E-Discovery and Compliance

E-Discovery as a concept is gaining prominence thanks mainly to the legislative impetus in the United States. Even otherwise from a internal and IT Controls perspective it is very important to understand E-discovery and its implications for organizational controls outside of the compliance related framework that it is usually associated with.

Many of the compliance related legislation such as SOX, Dodd–Frank Wall Street Reform and Consumer Protection Act etc have come about primarily because of the large corporate scams and insider trading. It has also been found by investigators out there is lot of internal communication such as mails, transcripts, notes etc which have been circulated by the scamsters internally within the organization at the time when such scams were being conceived and executed.

E-Discovery basically means having some mechanism through which communication by people inside an organisation can be continuously monitored and potential threats identified based on patterns. It is often confused with archiving which is a pre requisite for E-discovery, but the process of e-discovery can happen real time or post event. E-Discovery involves continuously monitoring or looking through volumes of data of internal information from multiple departments and divisions. Compliance managers need to understand whom a firm is working with, what sort of partnerships it’s forming, and what sort of deals it’s structuring, what are the potential threats from a business angle.

E-discovery is also critical where law suits are involved. Companies—including well-known financial services firms—have been fined millions of dollars for failing to produce relevant email evidence in a timely manner. The Federal Rules of Civil Procedure , which govern procedures for civil lawsuits in the United States, were revised in 2006 to clarify the requirements for the delivery of electronic evidence. The rules require that firms be able to search and retrieve requested data within time-lines established by the court. Failure to comply with guidelines can result in hefty fines. For example, when a mobile technology company was found to be withholding damaging email messages from the court, the company was fined $8 million. To be prepared for legal discovery, organizations must know where all their email data is stored, and be able to search through and retrieve that data in a short period of time.

E-Discovery is also useful when organizational records have to be retrived within a short span of time. Many of us would have been at a situation where we need to access partner correspondences dating to a few years ago, and find that archival mails are not retrivable within a short span of time.

 

To facilitate E-discovery, organizations must

a. Understand communication mechanism within the organization,

b. Implement a suitable archival system that combines ease of use, flexibility and security.

c. Implement a DLP tool to enable triggers and alerts