by Tracey Stretton, legal consultant, Kroll Ontrack

The economic downturn has damaged corporate performance and as a consequence companies are more carefully analysing expenses as budgets become more constrained. Like other expense centres in a corporation, the litigation budget is under continual scrutiny. However, as most general counsel know the risk of litigation and the corresponding cost of electronic disclosure does not diminish in a downward economy. In fact, many corporations are facing even more risks today – especially those in highly regulated and litigious industries such as finance, banking, pharmaceuticals, transportation and manufacturing. No company, large or small, is exempt from litigation or from the increasingly complex conundrum known as electronically stored information (ESI) disclosure.

Awareness and Policy
Research commissioned by Kroll Ontrack found there has been a vast growth in ESI awareness and policy enactment over the past 12 months. This demonstrates that high profile sanctions cases and education regarding ESI have been a real wake up call to corporations and their legal teams. However, UK companies are lagging behind their US counterparts in their readiness to cope with the risks involved in legal actions, where huge volumes of computer-stored information plays a crucial role. Many companies are failing to appreciate the legal and logistical issues involved in responding to requests for often sensitive information from regulatory bodies and ensuring that they can provide details of anything that qualifies as electronic information.

The study found that whilst 70% of US companies have policies in place to deal with ESI in a litigation process (compared with 40% in 2007), only 53% (compared with 43% in 2007) of those in the UK can boast similar preparedness. Both figures represent an improved awareness of the need for policy relative to 2007, but they also suggest that the US is still outstripping the UK. In the UK, policy development is up only 10% compared to an increase of 30% in the US. The fact that companies in both the US and the UK are improving their understanding of ESI is positive, and at the same time very necessary. However, given the financial crisis, litigation is, for some, an increasingly necessary option and all companies need to be prepared in order to meet obligations in terms of data disclosure. 

Responsibility
While more companies have an ESI readiness policy, there has been a marked decline in the number of organisations that included top executives in the policy’s creation and enforcement. This, paired with the fact that respondents believe the company’s top executives should bear responsibility if their policy is called into question during litigation or an investigation, represents a worrying disparity for organisations.  Furthermore, companies are increasingly looking to IT departments to shoulder some of the ESI burden.

Though companies are increasingly looking beyond the boardroom in developing strategy for ESI, there remains a belief that CEOs and board directors should ultimately be accountable for shaping policy and its smooth functioning. This is particularly evidenced in the UK where 54% of companies say that their CEOs and board directors should be held accountable if their respective ESI policies result in governmental fines, court imposed sanctions or reputational damage. This is despite the fact that only 20% of UK companies allocate actual responsibility for policy development to such senior figures.

However, the shift in responsibility for development and enforcement can be seen to represent a more mature, collaborative approach to ESI and policy development. The undoubtedly complicated and technical nature of ESI requires a close alliance between legal and IT to ensure ESI strategies are legally compliant, all-encompassing and feasible. But, policy discussions should also include CEOs, so they are fully informed and supportive of the policy. If and when a policy is called into question is no time to play catch-up

Drivers
The huge growth in the number of companies in the US who say they have an ESI policy has been driven by the introduction of the new Federal Rules of Civil Procedure a couple of years ago, which has led to a number of high profile cases.  Fewer companies have a policy in place in the UK and the number of organisations in the US with a policy is soaring ahead.  This can be attributed to the number of cases that people have read about in the US and the fines that were involved (such as the Morgan Stanley and Qualcomm cases).

What’s interesting is that last year, there were a whole host of barriers to successfully executing ESI policies cited by respondents. This year, one third of companies claimed that a lack of time and resource was preventing them from implementing any ESI policy successfully.   

In the UK there are slightly different drivers. There have been fewer cases involving ESI, but companies will act when they see a threat from the regulators, or when they have faced a difficult case themselves and realise that they need to be better prepared. In the UK, there has been a slower progression and this can also be attributed to a lack of time and resources. Inhouse counsel believe that the judiciary is becoming increasingly well-informed about the importance of ESI in dispute resolution. In the UK there has also been a formal call by the Commercial Court for increased corporate responsibility in disclosure in an effort to control litigation costs. Judges are talking about the need for companies to have clear policies in place to justify their actions – if documents are missing and there is no plausible explanation, the Court will draw adverse inferences.

Challenges
While gaining information and education regarding ESI was a legal team’s greatest challenge in 2007, the greatest worry this year in both the UK and the US, is the growing volume of ESI. Furthermore, most companies are increasingly looking to IT departments to shoulder some of the ESI burden – ESI management is no simple task and a true partnership between legal and IT is required to make a company’s policy a success.

The issues surrounding ESI have assumed a higher priority on the business agenda as the financial crisis threatens to trigger legal actions. With litigation and the amount of electronic data requested in disclosure on the rise, coupled with tightening corporate budgets and regulation, corporations cannot afford an ESI misstep. Putting a policy in place, ensuring the executive board is part of policy creation and enforcement, and understanding your digital data landscape is critically important to risk management for the foreseeable future. Litigation is an increasingly necessary option and companies need to be prepared in order to meet data disclosure obligations.