A lawsuit can be a difficult experience for any type of business. As part of a case, many businesses will find themselves dealing with an order of discovery, which requires them to turn over any documents related to the case. As businesses have moved from paper-based documents to files stored on servers, these orders have more often related to electronic discovery—or e-discovery—and go beyond files to include email correspondence and other electronic data.
While courts understand that documents can be lost and servers can crash, it’s important that businesses put procedures in place that demonstrate transparency, rather than cover up. When a business steps forward and claims all related documents were lost, the next step will be to interrogate that business about its data retention policies to prove deliberate concealment isn’t involved. Here are a few things every business should do to prepare for the possibility of a legal case.
Back Up Your Data
The first thing every business should do is have a retention policy. Having your policy in writing will help you if you’re ever questioned about your practices. This policy should address your documents, as well as all of the email messages that cross your server on a daily basis. If you choose to keep your emails for a specific period of time, you should have a logical reason for doing so, such as limited server space. One expert recommends retaining emails for at least six years to cover any legal action that might come up.
Know the Laws
Overall, the law requires that businesses retain data as required by applicable regulations. Those regulations may be set on a local or state level or may be determined by the industry in which the business operates. Publicly-traded companies face data retention requirements under the Sarbanes-Oxley Act (SOX), healthcare organizations must comply with the Health Insurance Portability and Accountability Act (HIPAA), and businesses that accept credit card payments must follow data retention requirements detailed in the Payment Card Industry Data Security Standard (PCI DSS). These regulations relate to government audits and customer privacy, but they can be great places for a business to start when developing a policy.
Set Up Reliable Systems
Even the best data retention policy won’t matter if your system crashes every so often. Putting reliable systems in place will help establish your business’s professionalism, which will be a benefit both in your daily operations and in a court of law. This will include business continuity and disaster recovery (BCDR) strategies and solutions, which will manage how quickly your infrastructure, systems and application can bounce back in the event of failure.
In the first place, you should already strengthen your infrastructure with high availability solutions that ensure maximum uptimes. A potent off-prem cloud-based service or an on-prem appliance that handles load balancing and failover scenarios will be helpful here, by ensuring your business meets service level agreements (SLAs).
This is important for long-term growth, consumer trust and customer retention. More so, if you are running an enterprise-grade services and are contractually obligated to deliver a certain level of service efficiency.
In addition to mitigating instances of downtime and crashes, an HA solution will enable you to have better visibility over system performance and efficiency through performance metrics and analytics.
Educate IT Personnel
Your information systems staff is your top resource if your organization ever finds itself involved in legal discovery. From the start, these team members should be aware of the importance of making sure files and emails can be quickly located when such an order comes through. This includes monitoring system performance and ensuring nothing is being lost during the daily backup process. Set clear responsibilities for this due diligence and make sure the appropriate team members know it is part of their job responsibilities. If possible, send team members to legal courses that touch on e-discovery, such as Georgetown Law’s E-Discovery Training Academy.
As important as it is to avoid circumventing the court system in a legal case, your employees should also be fully aware of the repercussions of communicating in the digital age. Every email they send and every document they save on their devices and company servers could be subject to legal discovery at some point. This includes metadata, which attorneys use as context for the documents and messages they’ve collected.
“Businesses save documents for a variety of reasons,” says Robert May, attorney for The May Firm in California. “E-discovery may be forgotten in all of that. It’s important to craft data and email retention policies and make sure your systems are stable enough that they aren’t disrupting backups. Failure to do so could bring your team members in front of a judge to determine whether you’re intentionally deleting files.”
Businesses must put stable infrastructures in place to ensure their files and email messages are being securely backed up each day. When businesses fully understand the importance of e-discovery compliance, they can educate their own employees and IT support staff to make sure they’re always prepared for litigation.