Where great minds meet Honeycomb Connect
Home | My Cell | Help | Contact Us
Select Hive/Cell
Corporate Information Technology (CIT50)
March 20, 2018  
Corporate Information Technology (CIT50)
Corporate Information Technology
Executive Member Profiles
CIT50 Executive Reports
Solutions Exchange Gallery
About Honeycomb Connect
Contact Us
Corporate Information TechnologyCIT50 Executive Reports
Preparing a Litigation Response Plan
March 1, 2007
...back to list

Find Out More

Since entering the office environment, the personal computer has transformed the way people work. Whilst vastly improving productivity, the PC has simultaneously triggered an explosion in the volume of data stored electronically. This data has progressively become a key focus for corporate legal teams. Email in particular, for many the primary medium of communication, is now a rich source of investigative leads.

These days, the volume of data stored electronically has reached exorbitant proportions.[1] As a result, it’s proving more and more of a challenge to store corporate data and subsequently locate specific pieces of information. Therefore, producing electronic evidence when it comes to litigation can be time consuming and potentially crippling for companies that are unprepared for the task.[2]

The 2006 Fulbright and Jaworski “Litigation Trends Survey,” paints a gloomy picture of the growing trend towards more corporate litigation worldwide[3]. The common issues of contention highlighted by the survey include: labor disputes, contract disagreements and regulatory matters, followed by intellectual property and patent protection.

“One of the fastest growing parts of eDiscovery litigation today is parties attacking each other’s processes,” says John H. Jessen, Founder and CEO of Seattle based Electronic Evidence Discovery, Inc. Companies unable to defend themselves and their processes in court face the prospect of legal defeat and the ensuing penalties.

Security and white-collar crime

Bruce Erenkrantz, Vice President of Development at Ingram Micro Inc. and Honeycomb Connect executive member, answers questions on securing his organization against employee crime...read more.

Leaving the whole issue under the mantle of IT can lead to problems. Legal wrangling may not be the IT department’s specialty, the technical and adversarial nature of a legal dispute being as it is. Sound discovery practices can often make or break a case, so having a proactive strategy in place and being prepared for defensive process attacks is the best way of dealing with an issue that can rear its head at any time.

Preparing for litigation depends on the nature of the business and what disputes are likely to arise. Here we will take a closer look at some of the situations that organizations could face in terms of litigation, and examine a few of the considerations in preparing what Jessen calls a “litigation response plan.”

Managing emails

A large proportion of corporate litigation procedures deal with employment matters, in these cases its not just formal documents but informal channels of communication such as emails or instant messenger programs which matter. Cellphone records can also reveal useful information from the incoming/outgoing call log, says Forensic Investigator Richard Smith. Being able to bring all these documents together and show how they interplay is a significant advantage in the courtroom. Email retention policies clarify the firm’s right to archive emails stored or received on a company’s system.

Before we begin, it is worth noting two changes, instituted last year, to the U.S. federal rules of discovery, which have affected the way corporations plan their discovery process. Firstly, parties involved in litigation today are required to meet-and-confer, typically within 40 days of filing the litigation, to discuss the electronic discovery model. This doesn’t leave much time for an organization to prepare evidence if they don’t know where to find it. The second point of note is the new concept of accessible data. If a firm believes some data set is too difficult or costly to retrieve, they can claim that it represents an undue burden and should be disregarded from the litigation process. In order to make this argument a firm must show a level of analysis and process that proves something is not accessible.

One of the biggest challenges in electronic evidence discovery is the sheer volume of data, because companies tend to store everything. Prior to the digital revolution the majority of corporate data was stored on complicated mainframe systems. Retrieving data from these legacy systems can be time-consuming and costly.

Generally speaking, documents are kept for two reasons: either the business needs them to function or the government says they have to be stored. A third consideration is whether records are needed for legal reasons, i.e. a litigation hold has been placed on them. Documents that aren’t vital are usually destroyed, which makes it easier and cheaper to comply with discovery requests. Having a formal data-destruction policy in place is vital in legal proceedings. With it, a company is more likely to hold onto the right information, while avoiding arousing suspicion when some pieces of information are no longer available. Documenting procedures and sticking to them is crucial, because deviating from prior practices can compromise the integrity of information. Automation is useful here, and electronic record-keeping software exists that can turn databases into legally defensible records management systems. If files are not saved in an appropriate and easily accessible fashion then retrieval costs can run into millions of dollars and become a source of serious frustration.

Things to consider when bringing eDiscovery processes in house:

  • does your workload support internalization
  • can your staff handle the additional burden
  • what is the capital expenditure for IT equipment
  • who will manage the new IT equipment
  • what types of projects are best suited for vendors and consultants (a third party perspective may be useful when preparing for litigation).

Patrick Oot, Director of Electronic Discovery and Senior Counsel, Verizon Communications

At Verizon Communications, the electronic discovery team, formed in 2005, is charged with developing a uniform policy governing the collection, retention, review and production of electronic data while reducing vendor costs and minimizing risks. Verizon’s Director of Electronic Discovery and Senior Counsel, Patrick Oot, says one way of controlling the cost of eDiscovery is through efficient file archiving and document retention processes, while also facilitating easy exporting to the document review platform. High retrieval costs can be minimized by conducting initial eDiscovery in-house and then providing vendors with the search terms. With a retrieval-oriented architecture, a company is “ready to go to war” immediately, says Oot. Maintaining ownership can also prevent outsiders from creating problems. Often external law firms or vendors try and impose conflicting alien models on a company, which can lead to confusion. “You know your organization the best,” says Oot, “and you know where the bodies are buried.”

Many of the top federal regulations have stipulations which affect a company’s record retention policy. Different regulations target specific industries, the strongest governing the financial sector. For example, the Sarbanes-Oxley Act requires that all public companies save every record that informs the audit process, e-mails included, for seven years. Parts of the Gramm-Leach Bliley Act address the collection and dissemination of non-public customer information and outline controls to protect this information, and the Health Insurance Portability and Accountability Act has similar requirements pertaining to a patient’s records.

One of the most alarming trends in corporate litigation today arises from bad behavior by employees. According to a worldwide study by CIO and PricewaterhouseCoopers[4], 33 percent of information-security attacks originate from employees while another 28 percent come from ex-employees and partners. The research suggests that companies are preparing themselves to respond to incidents that include inappropriate web surfing, hacking, fraud, theft of trade secrets, threatening behavior or harassment of coworkers, and competitive business start-up. Conducting an internal investigation around these kinds of incidents and preparing evidence to present to law enforcement is no easy task, and the situation is only made worse by the hydra of virtual offices, telecommuting and personal storage devices such as Ipods and flash drives.

Verizon Communications
Fulbright and Jaworski
RCFL Program
Boston Software Forensics
Electronic Evidence Discovery
Emerging as a direct result of the failure to control business information, the science of computer forensics utilizes novel techniques to recover useful digital evidence—which may have been destroyed in an effort to cover up wrongdoing—as well as analyzing and evaluating its usefulness in legal matters. Computer forensics or electronic evidence recovery is a powerful strategic weapon for litigators and companies are now in a position to conduct internal investigations themselves. Private companies like Guidance Software (founded in 1997) and AccessData (founded 1987) offer tools to corporate clients to help them facilitate their own electronic investigations. The forensic services market amounted to $69 million in 2004, up from $24 million the previous year but still a fraction of the much broader electronic evidence discovery market. Computer forensics is a very specific application of knowledge and tools for answering explicit questions about particular data files; it’s rarely conducted against thousands of data files because of the costs associated with it and because there are typically only a few files that require such analysis in any given matter, says Jessen.


The first responder’s role is critical to a successful conviction, so it’s particularly important to understand the standards that pass as acceptable forensics, i.e. what is admissible in court. “We conduct computer forensic activity by obtaining the digital evidence we need in a forensically sound manner and maintaining a stringent chain of custody to ensure that the evidence will stand up in court,” says Gerard Cocuzzo, FBI Unit Chief of the Regional Computer Forensics Laboratory (RCFL) program. He adds that a company which employs its own team of investigators should follow the same principals. A staff person trained in forensic computing analysis, ideally someone with a law enforcement background, is a particular advantage. But, there’s always a danger that electronic evidence will be overlooked or mishandled, reducing its usefulness in court. “Once you know there has been an issue, you want to avoid making any changes after-the-fact,” says Richard M. Smith a Forensic Investigator with Boston Software Forensics.

RCFL Program

The Federal Bureau of Investigation’s RCFL program started in 1999 when a coalition of law enforcement agencies came together in San Diego to address the overwhelming amount of digital evidence they were receiving in state, local and federal legal cases. In 2005 the number one type of crime that investigators requested the help of RCFL with was child pornography, followed by white-collar crime. Former Enron Chief Financial Officer Andrew Fastow received a six year sentence and had $30 million worth of cash and property confiscated, based partly on evidence uncovered by the Greater Houston Regional Computer Forensics Laboratory (GHRCFL). As part of the Enron Task Force, formed in the weeks following the company’s bankruptcy announcement, the GHRCFL processed 31 terabytes of electronic information—the equivalent of the contents of 15 academic libraries—including thousands of e-mail transactions and documents seized during the multi-year investigation.

Documenting what processes are used in electronic data recovery is another crucial step in assuring the usefulness of evidence as well as complying with government regulations. One thing Cocuzzo recommends as far as digital evidence is concerned is having very good quality assurance and quality control programs. This sentiment is confirmed by Detective Andy Kleinick of the LAPD Computer Crime Unit, who says documenting the electronic crime scene and preserving evidence based on a pre-established incident response plan is crucial to a successful conviction. He says common mistakes include: a lack of documentation; failing to properly preserve and store evidence; failing to gain technical assistance when in doubt; waiting too long to report an incident; lack of training; overlooking key evidence; altering evidence; turning computers on; and trampling the electronic crime scene.

Ultimately, litigation is an ugly affair and no policy or procedure will ever stamp out bad behavior altogether. That being said, the very nature of the legal system compels a firm to do its utmost to conduct its processes correctly, because if they don’t the other side stands to profit.

[1] “As a whole the world produces 1-2 exabytes of unique information annually (only 0.003% is printed),” Dennis Brixius, VP, Risk Management and CSO, The McGraw-Hill Companies

[2]“Ninety-nine percent of work created today is born electronically, it's consumed electronically and then it retires electronically,” John H. Jessen, Founder and CEO, Electronic Evidence Discovery, Inc.

[3] Fulbright and Jaworski “Litigation Trends Survey,” http://www.fulbright.com/mediaroom/files/2006/FulbrightsThirdAnnualLitigationTrendsSurveyFindings.pdf, January 7, 2006

[4] “The Global State of Information Security 2005,” http://www.cio.com/archive/091506/security_survey.html, January 07, 2006

Printer-friendly version
E-mail this to a friend
Comment on this story
...back to list
Member Site Tour
User Name:


Forgot password?
My Cell | Help | Contact Us Privacy Policy | Legal disclaimers
Copyright © Honeycomb Connect