For those companies who watched on the sidelines as The Sarbanes-Oxley Act of 2002 and its stringent requirements for accountability rattled the IT departments of public corporations, get ready to play ball. The Federal Rules of Civil Procedure on e-discovery are about to change, pulling all corporate IT departments into the game.

The new legal rules will require every corporate litigant to recognize, declare, and produce e-mail and files in civil litigation. In a nutshell, the new rules impose standards on discovery issues that are unique to electronic records, seriously complicating the life of the IT director or CIO. Unless challenged by Congress, the proposed amendments go into effect on Dec. 1, 2006.

"This is going to be a real mindset change for IT," says Greg Buckles, senior product manager e-discovery at Symantec Corp. "It used to be that legal did legal. Now, legal will depend on IT to be a part of legal's process," he says.

Corporate IT not only has to understand the changes, but must also be ready for them. Just look at the $1.45 billion sanction, or effective penalty, issued last year against Morgan Stanley for its indiscriminate response in pretrial discovery for not retrieving e-mails.

Getting Onboard
For years, the legal discovery process, or asking for information during a legal action, has largely focused on printed records. Even in those cases where information was in electronic form, there would be a transcript or the information was printed out. But there are problems with printing out electronic information: relevant information is sometimes lost and the costs are steep.

As recent corporate scandals upped the ante on the relevancy of e-mail and electronic files, and some government agencies began asking for original electronic files instead of printouts, it became increasingly apparent that no standards were in place for e-discovery. E-discovery is a generic term used to encompass how the legal world of litigation, regulation, and criminal investigation searches, collects, processes, and produces electronic files.

"While IT may be asked to pull e-mails relevant to a legal case, there are no uniform methods for how IT is supposed to pull the e-mails or if the information provided will satisfy the request," says Buckles.

Not yet. But the proposed changes in Federal Rules of Civil Procedure will impact e-discovery and archiving. "The new rules try to put into place workflow to make the task manageable," he adds. But manageability requires that corporate IT be proactive in how it manages data.

Where It Counts
The proposed rules of key concern to corporate IT are 16, 26F, and 35—early discovery conference and discovery plan. The rule changes mandate a pre-discovery meeting between parties to discuss issues regarding the protection, discovery, and production of relevant electronic data.

At the pre-discovery conference the parties talk and disclose to the other side the information they may have that is relevant to the case, how it is stored, and how it can be accessed. The parties also have an obligation to preserve anything that may be of evidence in the case, including shredding and IT system deletion. Any discussion of waivers for privileged materials is also expected to take place during the pre-discovery meeting.

The relevancy of this new rule for corporate IT departments is huge. IT departments must start preparing detailed inventory of data assets, systems, retention policies, back-up strategies, employee termination protocols, and anything else that could impact discovery.

Going forward, pre-discovery meetings will have to have an IT representative at the table. "You can't just send a non-technical savvy attorney to the table. Companies will have to designate a go-to person for requests," says Buckles.

Another amended rule of interest to IT is 26(B)(2), a change that potentially exempts off-line or tape backups from the normal course of discovery, although their existence must be declared in the initial discovery meeting.

While the new rule addresses accessible versus inaccessible data, or disk versus tape, the burden will be on the responding party to show that information is not accessible, as declared. However, a provision allows sampling to verify relevance. Corporations that choose to keep data on 'inaccessible' tape instead of an enterprise archive risk paying for costly tape restorations by vendors.

Corporate IT departments must also prepare for Rule 34(B), which allows the party who requested the information to dictate the format the data is in when it's produced. If the parties cannot agree on the format, then the rule defaults to keeping the information in its original, or native, electronic format.

Finally, Rule 37(F), a new safe harbor provision, acknowledges that in the course of routine IT operations information is sometimes altered or lost. However, the organizations must make documented good faith efforts to preserve any electronic data that may be relevant to the case.

The bottom line is that when it comes to assets corporate IT has to know it, hold it, and retrieve it. Going forward it becomes essential to have the IT systems and tools in place that will facilitate policy and the location, storage, archive, and retrieval of e-mail and other electronic records.