While in-house lawyers believe they are able to quickly produce data for litigation if called upon, many companies' data retrieval systems are far from ready. Alex Dunstan-Lee offers solutions

Many legal departments have significant concerns about how to handle data when called upon to do so for litigation or regulatory response.

Many in-house lawyers consider that their company policies and procedures in this area are unclear and unworkable, with less than one in five aware of the existence of policies for collecting and processing data. According to our recent survey of more than 200 senior in-house lawyers, half of respondents admit to being concerned about the legal department's ability to find data.

Companies involved in the survey consisted of major corporations based in Europe, the Americas, Asia Pacific, Middle East and Africa, and the survey was translated into seven languages. This is the first survey of its kind to have such a global reach, and it shows that the challenges faced by legal departments are not limited to common law jurisdictions – they apply the world over.

Many major, heavily-regulated companies are not able to react as quickly or as consistently as they might to litigation and regulatory requirements. It is arguable that with the ever-increasing importance of regulatory scrutiny and risk management, this needs board-level attention.

The main concerns for in-house lawyers

The survey finds a discord between high perceived levels of general readiness (86% had high levels of confidence in their ability to respond quickly to a data request by a regulator) and the significant practical concerns identified. Lawyers felt ready themselves, but could pinpoint concerns – perhaps indicating that they felt IT challenges were not their problem.

An additional area of concern is the extent to which company legal and IT departments communicate with each other. Over a fifth (21%) of legal departments say they are not consulted by the IT department about changes in storage capabilities within their organisation, and a quarter are rarely or never consulted about the adoption of new technologies for dealing with electronic evidence (e-disclosure).

When a regulatory investigation or litigation arises, it is imperative that companies can find and organise the relevant data very quickly. Storing and searching large volumes of data, often across borders and across different legacy IT systems, are major challenges for many companies. While this might seem like an IT issue, when an investigation arises, it can become an urgent reputational and financial one, on which the legal department may be taking the lead.

Is there a way forward?

Over a third (34%) of companies have gone through a formal litigation or regulatory response assessment by an external body, with half that number having carried it out in the past six months. There were some significant regional variations in this – two-thirds of the companies that have undergone an assessment in the last six months are in the Asia Pacific region, while only 30% of them were in the Americas (mainly Brazil) and just 3% in Europe and Middle East/Africa respectively. In Europe, only 8% of respondents said they had undergone such an assessment by a third party.

Half of companies have an identified litigation response team in place to deal with e-disclosure or related requests. North American companies are advanced in this regard, with over 80% having one, compared to 38% in Asia Pacific and 34% in Europe. The results also show that North American companies have a closer link between their legal and IT departments than in other parts of the world.

Practise makes perfect

In our experience, those companies that are best able to handle data challenges in the context of an urgent need – such as an FSA investigation – are those whose legal and IT departments have a good understanding of each other.

'Quick wins' to help promote such an understanding include helping the legal department to understand where data resides in their organisation and how long it might take to collect it. The legal department could test how long it would take to get hold of a particular email in a particular area of the business. It would also be useful to clarify high-level responsibilities (it can be difficult to take ownership of these challenges as they can sit between the chief information officer and the head of legal).

Above all, companies should educate the legal department on matters of data storage and data retrieval – this should become an ongoing initiative to keep lawyers up to speed on technology developments in their organisation. In-house lawyers need to appreciate that electronic data can be manipulated to benefit legal teams in a way that was not possible in the paper world. Properly managed, it can help a business to respond more effectively to a regulatory investigation or to stay ahead in litigious proceedings.

Alex Dunstan-Lee is a director at KPMG Forensic.

———————————————————————————————————————————————–

Is the legal department ready to manage data? Some key findings:

• 60% of respondents were concerned about data management costs
• 56% were concerned about security issues
• 55% were concerned about the consistency of records management policies
• 54% were concerned about data volumes
• 50% were concerned about the legal department's ability to find data
• 40% admit it would be difficult to retrieve data in the event of a regulatory investigation or litigation