The mounting layoffs, furloughs and job losses currently creating havoc in the US do not bode well for the US economy. But such job losses also force companies to face another stark reality – the potential loss of all of its ESI. Many companies in today’s economy require employees to use laptops, cell phones, tablets and other digital devices in the scope of their duties. What happens when massive layoffs take place? Companies lose control of the digital devices that contain the company’s ESI as former employees are now at home or looking for work elsewhere. Why is ESI so important to a company?
Electronically stored information (ESI) exposes a company to a myriad of risks. The multi-dimensional universe of data privacy of course comes to mind. Cybersecurity is also very important today as many companies and governments continue to get hacked. However, companies not only have to worry about getting hacked or running afoul of the latest data privacy laws and regulations, but also what data to even store, where to store it and how long to store it. Failure to take the where, when and how into consideration can expose the company to unforeseen ESI issues- such as violating US based ESI discovery laws as well as the associated document retention risks.
Electronically Stored Information- Document Retention Risks and Concerns
If a company is involved with litigation in the United States, it has a duty to locate all relevant information, data, and documents—including ESI that are relevant to the case. This can be quite onerous, as it requires:
Familiarity with document retention policies
Involvement with IT personnel
Communication to “key players” of the litigation hold
Location and retrieval of all relevant information wherever that information might be
The legal risks facing a company that fails to handle the above requirements in an economical/efficient manner can be tremendous. Companies have been sanctioned millions of dollars for failing to abide by ESI requirements or, even worse, have lost the respective lawsuits, costing even more. What can a company do to mitigate the legal risks surrounding document management to comply with US legal requirements?
1. Plan of Action
A company must take steps to develop an adequate data and document management plan. It is not too surprising that even the IT Department itself may not have an adequate understanding of where all of the electronically stored documents are considering the plethora of handheld devices that may store documents and other electronic information. Therefore, a company’s management and IT folks need to sit down and map out where all of the documents are located if possible. A document management plan should take the following steps into consideration:
Assess the company’s current use of technology documents.
Locate all in the company’s possession and as well as its employee’s possession.
Use technology to leverage legal requirements.
Retain experts or outside consultants to above or to help implement systems/processes.
Implement policies and procedures addressing all legal risks posed by ESI.
2. Risk Assessment of ESI
To implement an appropriate plan of action, a company must conduct a risk assessment of its processes and capabilities by:
Seeking proposals of vendors (outside experts)
A top-to-bottom analysis
• ESI and paper documents
• Hardware and software
• Management of data
• Retention of data
• Litigation holds
• Disaster preparedness
3. Current ESI Issues
The legal risks facing companies in today’s legal and regulatory climate, especially in the United States, are enormous. Failure to implement a data and document management program that not only addresses a company’s business concerns but legal obligations as well can be disastrous. Therefore, companies must be extremely proactive in this regard before laying off thousands of employees. Not only must companies implement processes to gain control of all digital devices or ESI related devices that it has given to employees, but companies must also take steps to prevent loss of ESI and IP as a result of losing control over such devices.
The main concern a company should have during the Covid -19 related shut-down is whether or not it controls all of the company owned cell phones and laptops prior to laying off its employees. The implementation of a LRM program addressing these concerns is not a luxury but a necessity. It is highly recommended that a company implement a data and documentation management program that addresses ESI and all of its issues.