A Proactive E-Discovery Process for Multinational Companies
Carlos Fuentes and Matthew Blake
When it comes to electronic discovery, multinational corporations face unique challenges, starting with the fact they must navigate rules and regulations across multiple jurisdictions. Data privacy laws in the EU, for example, generally are more restrictive than those in the United States and can make collecting and transferring e-discovery difficult.
The biggest e-discovery challenge for multinationals may be their sheer size, in terms both of geographic dispersion and the amount of data potentially at issue. Multinational corporations are involved in more mergers and acquisitions than smaller companies, they contract with more outside vendors to host their applications, they outsource more business processes, and by definition they have local offices in multiple countries.
All of this means the electronic data they retain is both widely dispersed and in constant flux. A merger or acquisition, for example, can result in a large influx of new information, by way of servers, databases and legacy systems from the acquired company or merger partners. When the dust has settled, discoverable data could be sitting in locations unbeknownst to the corporate office.
Even though IT and legal personnel might not know precisely where this information is – or even that it exists – U.S. Federal Rules of Civil Procedure, as amended in 2006, clearly state that all electronic information that is reasonably accessible must be produced in response to a discovery request from opposing counsel.
In addition, in their normal functioning, multinational companies continually generate huge quantities of data. These file stores, if left untracked and undocumented, can themselves create hardships during the e-discovery process. In 2005, a Florida court issued a $1.45 billion verdict against financial services provider Morgan Stanley, for example, largely because the company could not produce requested electronic records in a timely fashion. The company had no methodology for tracking its electronic records.
Without some records or audit trail of which information is stored where, who has access to it and how accessible it is, there is no defensible way to guarantee that a search for responsive information during e-discovery has been exhaustive. In the case of Morgan Stanley, employees discovered a closet of back-up tapes containing potentially relevant information. Suspiciously, these tapes were produced later in the trial after initial discovery. This hurt Morgan Stanley’s reputation in the court and evoked the judge’s ire.
There are steps that multinationals can take to reduce risk and avoid becoming the next Morgan Stanley. The challenge is to create an efficient and effective e-discovery process that coordinates the relevant departments, including IT, business and legal.
DATA MAPS
The first step to a defensible program is creating a process to track and index all electronic files and their respective repositories. This process is often called “data mapping.”
Data mapping begins with a collective effort of IT and legal. In-house counsel also must get buy-in from the business side. This is not always easy. Upper management may view data mapping as a superfluous and expensive interruption, but in the event of a discovery request, knowing what data exists and where it resides can save a company substantial time and money.
To map a company’s data infrastructure, a first step is to survey all key personnel who have oversight of the various data repositories. Among the questions to be asked are:
• What applications do you use?
• What are your paper and electronic assets?
• How difficult is it to retrieve information from the various applications? (This could be couched in terms of a numerical ranking system for rating accessibility.)
A good survey shouldn’t take more than five minutes to fill out. The object is not to map at an especially fine level, which would be too time consuming and costly. Realistically, close tracking would be would be very difficult because data so often changes and new data is constantly being generated. It’s best to take a simple approach that captures an overview of the type of data the company has, where it’s stored and how accessible it is. The survey should be wide-ranging, however, in the sense it covers all legacy systems, as well as new repositories brought in by way of merger or acquisition.
Once created, this reference can serve a variety of purposes, notably to set up and ensure retention schedules for various categories of electronic documents. This in itself will reduce the e-discovery burden in the long run.
The data map also can assist with the mandatory “meet-and-confer” conference. This conference, which is set out by the Federal Rules of Civil Procedure, is intended to get the litigation parties to agree to terms of discovery, including what repositories will be searched and what types of documents will be produced. In house counsel need to know what information the company has and what is accessible when they attend that conference. Without a data map, they risk offering up data that actually is not accessible, possibly resulting in a negative inference judgment and sanctions.
MOCK RUNS
To ensure that all involved parties understand how to react and that the process is efficient and effective, after the data map is created, conduct trial runs of an e-discovery request.
First, however, analyze the company’s legal-matter history. If the company is in a heavily regulated industry, such as financial or pharmaceuticals, the test run should reflect this – for example, by mimicking an SEC or DOJ request. If the company has been involved in product liability litigation, a test run that emulates a plaintiff’s information request in that type of matter might be appropriate. The goal is to focus on the company’s areas of highest risk and create a mock scenario with that in mind.
Next, interview key personnel who would respond to the request. The focus should be on IT and legal. To refine the process, they should conduct self-assessments to identify their strengths and weaknesses.
Throughout the trial discovery process, gather information about how employees are responding and any difficulties they encounter. Check this against the strengths and weaknesses previously identified to see whether the assessment was accurate or if there has been improvement.
Again, keep in mind that even in good economic times, most companies will not want to spend the money on creating a proactive e-discovery process, and for that reason it is vital to get buy-in from the company’s business executives. Emphasize that once established, this process will mitigate overall risk and contain costs, even during an economic recession.
Carlos Fuentes is senior vice president and chief information officer of Mitsui Sumitomo Marine Management (U.S.A.), Inc., which manages the U.S. member companies for Mitsui Sumitomo Insurance Group.
Matthew Blake is a partner with Hagen, Streiff, Newton & Oshiro, Accountants. He leads the global electronic discovery practice for HSNO and serves as chief compliance officer. He concentrates in litigation consulting in the areas of electronic discovery and computer forensics and has led discovery teams in more than 40 countries.
