IDENTIFYING AND ASSESSING E-DISCOVERY RISKS
The first step to assessing any compliance related risk is to thoroughly understand the requirements that have to be met. In addition to reading this book, studying the amendments themselves (and especially the committee notes that accompany them) is highly recommended. They can be downloaded from the web site maintained by the Administrative Office of the US Courts. The current URL is: www.uscourts.gov/rules/EDiscovery_w_Notes.pdf.
An organized approach is needed to identify and assess an organization’s E-Discovery risks. The checklist in Appendix 1 (see page 54) is designed to assist IT risk management professionals with identifying gaps between best practice and what is currently in place. The greater the number of affirmative answers, the more adequately equipped the organization is to effectively and efficiently handle E-Discovery requests.
Common E-Discovery risks
E-Discovery gaps that are commonly found in organizations include:
• Lack of records management policies supporting ‘good faith’ routine destruction of records.
• Lack of controls to prevent the loss of critical evidence without a justifiable explanation.
• Lack of controls to prevent spoilage of evidence due to ineffective collection procedures.
• Lack of formalized processes and procedures for addressing E-Discovery requests.
• Inability to produce evidence in the timeframes set out in the FRCP.
Once an organization understands its key E-Discovery risks, it needs to develop a plan to address them.