The recent post Information Management is the Key mentioned several steps that are recommended to help organizations effectively handle legal discovery. Additionally, it covers vital data requests such as subpoenas, governmental inquiries or even internal investigations. This post will provide some more detail on how these steps should be implemented to reduce disruption and improve efficiency. This advice should be particularly useful for companies whose processes are missing or haphazard at best.
The primary point to remember is that organizations need to be proactive in setting up policy. Tools, plans and personnel should already be in-place and well tested to minimize disorder when the company is involved in a lawsuit or record request and needs to collect, cull and produce data quickly and efficiently.
1. Create or Update the Litigation Profile
A good proactive first step is to create or update the Litigation Profile. This identifies key areas of legal concern specific to your organization, for example:
- Determine how likely your organization is to become involved in litigation or other critical data requests.
- Outline which laws, regulations and compliance requirements apply to your company.
- Analyze the history of litigation responses within your organization and identify key areas of weakness.
From the information technology side, it is important to:
- Create a detailed data map to diagram the location and type of critical information stores in your organization. This includes on premises, cloud based, LAN, WAN etc.
- Understand which key software suites are utilized in daily business processes (email, document management, social media, human resource records, etc.).
- List the tools and resources (in-house or external) available to access, search and extract information from each of the stores outlined, starting with the most critical (e.g. email, document repositories, etc.) and highlighting the most difficult (back-up tapes, off-site storage, etc.).
- Determine response times for collecting data from each of these stores with the resources available.
2. Review All Policies
Once the litigation profile is in place, it is essential to review all polices that can affect the company’s liability. This includes policies on data retention or deletion, disaster recovery and social media. Processes for electronic discovery, including litigation holds and collection, should be well outlined. If your organization does not already have defined and tested policies or procedures in place, these areas must be addressed immediately. Remember a policy is only effective if it actually works (as any number of adverse judgments in legal cases can attest).
3. Create a Litigation Response Team
The most critical proactive step is to create a Litigation Response Team which is tasked with assessing and responding to all critical regulatory, subpoena, litigation or open records requests. The members should be in place with policies created and processes outlined well before the onset of litigation. This team should be both proactive (setting up plans and policy) and reactive (evaluation, estimation and coordination). Responsibilities include:
- Creating, implementing, updating and auditing critical policy, plans and processes.
- Coordinating the company response to legal action.
- Assessing the costs and outlining procedures for impending litigation.
- Identifying key players to take part in incident response.
- Choosing and deploying tools and resources for an effective electronic discovery process.
- Advising senior management on all litigation or data request issues.
The team should, at a minimum, include strategic personnel from Legal, Information Technology, and Records Management. Members should all be familiar with the critical policies of the organizations and be familiar with the day to day running of the business. It would be helpful if some of the team has responsibly for auditing and updating key policy (e.g. legal hold, retention) and processes for electronic discovery. The team should be familiar with the resources available for effective response as well as the challenges in their particular organization. Once litigation knocks on the door (which they will), this team will jump into action, assessing the case and coordinating the response.
All these steps can seem quite involved. However, your best chance at handling critical events with minimal liability or disruption hinges on effective information management, proactive policy creation and a well audited electronic discovery process.