IT organizations have survived Y2K, the Sarbanes-Oxley Act, HIPAA and other compliance issues that more or less...
have an end in sight once the deadlines have been met. But there's one hurdle for CIOs at small and medium-sized businesses (SMBs) that never really ends: the emergence of rules relating to electronic discovery, or e-discovery, of corporate communications and documents in court cases.
"The biggest thing we have to do from a small-company perspective is to balance everything we have to do because we don't have the luxury of a big staff," said Dan Grosz, vice president of information systems at VIP Parts, Tires & Service in Lewiston, Maine. "We wear multiple hats, and I don't want to add yet another hat. I have enough to worry about without having to become a lawyer.''
Yet Grosz said he recognizes that he will have to work with legal advisers to understand how the evolving e-discovery rules will affect his IT operations. He will also have to educate business-side users on the implications of e-discovery in their day-to-day communications.
While Grosz is monitoring e-discovery developments, other organizations -- particularly smaller companies -- may be unaware of or may be ignoring the emerging rules.
"I think they are in denial. Until somebody really gets slammed by a judge as a result of failing to comply with FRCP, I think most people will put that on the bottom of their priority list," said Nik Simpson, storage analyst at Burton Group Inc. in Midvale, Utah.
"I don't think the rules were really well written. So, unless you have somebody who can deeply interpret them for you it's hard for companies to know what they should do or should not do," Simpson said.
The bottom line to the amendment to the FCRP -- the rules that govern civil cases in U.S. federal courts -- is that they put digital documents and communication on a par with written documents and require companies involved in suits to be able to show early in the proceedings what documents they have and can produce at what expense. In addition, the changes place the onus on a company to make a good effort to store and archive relevant documents "at the point of creation" rather than trying to find and recover them once a legal action is filed, according to Simpson. "It has to be a much more proactive approach to preserving what you might call an evidence trail," he said.
Proof is in the pudding
So, what is evidence? In some cases, it's easy to see that certain forms and financial records may prove important. However, it's more difficult to know which emails, instant messages and office documents such as Microsoft Word files and Microsoft Excel spreadsheets should be preserved. Those typically hold unstructured data but could be crucial in an action such as a stockholder suit relating to a merger when a CEO was involved in an email discussion.
One key for companies dealing with limited resources is being able to understand what types of content to preserve, according to Brian Babineau, a senior analyst at Enterprise Strategy Group in Milford, Mass. He noted that one useful resource for IT managers is a project manager who serves a bridge between IT and the business side, including a company's legal team. That person can be a "universal translator" for the varied departments, Babineau said. In addition, SMBs probably have to turn to specialized consultants and law firms for advice on e-discovery, he said.
However, Babineau also pointed out that technology vendors may confuse the situation for IT managers. "The biggest problem IT managers probably will face is that everyone talks about compliance. 'My product can be used for compliance.' But there's no silver bullet, no one technology that can say, 'We are the e-discovery solution.' So they have to wade through the compliance marketing conundrum that many of the vendors are creating to see, 'OK, what do I have to comply with before I start investing in all these widgets,'" Babineau said.
Tools of the trade
Some tools can be advantageous when it comes to dealing with e-discovery. Enterprise search tools embedded in backup and archiving technology hold promise for SMBs, Babineau said.
But Simpson warned that IT can't deal with e-discovery alone. "The greatest challenge is the whole interface between IT and the people who need to be setting policies. People think that because we're talking about computer data, then IT should take care of this," Simpson said. "That's totally unreasonable. They can take care of storing the data, but deciding which data to store really shouldn't be their decision at all."
James M. Connolly is a contributing technology writer based in Norwood, Mass.