A Perfect Storm

Sub-prime litigation will likely put a strain on many financial firms and their IT departments in response to e -discovery requests and internal investigations. With unstructured data like email, SharePoint, and instant messaging growing in volume, size and value , a proactive approach to data archiving and retrieval becomes the cornerstone of a defensible, affordable and repeatable discovery process.

Recent studies suggest the volume of subprime litigation will soon surpass that of the savings and loan cases of the early 90s. Hundreds of new cases have already been filed this year , with over half of them naming at least one Fortune 1000 company as a defendant. The exponential growth of electronic data , coupled with the cost of collecting and preserving it for litigation , adds to the challenge. A defensible and efficient process will be necessary to mitigate the impact to IT and the risk that data was not handled properly. Financial institutions could be looking at a 50 to 100% increase in legal matters over the next few years. Is your IT organization equipped with the necessary tools to handle this?

The Federal Rules of Civil Procedure (FRCP) were amended in December 2006 to help clarify how electronic information should be handled during litigation. The rules mandate changes in the way organizations manage their data. IT and Legal can no longer exist as separate entities and must work together so that each organization has detailed knowledge of what data is stored, where it is kept, and how long to keep it. Legal needs to develop a legal hold process for ESI and IT needs to have the ability to quickly and accurately respond to litigation hold notices. This requires processes and procedures combined with technology automation to create a defensible response. CIO’s need to fully recognize the importance of this responsibly to the legal department while also minimizing the impact to the IT organization.

Data that is relevant to an impending or anticipated litigation must be preserved. An inability to preserve relevant data may result in what is called “spoliation ” which in simplest terms is akin to forfeiting the game, or fixing the game in some cases. Preparing your IT organization for the FRCP can truly be a daunting experience. This is especially true considering the number of devices and endpoints that employees and partners use to communicate electronically and store information – including data on mobile or unconnected platforms like laptop computers, PDAs, messaging cell phones, Blackberry devices, etc.

Financial institutions should incorporate a proactive approach to their discovery processes and potential sub -prime matters – first evaluating their overall risk to possible future litigation. When assessing this risk , it is important to work in conjunction with all company departments: compliance, IT and legal. In-company collaboration is critical in assessing potential exposure, and necessary in developing a solution. You need to have an internal e-discovery process defined and tools that will allow your company to quickly and cost-effectively execute that process .

Manual retention and expiry processes are prone to human error, a particular problem in litigation. Demonstrating a good faith policy and automated system for the retention and expiry of electronically stored information can potentially protect an organization from sanctions when it is unable to produce certain data. Without this type of routine operation, the presumption is often that the respondent is acting in bad faith. The risk of sanctions can be reduced by implementing a system for document and retention management alongside an ability to immediately suspend that system in the event of anticipated litigation.

Taking a consolidated and automated approach to data archiving and retrieval will not only help financial firms respond quicker and more accurately to discovery motions and other inquiries for information, but also saves money It is estimated 90 percent of the time spent fulfilling e-discovery requests can be eliminated with the appropriate processes and technology in place. Does your IT department have the time, resources and skills to spend that much time responding to investigations or are there other IT projects and priorities that could use the attention?

For information on how Symantec software and services can help your institution comply with government regulations and legal ediscovery requirements, please visit www.symantec.com/ev.