Recommind warns of e-disclosure 'time-bomb' in UK
Recommind reports that over the last year almost half of UK enterprises have experienced an increase in e-disclosure requests (the identification, preservation and collection of electronically stored information for regulatory and internal investigations and law suits)*. IT directors cited fraud and other illegal financial activities as the main contributing factor, with the growth in electronic communication coming a close second.
However, in contrast to this increase, more than two thirds of UK organisations dedicate less than 5% of their IT budget (with nine out of ten dedicating less than 10%) to provisioning and preparing for e-disclosure. Similarly, IT directors still do not fully grasp the need to prepare for these eventualities, rating it as their lowest priority below information security, email archiving and rolling out productivity-related tools. According to Recommind, this oversight could leave businesses highly vulnerable to information risk and the associated consequences including breach of compliance, embarrassing headlines and loss of stakeholder confidence.
“The problem is e-disclosure is still seen as an American problem and for many UK companies, this is all the excuse they need to sweep it under the table,” said Simon Price, European director at Recommind. “However, the reality is that this is a problem facing UK businesses and if the upwards trend continues, before long we’ll see firms over here subject to same level of scrutiny as their US counterparts. And, with far ranging consequences – including hefty financial penalties, and potentially worse, reputational loss – businesses will need to place the same emphasis on making sure they’re ready for any disclosure demands, as they do on IT security or anything else.”
According to the research, IT departments hold ultimate decision making and budget responsibility for e-disclosure at half of all companies surveyed. The legal department made the final decision at a quarter of businesses, but held the budget at just 14% of firms.
“With e-disclosure a relatively new phenomenon for many UK companies, most businesses still don’t fully understand its importance,” continued Price. “There’s a danger that the IT team won’t necessarily recognise and fully comprehend which information should be preserved and disclosed, and which can be discarded. Similarly, the legal department will be experts on this side of things, but they need the IT team to help ensure any technology processes and systems are accurate and up to the job. At the moment, each department seems to have its own different set of priorities, but as e-disclosure becomes more commonplace, businesses need to take a joined up approach with e-disclosure higher up the priority list.”
Recommind has produced the following best practice tips for UK businesses wanting to find out more about e-disclosure and ensure their organisations are fully prepared:
1. Ensure IT and legal departments work closely together to prepare for e-disclosure requests – each department much have a clear understanding on their respective roles in order to meet regulatory challenges
2. Ensure that businesses can consistently and comprehensively respond to e-disclosure requests – in order to reduce the risk of data destruction or alteration, procedures typically only allow a brief window in which to identify, preserve and collect data
3. A single lawsuit can result in the production of more than one terabyte of material (the equivalent of 75 million pages) so it’s essential that firms invest in solutions that can automatically locate and categorise the appropriate data – if not, the process can be extremely time consuming, subject to human error and costly as such
4. Email constitutes the bulk of all electronically stored information in a typical law suit or regulatory investigation – companies should implement and enforce clear email policies, as well as a comprehensive, automated categorisation and legal hold system. This will also help boost employee productivity and lower IT costs
5. Bring e-disclosure in-house – invest in a toolset that can find, preserve and collect data while also removing the need to expensive, time-consuming third party providers
*Survey of CIOs and IT directors at 150 UK organisations with more than 1000 employees conducted by Vanson Bourne in April 2009.