When the Lawyers Come Knocking: Info Management and E-Discovery

Today, the discussion is on gaining control over information sprawl at enterprises. We’ll take a look at the short-term and potentially massive savings from thwarting legal discovery fulfillment problems in advance by controlling information. And we’ll examine how management life cycle approaches can bring long-term payoffs through better analytics and regulatory compliance, while reducing the cost of data storage and archiving.

To help us better understand the perils and promise around the well-managed — versus the haphazard — information oversight approach, we’re joined by two executives from HP.

Please join me in welcoming Jonathan Martin, vice president and general manager for information management at HP. We’re also joined by Gaynelle Jones, Discovery Counsel at HP.

Listen to the podcast (31:33 minutes).

Let us start with you, Jonathan. We’ve seen quite a bit of change in the business issues around information, including risk, compliance, and oversight. Could you help set up our discussion by helping us understand how the world has changed in the past year or two, and why information management issues have become more prominent?

Jonathan Martin: If you look at every organization over the last 20 years or so, fundamentally they’ve built a majority of their business processes on top of information technology. And the information that flows through those IT systems tends to be one of the core assets of any business in today’s economy.

Now, over the last five to 10 years, we’ve become increasingly addicted to information, both at home and at work. At home, the idea, even three years ago, of walking around with 40,000 songs in your pocket would have been a little crazy. Today, we do it almost as habit. At work today, 85 percent of our business communications go by email.

What we’ve seen is a trend that’s been going on for the last 15 to 20 years, and the size of it is beginning to really impact businesses. This trend is that information tends to either double every year in developing countries, and tends to double about every 18 months in developed organizations. Today, we’re creating more information than we have ever created before, and we tend to be using limited tools to manage that information. We’re getting less business value from the information that we create.

Over the last few years, organizations have put in place what we might call an “ILM strategy.” Some vendors like to tell you it stands for the “information life cycle management.” A lot of customers who have been through the pain of an ILM implementations will tell you, it’s really about “investing lots more.”

That’s really been the way that the problem is being solved — just throwing more and more capacity at the problem and throwing more and more storage space, and more and more available space to store this information.

Unfortunately, in the last 18 months or so, the economy has begun to slow down, so that concept of just throwing more and more capacity at the problem is causing challenges for organizations. Today, organizations aren’t looking at expanding the amount of information that’s stored. They’re actually looking at new ways to reduce the amount of information.

At the same time, we’re going into the stage of the economic cycle where everyone is thinking beyond how to reduce cost and cash burn, and how to ensure that this never happens again. Eight years ago, we saw the economy go through a similar cycle.

As we began to bump along the bottom in 2002 and pull back into recovery in 2003, we saw the implementation of Sarbanes-Oxley. Coming into 2010, both in the US and in Europe, there is going to be a new wave of a regulation that organizations are going to have to take on board about how they manage their business information.

Gardner: So the business risks have certainly gone up, but it looks like one particular type of risk is pressing, the legal risk. Gaynelle, would you tell us a little bit about your background, what your role is at HP, and why the legal aspects of information management are so important?

Gaynelle Jones: Oh, certainly, Dana. I’m the Discovery counsel at HP. I work with the litigation group in managing the discovery process for HP. I’ve been a litigation manager, as well as a prosecutor and a trial judge. Because we have black-letter law that computerized data is discoverable if relevant, and because of the enormous amount of electronic information that we are dealing with, the litigants have to be concerned with discovery, in identifying and producing it, and making sure it’s admissible.

I’m charged here with developing and working with both the IT and the litigation teams around making sure that we are compliant, and that we respond quickly to identify our electronically stored information, and that we get it in a form that can be produced in the litigation.

Gardner: Now, the stakes here are quite high. Not being able to fulfill the quest for discovery and for information in its various electronics forms can come at a high penalty. Do you have any examples of how that can work?

Jones: Oh, absolutely. There are horror stories that have been in the news in recent years around major companies such as Morgan Stanley, Enron, Qualcomm and a host of others being sanctioned for not following and complying properly with the discovery rules. In Morgan Stanley and Zubulake, the court issued adverse inference instructions, because data was lost. Morgan Stanley had a jury return of verdict around (US)$1.4 billion, and in Zubulake, the jury returned $29-million verdict.

In each case, companies failed to properly implement litigation rules, directly pointing to their failure to properly manage their electronic information. So the sanctions and the penalties can be enormous if we don’t get a hold of this and comply.

Gardner: And these types of legal requests or at least legal issues are not uncommon at large organizations. Do you have any sense of what the typical legal caseload is typically?

Jones: It depends on the enterprise. At HP, we have everything, which puts us sort of on the cutting edge to develop and really come up with some best practices. But the typical enterprise would have data around employment matters. You would be dealing with the human-resource databases.

It might have contracts, and have to deal with keeping up with the contracts, emails, and correspondence. Emails, by themselves, have tremendous issues in terms of identifying and preserving, as well as voice mail and instant messages.

At HP, we have hundreds, if not thousands, of database applications that contain our business records, our sales records, our revenue, our marketing, and so forth. So we have dynamic databases, and all of these things can come into play in litigation, if they have relevant information.

Gardner: Jonathan, you mentioned earlier the issues around compliance and the fact that regulations are bound to creep up in a number of industries and in different countries as well. Between the regulatory issues and the legal issues, it seems like there is an awful lot of money to be saved by doing this correctly.

Martin: Absolutely. We’ve seen, over the last few years, organizations move from taking a very reactive approach on these kinds of issues to a more proactive or more of a robust approach. We heard from Gaynelle earlier some of the examples of the reactive approach. Organizations that are in this mode tend to take one of three ways as strategies for solving their problems.

They may trust their employees to do the right things. Obviously, everybody knows that translating policy into day-to-day behaviors for employees is not always easy. Employees, by their very nature, in the main don’t tend to be particularly okay with legal or regulatory requirements of the organization.

The second one is that they trust their lawyers. When they run into an issue and they’re subpoenaed for some information, or required to present information from an audit, they pull in a couple of bus-loads of lawyers, and get the lawyers to dig or troll through miles and miles of content to try and find the relevant information. It tends to be a very, very expensive approach to just finding information.

The third one is that they trust that their IT consultants. When the subpoena for a piece of information to come in, to find that one email in hundreds of millions of emails that the organization sends. So, as you see, we’ve got lots of examples in the industry of why taking a reactive approach to a litigation readiness or the ability to respond to an audit is a bad one.

Over the last two to three years, organizations began to take a more proactive approach. They’re gathering the content that’s most likely to be used in an audit, or that’s most likely to be used in a legal matter, and consolidating that into one location. They’re indexing it in the same way and setting a retention schedule for it, so that when they’re required to respond to litigation or are required to respond to an audit or a governance request, all the information is in one place. They can search it very quickly.