With industry statistics from electronic data discovery, or EDD, vendors like California-based Stratify suggesting that 90 percent of business messaging is currently conducted by e-mail, instant messaging and voice mail, corporate legal consultants are quick to say that the paper trail is a thing of the past. Adding credence to this analysis is a recent ruling by the U.S. Supreme Court that suggests a major shift in the acceptance of electronic discovery in litigation.
"What the Supreme Court has done now is make it routine for [electronic discovery] to happen," says Bob Lipman, a labor and employment attorney with New York-based law firm Lipman & Plesur. "No longer does an attorney have to go before the judge and fight it out."
On April 12, 2006, the U.S. Supreme Court approved new Federal Civil Rules of Procedure that will require early involvement by courts in managing electronic discovery and alter the rules affecting when and how federal courts make provisions for electronic discovery. Lipman says the changes should help provide enhanced guidance to lower courts, eliminate uncertainty with regard to ordering electronic discovery, and enable the routine analysis of millions of e-mails by lawyers seeking ammunition in court battles.
The proposed rules took effect December 1, creating a sense of urgency in corporate environments around the question: Where does the buck stop now? Lipman says that companies need to be addressing whose responsibility it is to implement systems that will provide protection from the potential fallout of problematic e-mail.
"I think tapping those smoking-gun e-mails will be the new frontier of corporate litigation," Lipman says. "It’s mind-boggling to consider the thoughtless e-mail that people write in the workplace."
A recent report conducted by Gartner analyst John Bace says that most organizations are ill-prepared to respond to court-ordered requests for electronic documents. Company executives interviewed said they were not confident that their organization could meet potential e-discovery deadlines or respond to an e-discovery preservation order, which demands that normal procedures for document destruction be suspended. To adequately prepare for the pending changes, Bace says, companies will need to act immediately to avoid the potential for sanctions and "negative inferences" in court battles.
Many industry professionals agree that the responsibility does not rest just with IT.
Bace suggests there should be a cross-functional team for records management and governance that includes senior management, legal counsel, IT and finance. Lipman believes the primary responsibility will rest with the human resources function.
"I think this is the scariest thing that has come before the HR professional in decades," Lipman says.
David Bayer, vice president of marketing and business development with EDD vendor Stratify, notes that traditionally, the vast majority of discovery was paper-based.
"There was a whole generation of software to address the paper world," he recalls.
Now, the availability of EDD software is exploding in the market as software companies try to cash in on what is expected to become a $1.9 billion industry in 2006.
And the technology is thorough and fast, Bayer says. Stratify’s offering can quickly identify relevant e-mail and then explore the relationship of messages between senders, receivers and intermediary correspondents in a matter of minutes.
Companies facing court directives for electronic discovery are often burdened with the cost of producing the data, according to legal experts. In most cases, companies can expect that EDD services will be a costly endeavor.
Bayer notes that costs will vary depending on the amount of data to be analyzed but can range from about $50,000 for a very low 10 gigabytes of data to well over $1 million for midlevel projects.
"The amount of data companies have is just huge," says Michael Simon, attorney and corporate legal associate with Stratify, recalling many situations where companies were required to analyze several hundred gigabytes or terabytes of data.
Experts say many companies are not prepared for the damaging content that can be found within their own e-mail archives. Wall Street firms and other industries regulated by the Securities and Exchange Commission have been faced with the challenges of monitoring e-mail samples and storing electronic communication for years. For those companies that are not regulated, Eric Rosenberg, attorney and founder of New York-based liability consulting firm Litigation Proofing, suggests that HR professionals and senior management ask themselves: How long do we need to archive e-mail?
"In general, most e-mails are more harmful than helpful to a defendant," he says. "If you are not in a regulated industry, you can look at your business practices and say, ‘I don’t need these e-mails past this point of time.’ "
Stewart Marcus, manager of corporate HR for New Jersey-based General Chemical, points out that having a corporate e-mail policy is pretty mainstream, and should be the first step any HR manager takes to protect a company’s interests. With the new push for establishing a culture where electronic documents are work-related and not reflective of an unlawful or discriminatory work environment, though, Marcus emphasizes that simply having employees sign a policy statement will no longer be sufficient.
"I hate to say it’s an HR problem, but it is," he says. "There’s a training issue. You are going to see more and more HR departments taking that on."
Lipman believes that training will be the key component to protecting a company’s interests.
"Frankly, I think the vast majority of employees believe their e-mail is confidential," he says. "Many employees don’t realize that hitting the delete button does not actually make the e-mail go away."
Marcus says that his company’s e-mail training initiatives have been effective and "eye-opening" for employees.
"It was the first time we had done any kind of training," he says, adding that it was money well spent for his company. "Initially, companies can expect that training will be a lot more cost-intensive because it will take time and resources to find and implement the right programs."
E-mail monitoring quandary
Litigation Proofing’s Rosenberg believes companies should consider a combination of both training and employee monitoring. Opinions vary widely as to the effectiveness of surveillance initiatives, but the deciding factor for many companies lies in the fact that monitoring is cost-prohibitive.
"You have a hardware, software and people issue to contend with," Marcus says. "Our IT staff is a small group--we don’t have the people to do it."
To fully implement a monitoring program, Marcus says, organizations typically can expect costs associated with enhancements to its hardware infrastructure, expensive software programs and the personnel resources to review and follow-up on problematic e-mail.
Along with the cost issue, industry statistics suggest that the best software filters either identify a lot of false positives or only catch about 40 percent of offensive material.
Rosenberg suggests that the surveillance function should be a coordinated effort between the HR, legal and compliance departments.
Lipman and Marcus agree that there is an employee morale issue to consider regarding e-mail monitoring initiatives.
"There is a Big Brother component that I think many employees will have a problem with," Lipman says. "I don’t think it will work at every company."
Marcus agrees, noting his experience with a previous employer: "Employees would receive an e-mail from IT [for inappropriate text found in electronic communications]. It used to creep people out."
He says there are hidden costs of monitoring programs that companies should consider. As employees become more aware of people reviewing their communication, Marcus believes they will be less likely to use electronic communication, resulting in higher long-distance costs and decreased efficiency, for example.
"E-mail is an excellent tool. You can exchange information in the blink of an eye," he says. "That’s a cost that is difficult to quantify."
Regardless of the arguments, Rosenberg strongly suggests that surveillance is a component of the overall strategy that companies would be wise to consider.
"Company-provided e-mail systems should not be used for personal communication except for emergencies," Rosenberg says. "You have a right to supervise what your employees do in a given day."