At most organizations, the lawyers handle the legal work, IT oversees the technology and the two departments rarely (if ever) cross paths. That's simply no longer acceptable in an age where information is paramount to success and legal requests to support litigation now routinely involve electronically stored information (ESI), such as e-mails. It is more important than ever for IT and legal to work together hand in hand to develop and implement legal holds policies and practices, or risk costly fines and irreparable damage to the company's reputation.
A new benchmark report from the IT Policy Compliance Group, "Improving Results for the Legal Custody of Information," shows a direct correlation between significant cost savings and mature legal holds practices. While the average costs of legal data holds for large enterprises with normative practices is between $500,000 and $9 million, those with the least-mature practices reported spending between $1.5 million to more than $28 million annually. In contrast, the most mature legal holds practices led to large enterprise costs of only $120,000 to $2.6 million annually. Across all business sizes, the IT Policy Compliance Group research shows those with the least-mature practices are incurring expenses that are more than 10 times those of their peer companies with more mature practices.
Size, industry segment and past experience are not responsible for lower expenses for legal settlements and fees, nor for lower costs in IT to find, protect and preserve information on hold. Rather, the factors most influencing better results among the best-in-class organizations are the consistent practices and capabilities being implemented. These organizations spend 94 percent less for legal settlements and fees and 92 percent less for IT to find, protect and preserve information on legal hold than organizations with the worst practices. So, what are these organizations doing that's working?
Legal holds on information start when an organization learns of, or can reasonably anticipate, litigation or a regulatory investigation. Not all companies notify affected employees and respond to legal requests for data and records in the same amount of time, and that is a key factor in determining how quickly and completely IT and legal can locate and recover subpoenaed electronic records. Approximately one in 10-12 percent-of all organizations surveyed is performing at the most mature levels. These organizations notify employees in less than one hour about a legal hold on records and data and are responding to legal requests for information within one day.
Other strategic actions that best-in-class organizations take include:
-- Maintaining evidence of the handling of data
-- Improving the quality of legal counsel
-- Tracking results to make subsequent improvements.