eDiscovery Daily Blog

Preparing for Litigation Before it Happens: eDiscovery Best Practices, Part Four

Editor’s Note: Tom O’Connor is a nationally known consultant, speaker, and writer in the field of computerized litigation support systems.  He has also been a great addition to our webinar program, participating with me on several recent webinars.  Tom has also written several terrific informational overview series for CloudNine, including eDiscovery and the GDPR: Ready or Not, Here it Comes (which we covered as a webcast), Understanding eDiscovery in Criminal Cases (which we also covered as a webcast), ALSP – Not Just Your Daddy’s LPO, Why Is TAR Like a Bag of M&M’s?, eDiscovery for the Rest of Us (which we also covered as a webcast) and Litigate or Settle? Info You Need to Make Case Decisions (which is our next scheduled webcast on August 29th).  Now, Tom has written another terrific overview regarding pre-litigation considerations titled Preparing for Litigation Before it Happens that we’re happy to share on the eDiscovery Daily blog.  Enjoy! – Doug

Tom’s overview is split into seven(!) parts, so we’ll cover each part separately.  Part one was published last Monday, part two was published last Wednesday and part three was published last Friday.  Here’s the fourth part.

BTW, in addition to exhibiting at ILTACON in National Harbor, MD next week in booth 936, CloudNine will also host a happy hour on Tuesday, August 21 from 4:30 to 6:30pm ET at the National Harbor’s Public House (click here to register).  Come and get to know CloudNine, your provider for LAW PreDiscovery®, Concordance® and the CloudNine™ SaaS platform!  We want to see you!

Who Uses Information Governance?

The first problem with IG policies is that not everyone has one. A 2014 Rand study found that 44% of companies didn’t have any formal data governance policy and 22% of firms without a data policy had no plans to implement one.

This situation has not changed substantially since then.  In November 2017, data governance company erwin partnered with survey company UBM to ask business technology professionals at large organizations about their attitudes on data governance.

Their report was based on a survey of North American companies with more than 1,000 employees across more than 16 industries and included CIOs, CTOs, data center managers and directors, IT staff, and consultants. While the respondents agreed that IG is an important issue, nearly four in 10 of them said they do not have a separate budget for data governance and 46% do not have a formal strategy for it. So, while organizations continue to show awareness of the importance of data governance within their company, nearly half are not acting on that awareness.

The result of this inactivity? Inefficiency. According to the Thomson Reuters report, Cost of Compliance 2017, 32 percent of companies spend more than 4 hours per week creating and amending audit reports. Just audit reports. Imagine the time spent on other issues such as privacy or potential litigation.


Statutes of Limitation

“Statute of limitations” or “limitation of action” are, of course, laws prescribing the time periods during which legal actions or lawsuits may be initiated. And once the statute of limitations time has passed, no future legal action may be brought related to the incident in question.

Once a legal action has commenced, either party may uncover relevant information which may be in the possession of the other party under the applicable rules of discovery. But if the statute of limitations has tolled, a business may delete relevant records and thus the SOL acts as a simple de facto IG policy.

Some types of matters may have special statutes of limitations. EG, most states specify that the statute of limitations related to personal injury begins at the time the actual injury occurs. Since this could be years after the product was brought to market, the manufacturer and/or distributor may be responsible for an extended period of time for product defects of various types.

Architects, engineers, and contractors may have similar concerns related to construction projects, although only in those locations where the construction occurred.  The requirements for those specific states need to be reviewed in detail before making an IG decision with regards to construction related records.

Records Retention

Typically, when asked about IG, attorneys will say it is a records retention policy. And traditionally, lawyers have advised their clients to “retain records forever in case they are sued”. As a result, the development of effective records retention programs has sometimes been thwarted based upon the mistaken belief that records must be kept for long periods in case they may be needed in litigation.

Records can often effectively be destroyed under an approved records retention program prior to the culmination of the statute of limitations period. When records have been destroyed prior to the start of litigation, they will not be available to the adverse party and so court rules prohibit record destruction while litigation or government investigation related to those records are imminent or pending.

The disadvantages then, of not having records that may be needed in litigation must also be balanced against the cost and inefficiencies associated with maintaining valueless records. Some questions related to these determinations include the following:

  • What are the chances of litigation?
  • In case of litigation, which party would have the burden of proof?
  • When does the statute of limitations take effect?


Some statutes, such as those mentioned above, may result in extended liability for an organization since a legal action may be brought at any time. Think, for example, of a construction defect case, where the action may not arise until the defect becomes apparent and/or someone is injured. In addition, industry specific regulations in areas such as gaming or insurance can vary from state to state. An interesting example is an opinion by a member of the ARMA Board of Directors that new California Privacy Act is, in fact, a de facto American GDPR.  See https://www.arma.org/news/409199/

Healthcare Records

When it comes to IG standards for a specific profession, health care leads the way, under the guidance of the American Health Information Management Association (AHIMA).   AHIMA defines information governance as an “organization-wide framework for managing information throughout its lifecycle and for supporting the organization’s strategy, operations, regulatory, legal, risk, and environmental requirements.”

Their Information Governance Principles for Healthcare (IGPHC) provide a framework for healthcare organizations to enhance their ability to leverage information in order to achieve the organization’s goals and conduct their operations effectively while ensuring compliance with legal requirements and other duties and responsibilities.

IGPHC is a set of eight principles that are intended to inform an organization’s information governance strategy.  The eight principles, which incorporate the seven principles of ARMA mentioned above, are:

  • Accountability
  • Transparency
  • Integrity
  • Protection
  • Compliance
  • Availability
  • Retention
  • Disposition

They are described in great detail in the publication Evaluating the Information Governance Principles for Healthcare by Galina Datskovsky, PhD; Sofia Empel, PhD  and Ron Hedges, JD. (Ron of course is well known to people in the ESI arena as the former MJ from New Jersey and accomplished speaker and writer in the eDiscovery field.)

We’ll publish Part 5 – Basic Information Governance Solutions – tomorrow.

So, what do you think?  Does your organization have a plan for preparing for litigation before it happens?  As always, please share any comments you might have or if you’d like to know more about a particular topic.

Sponsor: This blog is sponsored by CloudNine, which is a data and legal discovery technology company with proven expertise in simplifying and automating the discovery of data for audits, investigations, and litigation. Used by legal and business customers worldwide including more than 50 of the top 250 Am Law firms and many of the world’s leading corporations, CloudNine’s eDiscovery automation software and services help customers gain insight and intelligence on electronic data.

Disclaimer: The views represented herein are exclusively the views of the author, and do not necessarily represent the views held by CloudNine. eDiscovery Daily is made available by CloudNine solely for educational purposes to provide general information about general eDiscovery principles and not to provide specific legal advice applicable to any particular circumstance. eDiscovery Daily should not be used as a substitute for competent legal advice from a lawyer you have retained and who has agreed to represent you.