Legal & IT – Hello, My Name Is…….

483674497Not surprisingly, in 2014 we had many discussions with our customers about Information Governance issues such as data retention and remediation, privacy and eDiscovery. Very surprisingly, at many of these meetings, we introduced the IT and Legal departments to one another for the first time.

Every good Information Governance initiative needs Legal and IT to work together. For example, it is difficult (and risky) for IT to determine whether data, even backups, can be deleted without some guidance from the legal team. Successfully implementing an email or file share archive – which can save an organization substantial amounts in operational cost and legal / compliance risk –requires Legal to help IT in establishing proper retention policies. For legal, an eDiscovery process (or even a simple investigation) will not go well without enlisting assistance from the right people in in IT.

What’s the Problem?

While it sounds simple to bring these groups together, it’s not, partly because they are trained to think so differently. IT professionals tend to be very precise and careful. When they are asked to provide data protection, it’s not for “most” of the data in a repository – it’s for every single bit. And that data needs to be available and accessible almost every minute of the entire year – think “five nines” availability (99.999%).

Conversely, lawyers are trained to think in flexible, subjective terms. There are only rare situations where a legal concept is set in stone. Most tend to be expressed in terms of reasonableness, a standard which varies based upon the situation, community or industry. In eDiscovery, there are flexible concepts like proportionality, which means that the effort required to collect and process data can consider the cost and effort, and weigh those against the “value” of the case.

Adding to the difficulty is that many lawyers are scared of or under-informed on IT issues. That’s changing as more legal organizations, ethics rules and even clients mandate a higher level of IT competency. But that process will take time.

The Objection Is Overruled

The lack of communication can result in disastrous situations. Using backup media for litigation hold – a “worst practice” — is clearly the result of Legal failing to explain what it needs to preserve for eDiscovery, and IT not explaining how backups work. As another example, Legal is often surprised to learn that an explicit retention policy (e.g. “All email is deleted after 6 months unless filed’) is being subverted by 90% of employees — with IT’s knowledge because it has no ability to enforce the rule and because it normally protects data. Some technology upgrades and data migrations occur in the midst of pending litigation, resulting in the actual or potential loss of data, with Legal learning of the process only after it has begun – to the detriment of the entire process.

What Can We Do?

Fortunately, almost all of these issues can be overcome with more interaction and communication between the two groups. So if you are in either department, make a 2015 Resolution to get to know your counterparts in that “other” department. Your organization will be stronger for it, and you will make yourself that much more valuable.

About the Author: Jim Shook

James D. Shook, Esq., CIPP/US Director, Compliance Practice, Global Technology Office Dell EMC Jim helps Dell EMC’s customers understand and efficiently meet the legal and regulatory obligations for their data, focusing on cybersecurity, privacy, retention and electronic discovery. Along with an undergraduate degree in Computer Science, he is an experienced commercial litigator and a former general counsel to technology companies. Jim publishes and speaks frequently about meeting challenges created by the intersection of law and technology, and has been an active member of The Sedona Conference’s working groups on electronic information (WG1) since 2004 and data security and privacy (WG11) since 2015.