All surveys, in any industry, have the aim of promoting the company which commissions them – why else would they bother? A new survey about document retention beliefs and practices – and the gulf between them – is, however, valuable for all of us and not just for Symantec who did the work.
Symantec has software solutions which extend across the full range of information management problems, from e-mail archiving through to eDiscovery / eDisclosure. It is well placed, therefore, to conduct a survey examining how enterprises manage their electronically stored information and prepare to meet eDiscovery obligations.
eDiscovery is not, of course, the only reason why a company needs to keep its information under control. Those with an eDiscovery focus (not Symantec, who often make this point) tend to overlook that much information has a business purpose or is kept to meet a statutory regulatory obligation, and that such information is of little value if no one can find it and if there is no discrimination between that which is useful and that which is not.
Nevertheless, discovery obligations bring a set of largely negative implications, with other risks identified in the Symantec press release this way:
Forty-three percent reported the inability to make decisions in a timely fashion as the biggest consequence of these failures. Other consequences reported include damage to reputation, compromised legal position, fines, raised profile as a litigation target and court sanctions.
The press release goes on to show the percentage of respondents who identify specific risks:
The most reported negative consequences resulting from preserving more electronically stored information than necessary include: Increased costs associated with collection, analysis and review (54 percent); increased time spent to collect, analyze and review ESI (47 percent); increased risk that sensitive information may be disclosed (44 percent); compromised position in potential or actual litigation (27 percent); and information unintentionally made available for potential future litigation (28 percent).
The points which arise from the survey are set out clearly in an article by Symantec’s Trevor Daughney in an article called If You Fail to Implement Your Information Retention Plan, Then You Plan to Fail.
There are two main reasons why information retention plans do not turn into action, even where the plans themselves exist. One is the difficulty of showing a return on the investment in the systems, processes and people to manage the retention plan. The other is that implementation is a difficult job, and one whose benefits are distributed across the organisation and therefore owned by no one.
General counsel complain about the cost of eDiscovery / eDisclosure but seem rarely to make the connection between those costs and the data volumes. Even if they did, managing information is not their responsibility nor something for which they have a budget. So we go on, keeping the stuff we do not need and spending fortunes collecting and processing it over and over again.
I have referred before to those conversations I have from time to time with litigation lawyers who rail against the cost of electronic disclosure. They all seem to have had a recent case in which their clients had had to spend a fortune complying with their disclosure obligations though most of the documents had little or nothing to do with the merits or any other aspect of the case.
“Who’s fault is that?”, I ask. The rule makers? The courts? The lawyers? It may be that any and all of these players could have managed the disclosure better, perhaps by more adroit use of the existing Civil Procedure Rules which allow much more scope for limiting disclosure than is generally appreciated. Nevertheless, the real problem begins with the clients having too much information – if most of the documents collected for these cases were of no value to the case, were they in fact of value for anything at all?
A related issue is that relatively few companies seem to know what they actually spend on eDiscovery / eDisclosure each year – not just on the software and services directly associated with its management, but on the costs incurred with lawyers, and the internal costs, of ploughing through data which is of little value. Somehow, we need to encourage companies to make the connection between this outlay and the return on investment which seems hard to find in respect of document retention.