Technological advancements, mobile-based working practices and ballooning data storage capacity are leaving companies open to a host of legal risks, says a new PwC report. Matt Packer looks at the findings and takes a glimpse at the future shape of data
The legal walls are closing in on companies with large caches of digital data. As well as finding their data-storage responsibilities increasingly daunting, companies are facing heavier penalties for failing to come up with the required materials if they engage – or are engaged – in litigation.
For defendants who are unable to answer disclosure requests from plaintiffs, court fines are becoming more onerous; while, for victorious plaintiffs who have not been able to answer requests from the other side, judges have significantly reduced financial awards. In one recent case, due to an instance of non-compliance, costs to the plaintiff were slashed by 50%: the kind of proportion that could raise serious questions over a lawsuit’s ultimate value – positive outcome notwithstanding.
The details have emerged from PwC’s new report ‘The Future of E-disclosure’, which takes stock of the most pressing concerns that companies have over the mounting pressures of i) storing data; ii) organising it; and iii) being able to present it in a timely fashion during pre-trial discovery stages.
According to PwC’s forensic technology partner, Tom Lewis, ‘Companies are generally good at creating and storing data, but struggle to catalogue and retrieve it effectively. With employees increasingly being able to store information in perpetuity for little or no cost, this challenge will only become more acute.’
Here, Lewis refers to the greater flexibility that employees have for storing documents in web-based platforms and even their own mobile handsets – devices that are slowly supplanting desktop PCs for workers who rely on their shoe leather more than their office chairs.
With internal servers, mobiles and web storage to juggle, have companies reached a point where they are being held hostage by their own data?
PwC’s report was compiled from 211 responses to a recent survey, of which 124 came from technical staff and 87 from in-house lawyers. The survey results were buttressed by a roundtable conference with legal experts, selected for their in-depth knowledge of civil litigation trends and e-disclosure methodologies. From that research, the three biggest challenges facing data-rich companies were identified as:
1. Information technology innovations are posing new risks to the data landscape on a constant basis
While facilities such as online banking were based on traditional models with well-known risk parameters, new developments such as the iPhone and social networks have – according to the report – ‘no risk benchmark’. That makes it ‘difficult to predict what new technologies are coming [and] even harder to predict their risks and impact’. PwC advises that companies need to develop a ‘technology risk-assessment framework’ in order to ‘stay agile and adapt quickly to an unpredictable future’.
2. Corporate data volumes are growing by 40% or more each year as they increase in complexity and variety
Contributing factors to this include i) instant messages; ii) data from social-networking sites such as Facebook, Bebo, MySpace and Twitter; and iii) digitally archived audiovisual recordings. Material from web-based knowledge-management resources is also driving volume, and taken together, these sources are proving increasingly difficult to rationalise.
Challenges relating to discovery and disclosure centre around preparedness: do companies know in which resources they are storing which kinds of information? And are they able to respond to discovery requests without conducting their own internal detective work?
3. Courts and regulators are taking an increasingly dim view of poor e-disclosure preparation
Best practice has become the default position for courts and regulators, and they are no longer interested in hearing about the trials and tribulations of document research from companies who should be expected to have effective procedures in place. In addition to the case mentioned above that ended with a 50% costs reduction to the plaintiff, another saw the imposition of an $8.5m fine on a company that was deemed to have deliberately withheld information, due to the difficulties of extracting material from its archives.
Someone with ample experience of these issues is e-disclosure specialist Alistair Kelman, who doubles as a barrister and an independent expert witness in the field of forensic computing. ‘Failure to preserve relevant electronically stored information to a high standard,’ he told me in an interview, ‘can lead to extraordinary sanctions.’
‘Such penalties,’ he added, ‘were suffered by accountants Vantis, who were sacked by the High Court of Antigua as liquidators in the 2009 collapse of Stanford Investment Bank – owing to their failure to properly preserve the digital evidence. The loss of over $100m in fee income led to the immediate slump of Vantis into administration. Prior to that, it was the 14th-largest accounting firm in the UK.’
Lewis is aware of the exacting standards that companies are compelled to observe. ‘Pressure is building in this area,’ he said, ‘and we fully expect a new in-house function to emerge with responsibilities for data creation, storage and retrieval – most likely under the aegis of the Chief Information Officer.’
Any individual who steps into that role is likely to have a lot on their plate. Mobile handsets are becoming more sophisticated; tablet devices are conquering the territory between mobiles and laptops, and emerging technologies that store new kinds of data are on the march. According to the report, future disclosure challenges are likely to arise from:
• Voice data Speech-recognition technologies that automatically produce transcripts of conversations or statements have been put to an increasing number of business uses, such as videoconferencing. In the interests of accuracy, will companies be prevailed upon to disclose data held in its original, voice-recorded form, as well as the text it was translated to? And will they have the systems in place to make this possible?
• Location data GPS-based tracking devices and other location systems are widely scattered throughout mobile handsets, digital cameras and car navigation hardware. Could location data stored by these devices be deemed discoverable in order to prove that someone was in a certain place, at a certain time?
• Non-jurisdictional servers If it became possible for companies to store data on orbiting, satellite servers, would there be legal hurdles involved in determining the jurisdiction of that data?
• Eye-gaze tracking Manufacturers are working to develop computer screens that can follow users’ eye lines – an evolutionary step from touch-screen technology. Could data collected by these systems be open to discovery in order to prove whether or not someone had read a specific file?
PwC recommends that senior managers must take greater responsibility for their companies’ data-management procedures, and that archiving should not be regarded as merely an IT-department issue. The report also stresses the need for robust disaster-recovery systems – something that will only grow in importance as the data mountain piles up.