IT Departments Now Leading Targets of Lawsuits, Attorneys Say

Chief information officers attending the Midwest Technology Leaders Conference at the MGM Grand Detroit last week were told that they and their departments have become the No. 1 target of plaintiff attorneys in lawsuits.

“Today, the CIO is generally the first witness, the subject of the first deposition request,” said Brian Ziff of the Detroit law firm of Clark Hill.

“That’s a sea change from the way litigation has been run. You used to be transparent, but no longer,” said Tom Hathaway, also of Clark Hill.

They were part of a panel discussion titled “CIOs as First Responders in E-Discovery.”

Federal guidelines on the gathering of evidence by attorneys were amended in 2006 to account for the explosion of electronically stored information, or ESI. But, Hathaway said, many companies have been slow to change their internal policies accordingly.

He said that according to one poll, one-third of executives said their company didn’t have a policy on ESI. Twenty percent didn’t know if their company had a policy or not.

Companies regulated by the U.S. Securities and Exchange Commission need to keep electronic data such as e-mails for three years. Other companies can establish policies of their choosing.

Ziff said companies need to track and access all their ESI, a process that has become much more complicated in recent years. Data can be stored on employees’ home computers, office desktops, laptops, PDAs, BlackBerrys, memory sticks and other devices.

“You need a road map for where all the IT is,” he said.

Ziff said data must be purged as part of a regular policy, not in response to a suit or fear of a suit. A company must also have a policy that keeps data from being purged as soon as it finds out a lawsuit is filed, or even if there is reasonable knowledge by company executives that one might be filed.

Heidi Maher, an attorney who practices e-discovery and compliance for Hopkinton, Massachusetts-based EMC Corp., said the average cost of sorting through e-mails to determine such things as their relevance to a case or if they might be protected by attorney-client privilege is $2 per e-mail, so the first thing a company should do is to establish an e-mail retention and destruction policy and abide by it.

She gave an example involving DuPont, which in one case had to sort through about 75 million documents, at a cost of $25 million. The company had a retention policy, and discovered that half of the documents involved should have been destroyed under the policy, but had not.

If the policy had been followed, it would have saved $12.5 million.

Matt Roush of the Great Lakes IT Report, the panel moderator, finished the one-hour session by saying, to much laughter, “I’m amazed we got through an hour on the topic of e-discovery and didn’t hear the words ‘Kwame Kilpatrick.’ ”