It has been more than a year since amendments to the Federal Rules of Civil Procedure concerning the discovery of “electronically stored information” went into effect. In light of the impact of these rules on Intel, Qualcomm and even the White House, we asked the experts a simple question: Are companies prepared to face e-discovery challenges and what steps are they taking to do so? The answers are not always so simple, but may be considered encouraging.

How confident do companies feel about their ability to manage e-discovery issues? AIIM, the Enterprise Content Management industry association, surveyed more than 1,200 small, medium and large companies about their readiness for e-discovery challenges during litigation. In 2007, its “State of the ECM Industry” survey indicated only 9 out of every 100 companies surveyed were very confident in their ability to respond to e-discovery challenges. Even more alarming, that number reflects a decrease in confidence of 25 percent from a similar survey taken in 2006.

"I believe the striking decrease in confidence is because, with more focus on e-discovery in the past year, companies are realizing the likelihood of this complex issue and their own lack of preparedness. They’re also more aware of the impact of their e-discovery risk," according to Frank Wu, managing director at internal audit and risk consulting firm Protiviti. “In a changing legal and regulatory environment, the cost of compliance, and the harsh consequences of non-compliance are growing exponentially.”

The experts we spoke with emphasized that efforts to ensure e-discovery compliance can frequently take advantage of IT infrastructure an organization has already put into place. Second, and more importantly, preparations for e-discovery can strengthen IT departments, and your organization as a whole.

Due to so-called "sunshine laws," which require many state governments to be able to respond to a wide range of inquiries from citizens -- even in the absence of litigation--governmental agencies have led efforts among IT organizations in responding to requests for electronic documents. Gary Robinson, director of Washington State Information Services, is chairman of the National Association of State Chief Information Officers e-discovery working group.

"It's an exciting opportunity to work across departments and organizations," says Robinson, Washington state's CIO. "Different operating groups are going to need a unified toolset, to at least some degree, to ensure consistency. These requirements are going to create economies of scale for organizations and, for IT, we have a real opportunity to implement common practices."

Cammy Webster, Assistant Director of Washington State's Computer Services Division, elaborates: "One of the benefits we gained came from subject matter experts -- they really needed to be involved in this process from the beginning. We partnered immediately with other state organizations that came to us about possible exposures and got in front of the technology."

In other words, the shift from paper to electronic data that has been the hallmark of modern business practice will thrust IT executives further into the forefront of business best practices, as the rules, concepts and approaches to data storage and manipulation become part of the front-line operations that keep an business (or other organization) functioning successfully.

"For e-discovery efforts to be successful," says Frank Wu, managing director at Protiviti, "you have to reach out to, and partner with, other departments — IT, legal, operations, and finance have to collaborate and be involved."

"This is an IT initiative that benefits from cooperation among many employees," Robinson says. "Our IT team partners with people who handle our state archives -- we're complemented here by the team of legal staff from the attorney general's office and support staff from our own organization, and others." Robinson's remarks highlight the key role IT must play in this legal arena.

"It's important for IT professionals to reach out — to be proactive," says Wu. "Each business group has its own terminology, and its own understanding of business processes. Something that the legal department thinks is a relatively simple matter to implement, may be extremely complex from an IT standpoint."

Both Robinson and Wu cite issues of legacy systems, distributed networks and remote data storage as challenges that organizations as a whole, and IT departments in particular, will have to confront in developing a successful strategy for electronic discovery.

"This provides the opportunity to unify procedures and practices," says Robinson. "There are always business practices that vary between operating groups. If you can pull these together, you can create a system that is consistent across the organization."

Protiviti's Wu expands on this point. "There are probably already systems in place that can be used to create internal standards. Work that IT accomplished to support data security and privacy, disaster recovery, back-up, business continuity, Sarbanes-Oxley and other ethics and compliance initiatives can be leveraged to support e-discovery efforts." Wu noted that Cohasset Associates, a consulting firm specializing in document-based information management, reports that, on average, American businesses are spending between $2.5 and $4 million per year for e-discovery per billion dollars in sales.* In comparison, AMR research indicates that companies spend about $1 million per billion dollars of revenue for SOX compliance.

The issue of outsourcing also presents a particular challenge says Wu, "You can always outsource the function, but you can't outsource the risk." Robinson adds that providing specifications — about data retention and expectations for data recovery — have to become a part of any outsourcing process.

However, any e-discovery initiative requires training of personnel, advises Robinson. "When information existed purely on paper, there were specialists who dealt with storage and retention," he explains. "Now that the end user has much more control over data, he or she needs to be aware that a simple attachment to an email may become part of the discovery process."

Both Wu and Robinson warn that organizations need to be aware that a much broader range of information may be required during the discovery phase of a lawsuit than will actually be included in a final legal proceeding. They also caution that laws currently require all organizations to anticipate a lawsuit — not just companies that have been served with legal papers — in order to preserve any applicable electronic documents.

"It all comes down to minimizing disruptions to your business operations while implementing more efficient ways for team members to create, use and dispose of data," says Wu. "At the end of the day, do you have what you need, and need what you have? If you’re not comfortable and confident that you can get to the electronic information without incurring significant cost, time and effort, then this is an area you need to address now."

* Cohasset Associates: “The Eternal Charter: Improving Corporate Governance through Compliance and Assured Records Management.” June 2005

Christopher Hord is a freelance writer and editor with more than 20 years experience as a journalist. He primarily focuses on business and technology issues. He ran the New England Bureau for InformationWeek magazine and has worked in the technology industry at Computer Associates.