Social Networks Pose E-Discovery Risks

Growing corporate use of Twitter, Facebook, and cloud-based applications are creating new e-discovery demands, but c-level awareness of risks remains scarce.
Two-thirds of businesses worry about the e-discovery risks posed by social networks, but 25% say they're not prepared, and 33% think they're only partially prepared, to meet related e-discovery requests. Furthermore, only 9% of companies think they're well prepared to deal with e-discovery requests for information stored in cloud-based applications.

Those findings come from a study released Wednesday, based on a survey of 337 U.S. IT, legal, risk, and compliance professionals conducted by the Economist Intelligence Unit for Deloitte Forensic Center.

The survey also found that when it comes to understanding e-discovery, while 55% of organizations have senior executives with some level of commitment to e-discovery, there's a complete lack of c-level awareness at 16% of organizations, while at one-quarter of organizations, respondents said it's unclear whether c-level executives had any knowledge of the challenges or risks associated with meeting e-discovery requirements.

Failure to respond to e-discovery requests in an accurate, complete, and timely manner, however, can result in a court imposing sanctions on an organization, as numerous businesses -- including Morgan Stanley and PriceWaterhouseCoopers -- have learned firsthand.

Now, however, e-discovery is growing more challenging as the volume of information that enterprises store increases, and as employees increasingly use social networks and cloud-based applications. Already, multiple court cases have featured e-discovery requests for information stored in social networks.

A further e-discovery challenge, according to Deloitte's study, is poor collaboration between the legal and IT teams, which experts say must work together to accurately provide courts with the information they request. Indeed, the survey found that one-third of respondents don't know how their IT and legal teams communicate. When they do work together, only 13% of organizations say they work together "very well," and at one-third of organizations, IT professionals say that legal teams have a poor grasp of the organization's e-discovery technology limits.

Furthermore, about one-third of companies lack a "discovery response team" -- or similar group -- comprised of representatives from human resources, IT, legal, and other departments relevant to fulfilling e-discovery requests.

Legally, the climate appears to be turning against businesses that don't have their e-discovery act together. Earlier this year, in what many lawyers are calling a landmark e-discovery ruling, U.S. district judge Shira Scheindlin laid out "a framework for determining when, and to what degree, sanctions are appropriate against a party that fails to take the proper steps in preserving ESI [electronically stored information]," according to Amy Longo, a partner at law firm O'Melveny & Myers, writing on her firm's blog.

In the related case -- Pension Committee of the Univ. of Montreal Pension Plan, et al., v. Banc of America Securities, LLC, et al. -- the judge slammed some plaintiffs for failing to cease deleting e-mails after an e-discovery request was made, failing to preserve backup tapes that were the sole source of required information, and for relying exclusively on employees searching their own e-mails to meet e-discovery requests, said Longo. In addition, the judge imposed sanctions against some plaintiffs for utilizing witnesses who weren't familiar with their organization's e-discovery practices, and as a result ended up submitting false or misleading information to the court.