Mitigating risk through better communication
As the volume of electronically stored information (ESI) rises rapidly, improving the understanding among the C-suite, legal and IT functions is key to controlling costs and better managing e-discovery risks.
To assess the state of e-discovery readiness at U.S. companies, the Deloitte Forensic Center commissioned the Economist Intelligence Unit (EIU) to conduct a survey of respondents in the legal, risk, compliance and information technology (IT) functions.
The Deloitte Forensic Center’s analysis of the E-Discovery: Mitigating Risk Through Better Communication survey results1 identified three interrelated challenges. They are:
At the heart of e-discovery are two corporate functions that historically have had little in common, and tend to speak their own technical languages: legal and IT.
Neither can be truly effective in the e-discovery process without a clear understanding of the other, yet communication and coordination between these two departments appears to be unclear to many survey participants: More than one-third of respondents (36 percent) don’t know the answer to how their legal and IT departments communicate.
And of those with an opinion about how the two departments work together on e-discovery, 40 percent say they communicate poorly, and 35 percent say their companies have not created a “Discovery Response Team” or similar structure that includes representation from IT, legal, human resources (HR) and other relevant departments.
Deficient communication and a lack of coordination between departments can lead to an organizational lack of awareness about e-discovery.
According to the survey, more than one-third of respondents, including C-suite, (36 percent) don’t know how committed their company’s C-suite is to finding a solution for e-discovery issues. In addition, one-quarter (25 percent) don’t know if their company’s C-suite is aware of e-discovery issues—16 percent of respondents are sure that they are not!
A lack of awareness about e-discovery and its challenges can naturally lead to a low priority being given to preparing for litigation: Only 20 percent of respondents think legal resources are appropriately allocated to e-discovery and only 18 percent say the same about financial resources. As ESI volumes increase and new sources of ESI emerge, those challenges are likely to become more difficult.
As one might expect, lack of awareness is already an obvious issue: overall about one-third of respondents did not know the answer to several questions in the survey, and respondents from the risk and compliance functions actually had a higher tendency of reportedly not knowing the answer than survey takers from the IT and legal functions.
On average, the risk and compliance groups answered “don’t know” 48 percent and 53 percent of the time, respectively, while both IT and legal respondents answered “don’t know” 37 percent of the time.
Survey participants with greater seniority appear to have more knowledge about e-discovery. On average, C-level respondents answered “don’t know” only 25 percent of the time, while non-C-level respondents said “don’t know” 47 percent of the time.
Obstacles to readiness
Almost half of respondents said their companies are only somewhat effective (43 percent) or not at all effective (6 percent) in dealing with the challenges of e-discovery today. And compliance with e-discovery requests poses a challenge for more than one-third of companies, according to those surveyed.
How effective is your company in dealing with the challenges of e-discovery today?
Many companies also lack the resources and sophistication to manage e-discovery effectively.
For respondents that say their firms are challenged by e-discovery, the most common complaints are: a lack of funds to address e-discovery requirements (25 percent), the volume of data subject to e-discovery (23 percent), and the complexity of data-privacy and security requirements (19 percent).
Of those respondents with an opinion, 62 percent say their company is concerned about e-discovery challenges posed by social media web sites and blogs. Indeed, only 8 percent of respondents said their company was well prepared and more than half of respondents’ companies are either unprepared (25 percent) or only somewhat prepared (36 percent) to handle e-discovery requests relating to social media.
Given the extensive use today of social media such as Facebook and Twitter during employees’ work and personal time, this suggests an e-discovery challenge that may require attention by many companies.
How prepared is your company to address e-discovery requests as it relates to business-related communications via social media web technologies (i.e., social media sites, blogs)?
The demands of e-discovery are growing
None of these challenges appear likely to diminish in the foreseeable future. Forty-four percent of respondents expect e-discovery challenges to increase over the coming three years, and 39 percent expect to devote more resources to e-discovery over the same period. And nearly half of respondents (49 percent) expect their company’s IT department to work on e-discovery efforts more over the next three years.
Three years from now
E-discovery is anticipated to become harder: 44 percent of respondents expect e-discovery challenges, along with government rules and regulations, to increase over the coming three years. And of those respondents with an opinion, 61 percent expect to be only somewhat effective or not at all effective in dealing with e-discovery challenges three years from now.
That could suggest a lot of risk for companies unless improvements are implemented to avoid this expectation becoming reality.
Five areas of potential improvement
With electronically stored information rising rapidly in volume, the challenges of communication, awareness and readiness should be addressed if the risk of e-discovery missteps is to be mitigated.
Mismanaged e-discovery has led to many tales of litigation woe, involving sanctions, lost cases and fines. Improper ESI management, as the Sedona Conference points out, is simply bad business.
Improving communications among the C-suite, legal and IT functions is crucial to controlling the costs and mitigating the risks of these e-discovery challenges.
Our survey results suggest five areas for companies to consider for potential improvement in e-discovery management:
- Training: Due to a lack of knowledge and effectiveness in dealing with e-discovery issues, greater training in e-discovery awareness, procedures, data privacy and security may be needed by employees who deal with legal, privacy, compliance, risk-assessment or IT issues.
- Communication: Because of the continuing communication challenge between legal and IT, cross-departmental e-discovery training sessions could help the IT department better understand what the legal department needs from them and help the legal department better understand what IT can and cannot accomplish.
- Social media: Social media are posing new challenges for e-discovery. Given the extensive use today of social media such as Facebook and Twitter during employees’ work and personal time, companies may need to update their procedures to address this growing area of risk.
- Leadership commitment: Senior executives may need to make their support and expectations for e-discovery plans and projects more explicit to strengthen employees’ perceptions about how committed the C-suite is to finding solutions to e-discovery issues.
- Vendor consolidation: The survey reveals little knowledge of technology vendor consolidation. This may be an opportunity for companies to take an inventory of their e-discovery technologies and vendors to see where greater efficiencies can be achieved through the use of fewer vendors.
1Certain calculations in this white paper do not include “Don’t Know” responses so that a more detailed comparison can be presented.
As used in this document, ‘Deloitte’ means Deloitte LLP (and its subsidiaries). Please see www.deloitte.com/us/about for a detailed description of the legal structure of Deloitte LLP and its subsidiaries.
Subscribe to receive periodic publications from the Deloitte Forensic Center.