InfoEdge Logo
Offering Select IT And Business Management Research
research@infoedge.com
800.544.7337 | 617.969.9080
Home Page About Us Contact | Questions Shopping Cart
Recent Reports Information Centers Free Research IT Business News and Articles CIO Strategy Center Browse Categories
Related Reports
Security Audit Program
The audit program is one that either an external auditor or an internal auditor can use to validate the compliance of the Information Technology organization and the enterprise to ISO 17799, Sarbanes-Oxley, HIPAA, and PCI-DSS.
IT Spending, Staffing and Technology Trends
The study tracks spending in ten industry and government sectors and provides objective and comprehensive data designed to assist IT and business executives in the financial and strategic management of information technology.
Options in Enterprise Backup
This report reviews the intricacies of backup practices and procedures, including security, business continuity, archiving and compliance.
The State of the Mainframe
Mainframe MIPS growth is averaging around 20% per year. This new report looks at the current state of this "legacy" system.
IP Telephony Solutions: Product Comparison Report
This report includes an overview of the enterprise IPT market, a comparison of nine leading IPT solutions, and a summary of the relative strengths and weaknesses of each product.
Regulatory Resource   Threat Intelligence      Resilient IT      Boardroom Strategies      
Boardroom Strategies / Initiatives

Avoiding Legal Minefields in Court

By Jodi Mardesich

During the past few years, the legal discovery of electronic mail messages has had a profound impact on U.S. court decisions. The content of email, as well as the mismanagement of email, have led to judgments, convictions, and fines. In other cases, lack of preservation and even destruction of email evidence have resulted in fines and judgments against both corporations and individuals.

The headlines generated by the discovery of email evidence are memorable. In U.S. vs. Microsoft (2001), incriminating emails from Chairman Bill Gates and other top Microsoft officials brought to light the company's anti-competitive business practices and helped lead to a ruling that the company had a monopoly in operating system software. More recently, the high-tech investment banker Frank Quattrone was convicted of obstructing a government probe with the discovery that he had forwarded an email from a colleague at Credit Suisse First Boston urging employees to "clean up" their files and discard documents.

While legal discovery -- the process of finding information that was previously unknown -- used to be only the business of corporate lawyers, the increasing request for electronic evidence is making it the purview of the CIO as well. Corporations are required to turn over records of information that relate to litigation when they are sued or prosecuted. Increasingly, those records are stored electronically, often in email.

Moreover, the impact of email on discovery will continue to escalate, as email use becomes even more prevalent. IDC forecasts that the average number of emails sent each day worldwide will reach 84 billion this year. This year, the volume of business email will reach 3.5 exabytes (one billion gigabytes) -- more than double the amount created in the past two years, IDC says.

Email systems were originally created to send and read messages. As usage has proliferated, email systems have become de facto storage and retrieval systems for corporate communications, a task they were not designed for. Without proper education, employees unwittingly delete communications that by law should be archived. As electronic communications more regularly become key resources for discovery in lawsuits, the CIO needs to take a greater role in overseeing the retention and management of email.

Smart CIOs should therefore create policies and procedures around email, instant messages, and even voicemail in order to protect their companies' interests. Preparation can also help save money and effort in the event of an electronic discovery request.

How common are e-discovery requests? According to a recent survey of 840 organizations by the ePolicy Institute and the American Management Association, one in five said they had received subpoenas for employee email to defend the organization in cases of sexual, racial, or other discrimination(the survey only covered requests for information in discrimination cases).

"If your IT group has not yet been involved in a legal discovery action, count yourself among the lucky few," says Gartner Group analyst Debra Logan. "It doesn't mean it hasn't happened -- it just means you don't know about it."

When e-discovery requests are made, deadlines are set for turning over files. However, many organizations are unprepared for litigation or criminal prosecution in the digital age, Logan says. "Organizations respond, but often in a disorganized and hasty fashion, which adds cost and risk to the operation," she says.

Preparing for e-discovery
CIOs can better protect their organizations by knowing the laws governing retention, putting policies into place, and educating employees to make sure they comply with the laws. In addition, by taking certain steps, CIOs reduce the costs of finding information and help avoid fines sometimes levied against companies for not turning over information in a timely manner.

  • Create an interdepartmental task force The CIO, email and security administrators, in-house or external legal counsel, and operations staff need to communicate to understand each other's roles in the creation, protection, and management of electronic information. Someone in the IT department should be familiar with legalities and be able to capture and produce a computer file that can be entered into evidence without a charge of spoliation, Logan says. And an attorney -- either inside or outside counsel -- should know the organization's IT architecture and be able to explain it.
  • Know the rules  Regulations that affect different industries have different document retention requirements. All public and private companies should understand how the proliferation of email impacts the Internal Revenue Service requirements to save records for seven years. Public companies should extend document retention policies to email to remain compliant with Securities and Exchange Commission rules. Relatively new regulations should be examined, as well. For instance, the Sarbanes Oxley Act requires that auditors keep records -- including emails -- that may influence client reports for seven years.
  • Create electronic document retention policies After determining which and how long documents must be saved, CIOs should create policies to safeguard documents. This includes determining which documents should be preserved, and instituting rules preventing the deletion of pertinent files.
  • Educate users The success of document retention policies depends on employees being familiar with them and following them. Administrators and employees must be educated on which emails should be saved, how they should be saved, and which can be deleted.
  • Perform audits To ensure policies are being enforced, CIOs should perform periodic audits of how employees are complying with policies.

Since email programs were not created with e-discovery in mind, CIOs might wish to consider evaluating software applications that have been designed to support email policies and e-discovery. Various software applications have been created to manage document retention and streamline the e-discovery process.

E-discovery can be costly and time-consuming, but the consequences of not preparing for or complying with e-discovery requests are much worse. Creating policies for managing and preserving important electronic communications can help an organization find records more quickly, and avoid fines due to non-compliance.

Jodi Mardesich writes about business and technology. Her writing has appeared in The New York Times, Fortune, San Jose Mercury News, The Advocate, Salon, Slate, and Yoga Journal.

CIO Strategy Center is a daily editorial resource offering innovative insights and strategies for building an integrated, secure and resilient IT infrastructure.

Articles by Topic
Initiatives
Peers and Superiors
Enterprise Smarts
Related Content

Features

View More


Metrics

View More

Fast Fact

"If your IT group has not yet been involved in a legal discovery action, count yourself among the lucky few."

--Gartner Group analyst Debra Logan
Sponsor Tools

Resources

White Papers

View More


Podcast Audio Content

CIO Strategy Center is now available in audio format.

This week's feature topic is:


Preparing for a Disaster
Playtime: 8 min 07 sec



Download | Subscribe

Copyright © 2009 Studio One Networks. All rights reserved.
Geography Specific | Advanced Technologies | Industry Verticals | Executive Management | Information Technology | Human Resources | Telecommunications | Sales And Marketing | Finance | Hardware | Software | Web | Outsourcing | Top IT Priorities
home   |     site map   |     about us   |     privacy statement   |     research providers   |     contact us   |     categories

Entire contents ©2008 InfoEdge. All Rights Reserved.
Email: research@infoedge.com