And you might be thinking this is nothing more than another pain-in-butt process. Wrong again, says McCarrick and one reader, both of whom say the thought processes and policies required by these new rules will be a boon, both to IT and the corporations they serve. For one thing, having such a system in place is helpful to a company from both a compliance standpoint (think Sarbanes Oxley certification) and a risk management perspective. For another, it forces serious thinking about the risks tied to data retention policies. Maybe sales wants to hang onto meta data, but is it worth the legal exposure? It might not be.
Also, up until now - most companies have dealt with legal discovery by hiring third parties to search their data and pull all the threads together. Every case brought in another vendor. There were no cost savings as the wheel was reinvented over and over, according to McCarrick. But now that user companies will have to build these systems, the benefits are multifold: greater control of data (more of which is kept inside of the firewall); vendors will likely be forced to offer more sophisticated and nuanced services; and very probably, we'll see some consolidation and standardization of the services performed by those vendors.
The most important, and you might say, priceless, impact, though, involves the ability to sway a jury, no matter how weak a case, and the ever popular question of who is paying for this settlement anyway? No matter how strong your defense, if your company fails to meet its obligations to preserve and produce relevant data, a judge could (and they have) slap you with a charge of "adverse inference," which gives the jury carte blanche to assume all the information you did not produce was incriminating. This can turn a jury, as it did in the Coleman v. Morgan Stanley case, resulting in staggering damages.
And it gets worse. As noted in my earlier post, the insurance companies are not going to stand idly by and absorb this. McCarrick says there is widespread discussion over whether incurring such a charge would trigger the cooperation clause that is standard in most corporate insurance. In short: if you make matters worse through your own incompetence, or negligence, then they might not have to pay. There is a bright side: those same insurers are tossing around the idea of categorizing companies by risk factors, which means a solid e-discovery policy could get you better rates, along with peace of mind.