What Does A CIO Need To Do When The Company Gets Sued?

E-Discovery Is Something That CIOs Need To Prepare For In Advance
E-Discovery Is Something That CIOs Need To Prepare For In Advance

Lawyers Cost A Lot Of Money

When you become the CIO, you’re probably hoping that you’ll be spending your time setting the strategic direction for your company’s technology future, striking deals with vendors, and generally moving the company forward. However, perhaps you’ve forgotten about the lawyers. Specifically the lawyers who work for the people who will undoubtedly someday sue your company. They are going to be well within their legal rights to ask for a lot of company information, are you going to be ready to find it and provide it to them?

Andrew Conry-Murray was looking into this and he discovered that the Office of Federal Housing was sued they had to search their systems for emails related to the case. They forgot about a disaster-recovery backup that they stored off-site and this mistake ended up costing them an additional $6M in additional expenses to search even more data. Clearly this is something that a CIO has to worry about!

It’s All About The Team

The fancy name for what has to be done in the 21st Century when a company has to produce documents as part of a lawsuit is called “e-discovery” . This is where at the request of the suing party, a company has to dig through all of their electronic documents (emails, reports, etc.) and provide them to the suing party as a part of preparing to go to trial.

Considering how many separate email systems, databases, and siloed data storage systems a typical company has, when you become CIO finding and delivering this information could be a huge undertaking. A clever CIO realizes that this is the type of problem that can’t be solved just by the IT department: it’s going to take a team.

The ability to see into the future is not something that we are born with. However, CIOs need to anticipate that their company will need to have an e-discovery team in place BEFORE you get sued. It makes sense to put together a team before it is needed. The team should have representation from both the Legal and the IT departments on it.

It will do you no good to just have identified who is on the team – they actually have to do some work. Specifically, they should be responsible for setting the company’s policies on data retention, making sure that people are following the policies, and actually doing the e-discovery work when it is required.

The Electronic Discovery Reference Model

If this all seems just a bit overwhelming to you (“I’m not a lawyer”), don’t despair. Smart minds have created something called the Electronic Discovery Reference Model which lays out just what an IT department needs to do in order to conduct a successful e-discovery program.

There is a lot of work that needs to be done as a part of an e-discovery program and not all of it is IT work. In the EDRM, the job of an IT department comes primarily in the first 4 steps. These steps are:

  1. Information Management
  2. Identification
  3. Preservation
  4. Collection

Too Much Data Is Too Much

A CIO’s role in an e-discovery project starts long before the first call from the lawyers comes in. Lawyers are not bad people (necessarily), but at the same time they aren’t IT savvy. This means that they often don’t know how to ask the right questions during an e-discovery project.

Lawyers might ask for any email that contains the word “contract”. Clearly this could quickly create a mountain of results. The IT department can help make sure that only relevant results are returned by working with the legal team to better frame what is being searched for. A search for emails based on “contracts with xyz corporation sent during the summer” will produce much more manageable results.

What All Of This Means For You

In a perfect world, there would be no lawyers or lawsuits. However, since we don’t live in a perfect world, when you become CIO you are going to have to be ready for the lawsuits when they come your way.

The key thing for a CIO to realize is that an e-discovery project is not something that can be handled just by the IT department. Instead, before the first lawsuit shows up, you are going to need to pull together a team that consists of folks from both the Legal and the IT departments.

Even though you can’t stop lawsuits from happening, as CIO you can make sure that your company is ready for them when they come. A bit of planning can end up saving your company a lot of money and you a lot of hassle…

Question for you: what do you think a CIO is going to have to do in order to get the IT and Legal departments to work together smoothly?

Click here to get automatic updates when The Accidental Successful CIO Blog is updated.

What We’ll Be Talking About Next Time

Does anyone besides me remember the movie “Risky Business” from the ‘80s? You know, it’s the one that launched Tom Cruise’s career – he plays a kid who takes some big chances, has an adventure, and then ends up with the girl in the end. Well, CIOs have a opportunity to star in their own version of Risky Business – but their role has to do with selecting and implementing risk management applications that just might save the company…