5 eDiscovery Risks to Avoid in Board Communications

There are, however risks associated with eDiscovery, like any digital document. The risks behind eDiscovery center are primarily data security, inadequate planning, and a lack of education. To successfully address risks, an organization must change how the business thinks — no more silos, regions, or business units. Policies must be used for governance and goals need to be set for business objectives.

Kelly Twigger, Esq., shared some insight on the responsibilities information creates for a company and details 5 risks to avoid in board communications.

1. Failure to Plan for eDiscovery

In 2006, a series of rules illustrated where eDiscovery comes into play. 

1. Litigation
2. Third-party subpoenas
3. Regulatory responses
4. Government investigations
5. Department of Justice second requests

To avoid the consequences of mishandling information,  the following strategy can alleviate your company’s vulnerability to eDiscovery guidelines:

• Create a team that includes a variety of expertise: Information Governance, Legal, IT, and Business. 
• Analyze risks
• Develop a process
• Implement and audit
• Electronically Stored Information (ESI) preservation

Planning processes need specific organizational risks and goals in mind. Often, eDiscovery of board communications occurs as a result of when a decision by the board is in litigation, shareholder derivative actions, breach of fiduciary duty, pension fund cases, etc. 

The consequences of failure to plan for eDiscovery include the following:

• Exponentially higher discovery costs
• Reputation risks through bad publicity
• Potential regulatory violations
• Exclusion of witnesses results in a default judgment
• Sanctions in litigation

2. Email Vulnerability

Email eDiscovery is one of the most extensive types of ESI and, therefore a vulnerability. Phishing is one of the primary cybersecurity risks when it comes to email. Despite the continued threat against cybersecurity, 43% of all board of directors still use emails to send documents and information to fellow board members. (The Evolving Role of the Global Board—Thomas Reuters, 2014). 

Today, experts recommend using a board portal for secure communications. A board portal is an excellent way to provide materials to board members in a contained form where management can control access. 

3. Not Identifying All Sources of ESI That May Be Discoverable

Your eDiscovery team must  thoroughly understand how different forms of communication used by board members interact with the rest of the company. They also need the skills to document and explain ESI communications along with their roles, who uses them, and why. Social media, texts, email, audio files, Word docs, spreadsheets, instant messaging, and photographs are all forms of communication that are discoverable. 

How your board members communicate reflects on the organization. Offer training and implement standardized procedures for board communication with management and with each other to strengthen your company’s weakness against potential incriminating information.

4. Not Understanding How Data Is Captured and Stored

There’s a common misunderstanding about deleted data. While the information might not be easily accessible, it is never entirely gone. It is crucial to educate management and board members on how they might accidentally set themselves up for problems simply because they exchanged and kept sensitive content on company systems. Many cases are won and lost because discoverable information compromised litigation conditions.

5. Failure to Educate Board Members on the Risks of ESI

Just as information is power, prevention is vital in avoiding legal sanctions or prolonged litigation. When your company is preparing to implement company policies on handling information, some helpful training topics should include some of the following:

• Conduct in-person training with board members.
• Use an impartial presenter from an outside organization.
• Consider attorney-client privilege and use counsel to conduct training to shield contents of training from being discoverable.
• Have case studies and materials to support policies and positions.
• Be willing to discuss positions of board members relative to the inconvenience of issues versus risk management for the organization. 
• Be careful with BYOD (Bring Your Own Device). Personal devices used for company communication still fall under eDiscovery guidelines. 

By recognizing and reconciling these eDiscovery risks in your business, you will not pay the cost of being unprepared.