The Federal Court of Australia is considering adopting e-discovery rules for commercial litigation based on the US’s Federal Rules of Civil Procedure which already specifically allow electronic discovery. (Lawyers Weekly)
What will this mean for companies?
In Linking E-Discovery & Enterprise Security Programs:A Successful Governance Action (pdf) by Jody R. Westby, CEO of Global Cyber Risk LLC, the author argues that "Technological considerations are now front and center in litigation strategy, and discovery issues must be woven into enterprise security programs."
Some of the US FRCP requirements which could be adopted here are:
- a party must provide “a copy of, or a description by category and location of, all documents, electronically stored information, and tangible things that are in the possession, custody, and control of the party.”
- a party can request that they be able to “inspect, copy, test, or sample any designated documents or electronically stored information (including writings, drawings, graphs, charts, photographs, sound recordings, images, and other data or data compilations stored in any medium…)” or to inspect “tangible things that constitute or contain matters within the scope of” discovery.
- a court may not impose sanctions for failing to produce electronically stored information (ESI) that was lost as a result of the “routine, good-faith operation of an electronic information system.” However, the “good-faith operation” of systems requires parties to modify or suspend routine features of a system that may result in the destruction of data that is subject to preservation. A party is under a duty to preserve data that is applicable to pending or reasonably anticipated litigation.
The new Rules will also include "litigation hold" procedures to stop destruction of emails and other electronic messages. Companies will need to have technology in place to ensure that such orders can be complied with.
In summary, Westby says that from the moment litigation is filed or a person has reason to believe litigation may arise, counsel must know:
• What ESI the organization has
• What ESI is relevant
• What ESI should be preserved
• What ESI is subject to privilege or other protections (including intellectual property protections, contractual obligations, non-disclosure agreements, etc.)
• What format is the ESI ordinarily maintained in
• Where the ESI is located and how many copies exist
• What personnel have access to the ESI (within the company and third parties, such as vendors, contractors, business partners, etc.)
• What ESI is not reasonably accessible
• What ESI is expensive and burdensome to produce.
In the US the new rules have had "a significant impact on managerial policies and procedures and operational considerations. Organizationally, they require a much closer working relationship between in-house counsel, the CISO (Chief Information Security Officer), and records management personnel. Operationally, they require a linkage between records management systems and enterprise security programs."