5 eDiscovery Risks to Avoid in Board Communications

Reading Time: 4 minutes

“Information technology and business are becoming inextricably interwoven. I don’t think anyone can talk meaningfully about one without talking about the other.” Bill Gates.

Some organizations have paid dearly during eDiscovery, the collection and review of business’ electronically stored information, simply because they didn’t know better, thinking that their Directors and Officers insurance would cover all discovery costs. But D&O insurance can be easily exhausted covering eDiscovery, since it is common for insurance providers to write liability policies without considering the costs if a plaintiff requests a backlog of electronic documents (like email).

While most organizations know how to prepare for the traditional discovery process, they don’t know how to properly prepare for eDiscovery, either out of ignorance of the cost of eDiscovery or they lack the systems to legally manage their business’ electronic information. Not properly preparing for eDiscovery leaves your business vulnerable to exorbitant discovery costs, loss of reputation, and potential regulatory violations.

What is eDiscovery?

According to Kelly Twigger, an attorney and eDiscovery Strategist, eDiscovery is the identification, collection, review, and production of electronically stored information, or ESI.  It used to be attorneys would begin the process of discovery by collecting files and interviewing custodians involved in a new case. Today, information is scattered throughout hard drives, emails, texts, spreadsheets, and the like. Collecting pertinent information for a case requires a huge filtering process. To aid in the legal pathway, federal law has stepped in to help define the perimeters of information and how a company should handle it.

“A party has a duty to preserve information that may be responsive when it knows about or reasonably anticipates litigation.” Zubulak v. Warburg, 220. F.R.D 212 (2003 S.D.N.Y)

Know the risks.

To successfully address risks, an organization must change the way the business thinks. No more silos, regions, or business units. Policies must govern and be enforced. Goals must  be determined as business objectives.

Kelly Twigger, Esq., shared some insight on the responsibilities information creates for a company and details five risks to avoid in board communications.

Risk One: Failure to Plan for eDiscovery

In 2006, a series of rules was established illustrating where eDiscovery comes into play.

1. Litigation
2. Third-party subpoenas
3. Regulatory Responses
4. Government Investigations
5. DOJ Second Requests

In order to avoid the consequences of mishandling information,  the following strategy is recommended to alleviate your company’s vulnerability to eDiscovery guidelines:

1. Create a team that includes a variety of expertise: Information Governance, Legal, IT and Business.
2. Analyze Risks
3. Develop a Process
4. Implement and Audit
5. ESI preservation

Planning should be done with specific organizational risks and goals in mind. Often, eDiscovery of board communications occurs as a result of when a decision by the board is at issue in litigation, shareholder derivative actions, breach of fiduciary duty, pension fund cases, etc.

The consequences of failure to plan for eDiscovery include the following:

1. Exponentially higher discovery costs
2. Reputation risks through bad publicity
3. Potential regulatory violations
4. Exclusion of witnesses results in a default judgement
5. Sanctions in litigation

Risk Two: Email vulnerability

What email address do your directors use to communicate regarding company issues?

Despite the continued threat against cybersecurity, 43 percent of all Board of Directors still use emails to send documents and information to fellow board members. (The Evolving Role of the Global Board—Thomas Reuters, 2014).

Today, experts recommend using a board portal for secure communications. A board portal is an excellent way to provide materials to board members in a once-contained form where management can control access.

Risk Three: Not Identifying All Sources of ESI That May Be Discoverable

Your eDiscovery team must clarify how different forms of communication used by board members impacts the company. Social media, texts, email, audio files, word docs, spreadsheets, instant messaging, photographs, etc., are all forms of communication that is discoverable.

What your board members do and communicate reflects on the organization. Offering training and implementing standardized procedures for board’s communication with management and with each other strengthen your company’s weakness against potential incriminating information.

Risk Four: Not Understanding How Data is Captured and Stored

There’s a common misunderstanding about deleted data. While information may be deleted, it is never fully gone. It is important to educate management and board members on how to avoid setting themselves up for problems simply because they exchanged and kept sensitive content on company systems. Many cases have been won and lost because discoverable information compromised the conditions of litigation.

Risk Five: Failure to educate board members on the Risks of ESI

Just as information is power, prevention is key in avoiding legal sanctions or prolonged litigation. When your company is preparing to implement company policies on handling information, some helpful training topics should include some of the following:

1. Conduct in-person training with board members.
2. Use an impartial presenter from an outside organization.
3. Consider attorney-client privilege and use counsel to conduct training to shield contents of training from being discoverable.
4. Have case studies and materials to support policies and positions.
5. Be willing to discuss positions of board members relative to inconvenience of issues versus risk management for the organization.
6. Be careful with BYOD. Personal devices used for company communication still fall under eDiscovery guidelines.

By recognizing and reconciling these eDiscovery risks in your business, you will not pay the cost of being unprepared.

Information strengthens a company, but with it comes responsibility. By integrating a plan for information pathways, securing electronic communication, understanding ESI sources, recognizing how data is stored, and educating board members of best practices for handling ESI, your company can avoid the risks that often accompany litigation and enjoy the benefits of a cohesive — and informed—organization.

Further Reading:

          

If you’d like to learn more about our board portal software, OnBoard, we’re here to answer any questions you might have: