Growing volumes of electronically stored information could leave companies open to risk, particularly during litigation. Tracey Stretton reports

The practise of law around the world is at a tipping point, driven by the technology revolution. While US legal teams appear to be more concerned about the reality of growing volumes of electronically stored information (ESI), the UK's primary concern appears to be the lack of training in legal trends.

The rise in sheer volumes of ESI and the importance of information contained within electronic communication has led to the recent amendment of rules governing civil litigation in both the US and the UK. Quite how well the rules are appreciated by lawyers is unclear. Until very recently there was very low judicial awareness, but recent proposed changes to the way the Commercial Court will handle cases with large volumes of ESI, initiatives in the regional Mercantile Courts, and the increasing number of seminars on offer indicate that there is a clear change of practice.

While companies in the US and UK are increasingly well prepared to handle demands for ESI, one in four organisations cite increasing volumes of data as a major challenge for the next five years, proving that ESI preparation is no simple task. Furthermore, the evolution of technology and case law (such as the Chancery Division's decision on in Digicel (St Lucia) v Cable & Wireless make this topic increasingly difficult to tackle. Clients and lawyers are often mesmerised by the confusing products on the market and may have no appreciation of the crucial differences until a lawsuit has begun, leaving very little time to source and engage a service provider and manage the project effectively.

Awareness and policy

Research commissioned by Kroll Ontrack finds that there has been a vast growth in ESI awareness and policy enactment over the past 12 months. This demonstrates that high profile sanctions cases, and education regarding ESI, have been a real wake-up call to corporations and their legal teams. However, UK companies are lagging behind their US counterparts in their readiness to cope with the risks involved in legal actions, where huge volumes of computer-stored information plays a crucial role. Many companies are failing to appreciate the legal and logistical issues involved in responding to requests for often sensitive information from regulatory bodies and ensuring that they can provide details of anything that qualifies as electronic information.

The study found that while 70% of US companies have policies in place to deal with ESI in a litigation process (compared with 40% in 2007), only 53% (compared with 43% in 2007) of those in the UK can boast similar preparedness. Both figures represent an improved awareness of the need for policy relative to 2007, but they also suggest that the US is still outstripping the UK.

Unaware lawyers could have unpleasant consequences for the lawyers for themselves. In the recent case of Heidrich & Anor v Standard Bank London Ltd & Anor an application for a wasted costs order was made against a solicitor for allegedly failing to obtain ESI from a client. The lawyer escaped liability but the case collapsed.

Responsibility

Though companies are increasingly looking beyond the boardroom in developing strategy for ESI, there remains a belief that CEOs and board directors should ultimately be accountable for shaping policy and its smooth functioning. This is particularly evidenced in the UK where 54% of companies say that their CEOs and board directors should be held accountable if their respective ESI policies result in governmental fines, court imposed sanctions or reputational damage. This is despite the fact that only 20% of UK companies allocate actual responsibility for policy development to such senior figures.

The undoubtedly complicated and technical nature of ESI requires a close alliance between legal and IT to ensure ESI strategies are legally compliant, all-encompassing and feasible.

Drivers

Drivers in the UK differ marginally from those in the US. In the UK, there has been a slower progression and this can also be attributed to a lack of time and resources. For a company embroiled in a large lawsuit or regulatory investigation, the costs of handling the ESI quite simply dwarf the costs that are in involved in setting up and implementing a policy to ensure the organisation is fully prepared to respond in the event of an unexpected intrusion of this kind. The recently reported costs of the Siemens investigation serve as a salutary warning.

The lower incidence of document management policies in the UK may reflect the absence in the UK of the more draconian powers available to the courts in the US. But it may also indicate that many organisations are simply not appreciating the risks involved in the disclosure of ESI. With the risk of litigation increasing companies need to take action to mitigate risk.

Even if senior management does not take the initiative in a proactive way, creating effective ESI management policies and procedures, the courts (notably the Commercial Court) may require them to take personal responsibility for the management of ESI in the context of a lawsuit (paragraphs 161-2 of the December 2007 Commercial Court Long Trials Working Party). The recommendations are said to be suitable for all Commercial Court cases and not just those that may be deemed to be supercases or "mega-litigation".

Challenges

The greatest worry this year in both the UK and the US, is the growing volume of ESI. Furthermore, most companies are increasingly looking to IT departments to shoulder some of the ESI burden – ESI management is no simple task and a true partnership between legal and IT is required to make a company's policy a success.

ESI is a boardroom risk issue and should be treated as part of management of the enterprise's portfolio of risks. The risk of litigation itself is now greater in the current depressed economic environment and companies and organisations need to be ready.

Tracey Stretton is a legal consultant at Kroll Ontrack.