Study: E-Discovery not limited to e-mail.

[ILLUSTRATION OMITTED]

E-mail is no longer the primary source of records companies produce for an e-discovery request, Symantec's "2011 Information Retention and E-Discovery Survey" has found.

The survey also reveals that companies with the best records and information management (RIM) practices in place significantly reduce their risk of court sanctions or fines.

The survey, conducted by Applied Research, includes the responses of legal and IT employees at 2,000 companies worldwide about how they are managing their ever-increasing amounts of electronically stored information (ESI) and preparing for the possibility of an e-discovery request.

Respondents said they answered an average of 63 legal, compliance, or regulatory requests for digital information during the previous year, and IT staff spent 66 hours locating the information.

When asked what types of documents are most often part of an e-discovery request, respondents put files and documents (67%) and database or application data (61%) ahead of e-mail (58%). According to the survey, other sources companies must be ready to produce information from include: SharePoint files (51%), instant messages and text messages (44%), and social media (41%).

According to the survey, companies that employ best practices, such as automating legal holds and using an archiving tool instead of relying on backups, fare dramatically better when responding to an e-discovery request.

Companies surveyed with good RIM practices in place were:

* 81% more likely to have a formal retention plan in place

* 63% more likely to automate legal holds

* 50% more likely to use a formal archiving tool

Firms that employ these practices have a 64% faster response time with a 2.3 times higher success rate when responding to an e-discovery request, the survey found. Consequently, these companies are significantly less likely to suffer negative consequences than companies without a formal information retention policy.

Such top-tier companies are:

* 78% less likely to be sanctioned by the courts

* 47% less likely to lead to a compromised legal position

* 20% less likely to be fined

* 45% less likely to disclose too much information

Despite the risks, the survey found nearly half of respondents do not have an information retention plan in place. Why? Respondents cited lack of need (41%); too costly (38%); nobody has that responsibility (27%); no time (26%); and lack of expertise (21%).

Symantec recommends the following steps for improvement:

2. Periodically delete information according to the records policy.

3. Use backup for recovery. Use archiving for discovery.

4. Deploy advanced legal hold processes and risks.

5. Conduct litigation readiness exercises to determine exposure and formulate a prioritized remediation plan.

6. Know what ESI there is in the organization and where it lives, including text messages, social media, and data in the cloud.