Latest News

Document retention may be on the agenda but discovery readiness lagging behind

A key finding in the Third Annual ESI Trends Report, an
independent study commissioned by Kroll Ontrack, highlights a
serious risk and a false sense of security that the existence of a
document retention policy is adequate to protect organisations when
litigation or other events requiring ESI strikes. So, although a strong majority in the UK and USA (80% in the UK and 87% in the US) have a document retention policy but a much smaller number (41% in the UK and 46% in the US) claim to have an ESI (electronically stored information) discovery readiness strategy.

This year’s survey also reveals only 14% of UK and 28% of US companies strongly agree their ESI discovery policy or strategy is repeatable and defensible. And, only 39% of UK and 57%t of US companies have a mechanism to preserve potentially relevant data when litigation or a regulatory investigation occurs. Without an identified means to suspend the expulsion of potentially responsive data, many companies are not positioned to execute proper preservation protocol or claim their ESI discovery readiness policy is effective.
“The economic downturn forced corporations to determine how to effectively and adequately defend organisational assets with fewer resources,” said Kristin Nimsger, president of Kroll Ontrack. “The best way for corporations to ‘do more with less’ is to implement sensible ESI preparedness strategies. Planning will not only prevent an ESI discovery misstep, but also serve as a corporation’s best discovery cost savings strategy. Furthermore, having a sound document retention policy is an important step, but without a reliable mechanism to ensure that the policy is properly implemented and, more importantly, may be suspended in response to litigation, companies are still at risk. Testing the defensibility of practices and policies before they are challenged in a legal proceeding is also highly advisable.”

The survey also shows that 54% of UK and 63% of US companies believe the need to produce ESI for litigation and or an investigation has increased in the past 12 months. Despite this, less than half of companies in the UK and US have updated their ESI discovery policies to include newly utilised corporate technologies and channels such as virtualization and social networking sites. Moreover, UK and US. businesses report experiencing an average of at least one data breach annually, proving effective ESI risk management is further complicated by security considerations.

“Policies are only effective when they are kept up-to-date to include the tools, devices and communications their organisations are utilizing,” said Martin Carey, managing director for Kroll Ontrack UK “Sound planning does not stop with document retention and discovery readiness policies. In today’s environment, data security risks must be taken into account and addressed in a company’s document retention and ESI discovery readiness policies and strategies.”  

Despite shortcomings, the survey does reveal a continued evolution with respect to ESI discovery readiness strategy creation and enforcement ownership. Companies both in the UK and US are looking to IT and legal to co-own this task, a drastic change from the inaugural report, when in-house counsel owned this function. Moreover, three quarters of businesses in the UK and US claim IT and legal teams are effectively working together to respond to ESI discovery requests. This relationship is not without its challenges. IT are feeling the brunt of the work following the implementation of ESI discovery readiness policies, and time restraints, differences in day-to-day priorities as well as technical and legal expertise discrepancies were cited as the top collaboration challenges amongst both IT and legal.

“While IT and legal have joined forces and taken steps in the right direction, there is still work to be done,” added Carey. “Collaborating to create policies is one thing, but sound implementation, enforcement and management requires regular communication, cooperation and a lot of patience.”

• The survey was conducted by Research Plus on behalf of Kroll Ontrack. A
total of 461 online interviews were conducted amongst IT and inhouse
counsel within commercial businesses, 231 of which were in the USA and
230 of which were in the UK. Interviews were completed between June and
August 2009. To see the results in entirety, visit

• In the UK, the recent case of Timothy Duncan Earles -v- Barclays Bank Plc – and the decision to penalise Barclays – is a sharp reminder of the need for companies to have thorough and effective disclosure readiness strategies in place. Judges now expect companies to have clear policies to justify their actions and if documents are missing and there is no plausible explanation the court can draw adverse inferences and impose severe penalties. With the threat of litigation likely to increase over the coming months companies need to ensure that they have a document retention policy in place and are ESI discovery readiness.

3 replies on “Document retention may be on the agenda but discovery readiness lagging behind”

Good stats and article Charles.
As you can imagine here in South Africa we are a bit behind the rest of the world. Do the Practice Management systems handle most of the ESI, or do firms use specialised systems, and if so which are the ones that dominate?
As you said with more focus on security, the more people have to implement systems to counter act the threat. Never ends.
Also, surely firms that use document imagine right from the start of the matter in a firm, would be in a far better spot to do ESI, and it would be a further process, but the schlep of creating the images would be already done.

Malcolm, generally we use specialised tools to process, review and produce ESI. The acronym “ESI” stands for “electronically stored information” and refers to emails, spreadsheets, word processing documents, etc. that are created and already stored in electronic format so no imaging required. Practice, or document, management systems tend not to be very good at doing what the lawyers need to do to resolve disputes as that is not their focus.
The fact that you are in South Africa does not mean that you lag behind the rest of the world in your recognition and treatment of ESI. Just look at recent developments in Australia.
I recommend to you Chris Dale's excellent blog, which (in plain, and very good, English) covers developments in this field in the UK, the USA and Australia, as well as anywhere else in the world (South Africa included) where there may be relevant developments:

Comments are closed.