no matter what industry you're in, there are identifiable best practices that, if followed, will make handling eDiscovery easier.

The world of eDiscovery is changing. E-mail has long held the top spot as most-requested documentation in eDiscovery motions. In this year’s survey, e-mail has dropped to third place (cited by 58 percent of respondents as an important document type). When asked about what information was most “frequently” requested, just over two-thirds (67 percent) cited “files and documents,” followed in second place by database or application data (at 61 percent).

Instant messages and mobile phone text messages are still requested often. Bringing up the rear (at 41 percent) were requests for social media records, including corporate posts to Twitter, Facebook, and LinkedIn, among others.

Best practices for managing information retention and retrieval include implementing a formal information retention plan, automation of legal holds, and the use of a formal archiving tool. Goranson said Symantec divided respondents into three groups based on their information retention programs and, according to the report, the “quality” of the practices they followed.

“The top-tier companies that closely followed best practices were 81 percent more likely to have a retention plan in place, and were 63 percent more likely to implement the automation of legal holds. These organizations were also 50 percent more likely to use a formal archiving tool. They were also much less likely to follow poor information management practices, such as performing legal holds in their backup systems,” the report said.

Despite following best practices, IT has little to brag about its response to legal challenges. Only 35 percent of respondents said they “successfully fulfill the request in a timeframe that is acceptable to the requestor.” On the plus side, enterprises that followed best practices reported a 64 percent faster response time; the survey results, analyzed by Applied Research, found that these companies also enjoyed at 2.3 times higher success rate in responding to eDiscovery requests.

Another 25 percent say they fill the request more slowly than the requestor would like, though they didn’t specify the lag time. Only 10 percent say they “partially fail” to fulfill the request, and another 10 percent don’t fulfill the request at all.

Of those that did not fulfill the request successfully, penalties are clear: 42 percent said it damaged their enterprise’s reputation or caused embarrassment, and 41 percent said fines were levied. Thirty-eight percent found themselves in a compromised legal position, and 28 percent faced court sanctions. One quarter of respondents said it “raised our profile as a potential litigation target.” No doubt.

Again, here’s where following best practices clearly pays off. According to the report, those enterprises following best practices were more likely “to receive a favorable outcome in legal proceedings.” They “suffered fewer negative consequences than companies that lack a formal information retention policy” =-- for example, they were 78 percent “less likely to be sanctioned by the courts and 47 percent less likely to find themselves in a compromised legal position. They were also 20 percent less likely to have fines levied against them. In addition, they were 45 percent less likely to disclose too much information, which could compromise their litigation position.”

When it comes to a formal retention plan, IT clearly isn’t doing a great job. Only 32 percent have a plan in place; 24 percent say they’re working on creating a plan, and 30 percent are discussing it or in the planning stage. Fourteen percent don’t have such a plan and have no intention of creating one. Remind me not to do business with any of them.

Given all the expense and angst organizations go through to deal with eDiscovery requests, most seem to have a pretty good (but undeserved) opinion of their ability to respond to “legal, compliance, or regulatory” requests. Seventeen percent said they were extremely confident in their preparedness, and 35 percent they were “somewhat” confident. A quarter said they were “neutral.”

From the results I read, I’m not very confident in their confidence level. Nine percent admitted to being “extremely unsure” of their preparedness. Even that figures sounds too low to me.

-- James E. Powell
Editorial Director, ESJ

Posted by Jim Powell on 09/20/2011