Article

Risky business: Talking to your company's lawyer

Linda Tucci, Executive Editor

The joke goes something like this:

A guy goes by in a balloon and yells down to a man on the ground, "Where am I?" The man on the ground says, "You're in a balloon, 30 feet above the ground, headed from this direction to that." "You must be a lawyer," says the guy in the balloon. "You've given me information that is technically accurate and terribly useless and I'm in no better situation than I was when I came to you with a problem." The lawyer says: "And you must be an executive. I've given you accurate information, and now it's all my fault!"

    Requires Free Membership to View

Miscommunication is actually no laughing matter for CIOs or their companies, said attorney Erik Phelps, a featured speaker at the recent Fusion 2007 conference in Madison, Wis. The revision of the Federal Rules of Civil Procedure, which mandate the accountability of electronically stored information in lawsuits, means CIOs and lawyers need to start speaking the same language.

"Can you get sued? The answer is always yes," said Phelps, a partner at Michael Best & Friedrich LLP and former general counsel for catalog and online retailer Lands' End.

The stakes are "immensely high," Phelps said. Cases are decided on facts. Facts live in documents, in emails, on BlackBerrys, throughout the electronic archive. A well-informed attorney who goes into a case with a good handle on his company's information assets has an enormous strategic advantage over the other side.

Treat e-discovery like disaster recovery

Think broadly about existing data stores, Phelps advised. That includes everything from typical spreadsheet documents to less obvious repositories, such as USB flash drives, instant messaging, Web server logs and home computers. Every one of these data stores has been the subject of a subpoena and a mandatory obligation to produce the information in a lawsuit.

CIOs need to review and document their various data stores, with attention paid to the policies applicable to them. Where is the data kept, how long, how much, does it need to be kept for everyone, is it backed up, does it involve automatic destruction and who has access, etc. More important, who owns the data -- a detail that is often overlooked.

"That is the person the lawyer has to go to and say, 'Stop, this all has to be preserved!'" Phelps said. When litigation takes place, the company has to stop the automatic deletion of certain information. It might be email or particular databases. CIOs should know how to stop the deletion if the data is put on litigation hold, and then ask themselves whether they could do that "tomorrow."

"You will be of tremendous value to your organization and your organization's risk profile if you think about these issues now," Phelps said.

Indeed, Phelps recommended CIOs treat e-discovery like disaster recovery and do periodic run-throughs to make sure data is accessible. Ask the lawyers which claims their company is most likely to get smacked with and figure out how to execute the data requests in an "orderly fashion."

"Get used to working with discovery vendors and your outside litigation counsel -- and don't change, or you go through the same learning curve over and over again," he said.

Reasonably accessible, according to lawyers

Ed Meachen, CIO for the University of Wisconsin System, said his group is embroiled in a "very major litigation hold," with no sense yet whether the case will turn into litigation. Potential costs could mount to tens of thousands of dollars not built into the IT budget. What to do?

Exercise judgment, Phelps said. Under federal rules, organizations are obligated to reproduce reasonably accessible information. "Now unfortunately, lawyers drafted the rule and interpret it, so I can't give you a clear answer that this data server is reasonably accessible and that one is not," he said.

But this is one of the areas where good communication between the CIO and legal counsel is critical. If it's decided some of the requested information is not reasonably accessible, the burden falls to the other party to prove why they need it and "there are potential cost shifting implications," Phelps said.

He's worked on cases where backup tape exists, but the system to reproduce it no longer exists. "The plaintiff's answer is great, 'Go find a new system," Phelps said, but the rules are a "little bit more rational."

However, if the data is living on an active system, fights over whether it is reasonably accessible "will happen," he stressed. In fact, 10% or even 25% of the CIOs who were in the room at his Fusion 2007 talk will be deposed on this very issue in the next three years, he said, and may end up being called into court.

"We stand in open court all the time and say, the CIO says absolutely, this can't be restored, it will cost hundreds of thousands of dollars. 'Really?' the judge says. 'Bring her in,'" Phelps recounted. "The CIO is put on the stand, raises her right hand. 'Could she reproduce the data if her business told her to?' 'Yeah, I guess I could.'" So much for absolutely not accessible.

One bright note: The rules allow parties to agree that electronically stored information is not relevant to this lawsuit. Courts may well honor it, Phelps said -- "and now you don't have to produce anything," But, he cautioned, you have to think about this issue early, or you are going to get stuck with what the judge orders.

Let us know what you think about the story; email: Linda Tucci, Senior News Writer


There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: