Noticeably missing in the amended rules are guidelines that quantify what it means for data to be too time-consuming or expensive to produce. The courts prefer to let judges create case-based rules as such cases are tried.
The larger the company, the more likely it's already been subject to requests for electronic discovery. In a survey by Enterprise Strategy Group, 91% of 568 e-mail, database, and compliance pros at companies with more than 20,000 employees said their organizations had been issued a discovery request for e-mail last year.
One thing that's anything but ambiguous is the legal system's disdain for companies that intentionally destroy electronically stored information. Morgan Stanley in May paid $15 million to settle Securities and Exchange Commission charges that it destroyed more than 200,000 e-mails and failed to cooperate with SEC investigators looking into Wall Street business practices. As part of the probes, the SEC between 2000 and 2004 asked Morgan Stanley to hand over copies of e-mail it believed to be relevant, but "Morgan Stanley did not search diligently for backup tapes containing responsive e-mails until 2005," according to an SEC statement in May.
Electronically stored data is fast becoming more timely and relevant than paper evidence. While the amended rules give the courts the flexibility to determine accessible versus inaccessible data, don't expect much sympathy when judges suspect you may be withholding potentially important evidence. Paul Lewis, director of the data forensics practice of risk analysis firm Protiviti, testified in May 2005 before the rules committee: "If information exists in bits and bytes on a medium, it's accessible." You must look under every stone to find the truth, Lewis added, not just the stones in plain view.
IT departments will want to use document-management and other systems to give their lawyers specifically what they ask for, rather than mountains of data. Some law firms are charging their clients as much as $5 per e-mail to evaluate and organize information for a court case, says Hoike's Fujitani.
Courts have over the past six years or so changed their views on the credibility of electronic documents, says Diego Maldonado, senior VP of the government technology group within consulting firm The Newberry Group. "Courts today are more than ready to accept digitized evidence because security has evolved over the past several years with digital signatures and certificates evoking more confidence in the integrity of data," he says. "The technology itself will actually make these rules enforceable."
While the IT departments of most large companies likely already have some data retention policy in place, "the amended rules really push these requirements down into the market, making them applicable to companies of any size," says Keith McCall, CTO and co-founder of Exchange e-mail management appliance provider Azaleos.
Despite the amendments, there are still gray areas related to e-discovery. If a company has a policy of destroying data after 36 months, "what happens if information that's older than 36 months and sent out as part of an e-mail resurfaces during a trial?" asks Protiviti's Lewis. The answer is that companies have to consider the chance that any of their data could be requested by the courts at any time.