If there ever was a situation that emphasized the truism “it’s what you don’t know
that could hurt you,” new amendments to the Federal Rules of Civil Procedure
(FRCP) qualify. The U.S. Supreme Court
approved these on April 12, 2006, and they
went into effect last December. These rules
potentially can affect every U.S. business —
yours included. All departments within
your business need to be aware of them
and work with your information technology (IT) department to assure compliance.
“Right now, in most businesses, there is a
wide gap between what the legal department knows is required to comply with
FRCP and what the IT department knows
is expected of them,” says Jim Quiggle,
director of professional services development at Agile360 Inc. “It is imperative that
a company’s legal, risk management, general management and IT departments get
together to determine the risks and decide
what each department is going to do to
close that gap in order to be prepared for
the new amendments to the FRCP.”
Smart Business talked with Quiggle for
more insight into FRCP.
What are the new amendments to the
Federal Rules of Civil Procedures (FRCP)?
Generally speaking, the new amendments govern the handling of electronically stored information in any civil lawsuit
that comes before any U.S. federal court.
The new amendments pertain to the handling and disclosure requirements of all
data compilations, including e-mail. For IT,
this means being able to deliver relevant
data by location and description to the
court in a timely manner.
Whom do these rules impact?
They impact every business, organization
and person that may ever be involved in a
federal court case. These would include
lawsuits that cross state lines; cases that
involve any governmental agency such as
the IRS, Immigration, Transportation,
Wage and Hour, and Commerce; as well as
regulations such as HIPAA and Sarbanes-Oxley and more.
There are no exceptions for company
size or nonprofit status. When it comes
right down to it, it is hard to think of any
entity that could not be impacted.
How does the FRCP impact IT?
Enterprise Content Management (ECM)
systems and IT will need to respond more
quickly and accurately than before to discovery and internal investigation requests.
The IT department will need to know
what e-mail has been stored anywhere in
the organization, how to produce it, how
much effort is required to produce it, and
when and how documents may be deleted.
Right now, a company might be successful with the argument that the technology
didn’t exist several years ago to maintain
the data in a way that would comply with
the new law — but that excuse won’t hold
up for long. The courts aren’t going to care
about systems. They are demanding the
information.
Waiting to come up with a plan until you
get called into court is too late. By that
time, the company may have to drop all
other activity just to produce what the
opposing attorneys are entitled to and, if
the information doesn’t satisfy the court,
penalties will be assessed.
Delays can be costly. A jury awarded $800
million in punitive damages when Morgan
Stanley repeatedly failed to produce e-mails in a timely manner. In another case, a
U.S. District Court determined the appropriate fine for a late response to a discovery request was $50,000 per day.
What needs to be disclosed?
Everything, which includes current and
past information that might be on file
servers, employee PCs, backup tapes, cell
phones, USB drives and Blackberry
devices.
What can we do to make sure we comply?
First, identify your risk. While the rules
can pertain to all businesses, some are at
more risk than others. It is a lot like deciding whether to buy hurricane insurance in
California or earthquake insurance in the
Midwest. Prepare according to your level
of risk.
Develop retention policies that show
good-faith operations appropriate for the
business needs of the organization. Areas
of consideration include relevant compliance regulations, the length of a typical
company contract and business value of
the data. Focus on your business work-flows, costs of data storage and regulatory
compliance too, void policies that could be
construed as solely for the purpose of
deleting potential evidence. Remember
that short retention schedules may be challenged.
As you work on developing a monitoring
and archiving system that can rapidly
retrieve and sort electronic data, also try to
incorporate ways to track paper and any
other information that is used in the business. By looking for ways to tie the entire
business infrastructure together, you may
come up with a system that will give you a
return on the investment instead of just
another expense.
JIM QUIGGLE is director of professional services development
at Agile360 Inc. Reach him at [email protected] or
(949) 253-4106.