Viewing a Lawyer’s Prize Through IT Eyes

eye on laptop screen.jpg

An excellent IT perspective on e-discovery today from Ira Winkler entitled “Arrogant lawyers: the greatest threat to your organization.” Winkler is a well-respected writer on corporate information security.

I’ve witnessed the same scenario in corporate environments concerning e-discovery that Winkler describes in the first few paragraphs such as “information security staff traditionally look at their role in the e-discoery process as ensuring the integrity of the data…” and “many people are intimidated by their organization’s lawyers – they just want to follow orders and gather the data.”

I even appreciate Winkler’s accounts of a couple of projects he’s been involved in and see the same blustering and pomposity in many litigation matters as described by Winkler.

But I don’t quite agree with Winkler’s assertions 1) that large corporations have “unlimited financial resources” to throw at litigation matters or 2) the perception of lawyers as arrogant in the context of dealing with IT professionals.

First, no corporation that I’ve worked with in the last few years involved in e-discovery has unlimited financial resources. True the legal department may enjoy a little more latitude in spending than other departments because of the pressures of corporate litigation, but unfortunately, a lot of that money is NOT spent on thorough, carefully considered e-discovery tools or scrutinized workflows.

Second, what Winkler asserts as the “arrogance” of lawyers in his article is what I would describe as the “technical ignorance” of lawyers. Winkler states that the question “do they even know what they are disclosing?” is the most critical question that information security professionals should be asking their lawyers because “nobody really knows what they are releasing.”

Winkler comments on how he has witnessed companies “try to image the data so that you cannot search the data with text based tools. There seems to be an attitude that if we can’t find the data, they can’t either.” And while I agree with Winkler that this is still unfortunately the attitude of many lawyers today, it’s not because the lawyers are arrogant, it’s because lawyers freely admit that they have no idea how an e-mail archiving system works (or even if the company has one), don’t know how their company’s network share drives are set up, have no clue about the company’s backup procedures, and couldn’t tell you what e-mail system they’re using.

Winkler also neglected to mention one other important player in this game – the outside counsel from a private law firm. I know very few in-house lawyers at corporations that directly handle their litigation matters – that’s usually a job delegated to more experienced litigators from outside law firms. The arrogance factor may be a little higher for those lawyers because of the environment they work in every day. In-house lawyers work for the company. Outside lawyers have to impress their entire portfolio of clients.

Now for the other perspective: Craig Ball offers some excellent practical advice for lawyers in dealing with IT professionals in his article “To Have and To Hold” addressing litigation holds.

My favorite quote from Craig’s article:

“Consider IT and business units, then tailor your forms to their functions. What’s the point directing a salesperson to preserve backup tapes? That’s an IT function. Why ask IT to preserve material about a certain subject or deal? IT doesn’t deal with content. Couch preservation directives in the terms and roles each recipient understands.”

The key phrase there is “IT doesn’t deal with content.”

Now obviously, “content” is practically what IT deals with at every level, seeing as they manage “information.” But IT doesn’t fret about e-mail messages or documents from the standpoint of what they contain – they are much more concerned about how and where the data is stored (e.g. e-mail sub-folders & archives, network shares, what directories can they exclude out of a backup, etc.) Legal cares about the content of data first and then concerns themselves with where it can be located.

One last counter-point I would offer to Mr. Winkler – I completely agree that lawyers must become better educated about information systems at a company and they must understand the risks associated with “releaseing” information, but it is also imperative that IT professionals understand the full environment of the data they lord over.

For example, in just about every corporation that I’ve worked with involving e-discovery, the IT professionals have an extensive and thorough handle on e-mail. But when it comes to managing individual documents and files (Word, PDF, Excel, PPT, etc.) I have yet to find a secure, relevant and professional structure around the management of those documents. Corporations rarely use any kind of document management system or if they do, it’s poorly implemented, and often circumvented to the point of uselessness. That certainly doesn’t help the process of e-discovery.