New e-Discovery rules: A CIO's nightmare?
New e-Discovery rules being developed for the Federal Court of Australia will require CIOs to take a more active role in their organisations' legal affairs.
The Federal Court is expected to release a new practice note in December 2007, which will dictate how the legal community should approach electronic discovery in matters before the court.
Discovery is the process by which parties in litigation request documents from each other prior to trial, relating to the facts in dispute. Squabbles over discovery are blamed for the exhausting length of court cases, including the recent C7 "mega-litigation".
Once introduced, the practice note will encourage electronic documents to be produced in their original electronic form, rather than be converted -- i.e. printed -- on paper. It will also dictate that admissible electronic evidence be submitted in a form that is electronically searchable.
The note will also ask the parties involved to engage in a "pre-discovery conference" -- in which they will need to agree on a checklist of items regarding the electronic documents they seek from each other to use in the trial.
Inevitably, CIOs and other IT staff will find themselves needing to assist their legal teams in preparing for, if not attending, such meetings.
Scott Mann, national lead for Dimension Data's incident management and response team, said CIOs will need to build a strong relationship with the legal representatives of their organisation.
"Mediation between technology specialists will definitely aid the judicial process," he said.
"Legal is going to be asking what you can do technically to meet any proposed court requirement. While it is the legal department's issue, questions will be asked of the CIO if you can't accurately provide the business with where information is on your network or how to capture it."
Worse still, Mann said, if CIOs can't prove they have the capability to produce the relevant information sought in e-Discovery, a third party may be brought in to find it -- causing significant disruption to the business.
Creating a "litigation-ready" IT shop
Seamus Byrne, director of forensic technology at Vincents Chartered Accountants and a member of the court's working party on e-Discovery, says the practice note will encourage companies to become "litigation ready".
That means taking proactive steps and having more control over where and how their electronically stored information is managed, how their integrity can be guaranteed, and how electronically stored information can be collected and searched with minimal disruption to the business.
The growing trend towards e-Discovery will motivate many organisations to develop policies and procedure around document retention.
"Many organisations may have implemented document retention and destruction policies in relation to hard copy documents, yet have not given appropriate consideration to electronic documents," Byrne said.
Byrne said the law is playing "a more pertinent role in corporate IT".
"There is increasing pressure from the law and the courts regarding the management of electronic documents as potential evidence. IT is unwillingly caught in the middle -- they have to balance IT at an operational level, while acting in a way that ensures the company is compliant with the rules and regulations which may be applicable."
Mann said organisations should be conducting their own pre-emptive audits to ensure their own "internal compliance".
In the very least, he said, organisations should be looking to classify their data -- storing high-risk data in a format for which its integrity can be assured.
"You need to understand the threats and risks around data, and what data is likely to be a target for e-Discovery," he said. "You then need to understand the storage and archiving that data needs."
A question of scope
This internal compliance will prove a godsend should an organisation become embroiled in a legal battle.
It can used, for example, to internally discover whether the organisation has a good case to defend itself.
"If you find that your employee or business acted in the wrong, you can look to a settlement to minimise costs," Mann said. "If you understand that you were not in the wrong, you can be in a stronger position to fight it."
Generally speaking, the lawyers for an opposing party executing e-Discovery will try and broaden the scope of the search, while those acting in that party's interest will be trying everything possible to narrow the scope.
Most often, it's when the scope of discovery is too broad that costs blow out.
It's therefore very important to possess the kind of search and archiving technology that can filter a network's data based on content or category, Mann said. Without it, the opposing party may go for broader scope -- requesting an image of any machine or server that possesses information even remotely related to the case.
"If ever you have to get an image from over 50 machines, the scope is starting to become less than viable both in terms of expense and the time it takes," he said.
Mann said there are many enterprise search products and storage vault offerings on the market to address these needs.
These tools can give a CIO the assurance they need around the accuracy of the answers they are getting when they seek data from within the organisation.
Having a technology that can search an organisation -- from servers to end-points to archives of e-mails -- and only list relevant data can reduce an e-Discovery process from months down to weeks, he said.
"The legal costs and costs of collection can be reduced considerably."
Tools aside, an organisation also needs to have the right policies to ensure the integrity of data.
A common problem during litigation, Mann notes, is that a defending party will claim that all information relevant to a matter is in a storage vault.
However, their opponent in the litigation might be able to prove, for example, that users in the organisation are able to store e-mail attachments on their end points such as desktops and laptops -- and can push to have these devices included in the scope.
"Its not enough to even say you have a policy that everything is stored on the server," Mann said. "That policy needs to be enforced. If not, it can be argued that it is in scope or relevant data will be missed."
A more streamlined court system
Mann believes that the proposed changes around e-Discovery are important in that they will resolve the bulk of arguments about scope.
"You can spend months arguing about scope, or any other variable you introduce," he said. "But if a court mandates that scope, you are honour bound that it will happen in a certain way."
Mann expects that a more streamlined e-Discovery process will mean more litigation cases, and a greater chance e-Discovery will form a component of those cases.
Vincents Chartered Accountants' Byrne says that the ultimate aim of the reforms is to ensure court access for all Australians.
"We want to ensure that you don't have to have substantial financial and technological resources just to get before the court," he said.