If there ever was a situation that emphasized the truism “it’s what you don’t know that could hurt you,” new amendments to the Federal Rules of Civil Procedure (FRCP) qualify. The U.S. Supreme Court approved these on April 12, 2006, and they went into effect last December. These rules potentially can affect every U.S. business yours included. All departments within your business need to be aware of them and work with your information technology (IT) department to assure compliance.
“Right now, in most businesses, there is a wide gap between what the legal department knows is required to comply with FRCP and what the IT department knows is expected of them,” says Jim Quiggle, director of professional services development at Agile360 Inc. “It is imperative that a company’s legal, risk management, general management and IT departments get together to determine the risks and decide what each department is going to do to close that gap in order to be prepared for the new amendments to the FRCP.”
Smart Business talked with Quiggle for more insight into FRCP.
What are the new amendments to the Federal Rules of Civil Procedures (FRCP)?
Generally speaking, the new amendments govern the handling of electronically stored information in any civil lawsuit that comes before any U.S. federal court. The new amendments pertain to the handling and disclosure requirements of all data compilations, including e-mail. For IT, this means being able to deliver relevant data by location and description to the court in a timely manner.
Whom do these rules impact?
They impact every business, organization and person that may ever be involved in a federal court case. These would include lawsuits that cross state lines; cases that involve any governmental agency such as the IRS, Immigration, Transportation, Wage and Hour, and Commerce; as well as regulations such as HIPAA and Sarbanes-Oxley and more.
There are no exceptions for company size or nonprofit status. When it comes right down to it, it is hard to think of any entity that could not be impacted.
How does the FRCP impact IT?
Enterprise Content Management (ECM) systems and IT will need to respond more quickly and accurately than before to discovery and internal investigation requests.
The IT department will need to know what e-mail has been stored anywhere in the organization, how to produce it, how much effort is required to produce it, and when and how documents may be deleted.
Right now, a company might be successful with the argument that the technology didn’t exist several years ago to maintain the data in a way that would comply with the new law but that excuse won’t hold up for long. The courts aren’t going to care about systems. They are demanding the information.
Waiting to come up with a plan until you get called into court is too late. By that time, the company may have to drop all other activity just to produce what the opposing attorneys are entitled to and, if the information doesn’t satisfy the court, penalties will be assessed.
Delays can be costly. A jury awarded $800 million in punitive damages when Morgan Stanley repeatedly failed to produce e-mails in a timely manner. In another case, a U.S. District Court determined the appropriate fine for a late response to a discovery request was $50,000 per day.
What needs to be disclosed?
Everything, which includes current and past information that might be on file servers, employee PCs, backup tapes, cell phones, USB drives and Blackberry devices.
What can we do to make sure we comply?
First, identify your risk. While the rules can pertain to all businesses, some are at more risk than others. It is a lot like deciding whether to buy hurricane insurance in California or earthquake insurance in the Midwest. Prepare according to your level of risk.
Develop retention policies that show good-faith operations appropriate for the business needs of the organization. Areas of consideration include relevant compliance regulations, the length of a typical company contract and business value of the data. Focus on your business work-flows, costs of data storage and regulatory compliance too, void policies that could be construed as solely for the purpose of deleting potential evidence. Remember that short retention schedules may be challenged.
As you work on developing a monitoring and archiving system that can rapidly retrieve and sort electronic data, also try to incorporate ways to track paper and any other information that is used in the business. By looking for ways to tie the entire business infrastructure together, you may come up with a system that will give you a return on the investment instead of just another expense.
JIM QUIGGLE is director of professional services development at Agile360 Inc. Reach him at Jim.Quiggle@agile360.com or (949) 253-4106.