by Tracey Stretton, legal consultant, Kroll Ontrack

The
economic downturn has damaged corporate performance and as a
consequence companies are more carefully analysing expenses as budgets
become more constrained. Like other expense centres in a corporation,
the litigation budget is under continual scrutiny. However, as most
general counsel know the risk of litigation and the corresponding cost
of electronic disclosure does not diminish in a downward economy. In
fact, many corporations are facing even more risks today – especially
those in highly regulated and litigious industries such as finance,
banking, pharmaceuticals, transportation and manufacturing. No company,
large or small, is exempt from litigation or from the increasingly
complex conundrum known as electronically stored information (ESI)
disclosure.


Awareness and Policy
Research
commissioned by Kroll Ontrack found there has been a vast growth in ESI
awareness and policy enactment over the past 12 months. This
demonstrates that high profile sanctions cases and education regarding
ESI have been a real wake up call to corporations and their legal
teams. However, UK companies are lagging behind their US counterparts
in their readiness to cope with the risks involved in legal actions,
where huge volumes of computer-stored information plays a crucial role.
Many companies are failing to appreciate the legal and logistical
issues involved in responding to requests for often sensitive
information from regulatory bodies and ensuring that they can provide
details of anything that qualifies as electronic information.


The
study found that whilst 70% of US companies have policies in place to
deal with ESI in a litigation process (compared with 40% in 2007), only
53% (compared with 43% in 2007) of those in the UK can boast similar
preparedness. Both figures represent an improved awareness of the need
for policy relative to 2007, but they also suggest that the US is still
outstripping the UK. In the UK, policy development is up only 10%
compared to an increase of 30% in the US. The fact that companies in
both the US and the UK are improving their understanding of ESI is
positive, and at the same time very necessary. However, given the
financial crisis, litigation is, for some, an increasingly necessary
option and all companies need to be prepared in order to meet
obligations in terms of data disclosure. 


Responsibility
While
more companies have an ESI readiness policy, there has been a marked
decline in the number of organisations that included top executives in
the policy’s creation and enforcement. This, paired with the fact that
respondents believe the company’s top executives should bear
responsibility if their policy is called into question during
litigation or an investigation, represents a worrying disparity for
organisations.  Furthermore, companies are increasingly looking to IT
departments to shoulder some of the ESI burden.


Though
companies are increasingly looking beyond the boardroom in developing
strategy for ESI, there remains a belief that CEOs and board directors
should ultimately be accountable for shaping policy and its smooth
functioning. This is particularly evidenced in the UK where 54% of
companies say that their CEOs and board directors should be held
accountable if their respective ESI policies result in governmental
fines, court imposed sanctions or reputational damage. This is despite
the fact that only 20% of UK companies allocate actual responsibility
for policy development to such senior figures.


However,
the shift in responsibility for development and enforcement can be seen
to represent a more mature, collaborative approach to ESI and policy
development. The undoubtedly complicated and technical nature of ESI
requires a close alliance between legal and IT to ensure ESI strategies
are legally compliant, all-encompassing and feasible. But, policy
discussions should also include CEOs, so they are fully informed and
supportive of the policy. If and when a policy is called into question
is no time to play catch-up


Drivers
The
huge growth in the number of companies in the US who say they have an
ESI policy has been driven by the introduction of the new Federal Rules
of Civil Procedure a couple of years ago, which has led to a number of
high profile cases.  Fewer companies have a policy in place in the UK
and the number of organisations in the US with a policy is soaring
ahead.  This can be attributed to the number of cases that people have
read about in the US and the fines that were involved (such as the
Morgan Stanley and Qualcomm cases).

What’s
interesting is that last year, there were a whole host of barriers to
successfully executing ESI policies cited by respondents. This year,
one third of companies claimed that a lack of time and resource was
preventing them from implementing any ESI policy successfully.   


In
the UK there are slightly different drivers. There have been fewer
cases involving ESI, but companies will act when they see a threat from
the regulators, or when they have faced a difficult case themselves and
realise that they need to be better prepared. In the UK, there has been
a slower progression and this can also be attributed to a lack of time
and resources. Inhouse counsel believe that the judiciary is becoming
increasingly well-informed about the importance of ESI in dispute
resolution. In the UK there has also been a formal call by the
Commercial Court for increased corporate responsibility in disclosure
in an effort to control litigation costs. Judges are talking about the
need for companies to have clear policies in place to justify their
actions – if documents are missing and there is no plausible
explanation, the Court will draw adverse inferences.


Challenges
While
gaining information and education regarding ESI was a legal team’s
greatest challenge in 2007, the greatest worry this year in both the UK
and the US, is the growing volume of ESI. Furthermore, most companies
are increasingly looking to IT departments to shoulder some of the ESI
burden – ESI management is no simple task and a true partnership
between legal and IT is required to make a company’s policy a success.


The
issues surrounding ESI have assumed a higher priority on the business
agenda as the financial crisis threatens to trigger legal actions. With
litigation and the amount of electronic data requested in disclosure on
the rise, coupled with tightening corporate budgets and regulation,
corporations cannot afford an ESI misstep. Putting a policy in place,
ensuring the executive board is part of policy creation and
enforcement, and understanding your digital data landscape is
critically important to risk management for the foreseeable future.
Litigation is an increasingly necessary option and companies need to be
prepared in order to meet data disclosure obligations.