Proper data management key to e-discovery

Singapore kicks off new protocol for discovery of electronic documents to be used as court evidence, which experts say reinforces need for better information management.
Written by Vivian Yeo, Contributor

SINGAPORE--A new protocol introduced by local jurisdiction regarding the discovery and inspection of electronically-stored data in court proceedings, offers a "huge" opportunity for organizations to beef up their information management practices, according to a Hewlett-Packard executive.

In August, Singapore's Supreme Court issued a new practice direction on the discovery and inspection of electronically stored documents.

The new direction, which went into effect Thursday, spells out the protocol outlining guidelines for the discovery of electronic documents. For instance, it states that material should be produced in their native format for inspection, and copies are to be provided in the specified usable file formats. If inspection of storage media or further forensic work is required, a specified order is needed.

Prior to this, e-discovery protocol was decided by registrars on an "adhoc basis", said Bryan Tan, director at Keystone Law and ZDNet Asia blogger. While the ratio of court cases in which e-discovery is activated is currently "not very high", he added, this does not indicate that electronic documentation is not present or useful.

With the legal protocol for electronic material now in place, there is greater need for Singapore-based companies to better manage their data assets, representatives from technology companies told ZDNet Asia.

Kris Brown, worldwide product lead for HP's document management software, noted in a phone interview that the new protocol and drive toward e-discovery in legal proceedings, offers organizations the opportunity to "take steps toward a better culture for information management".

Security must work with e-discovery

Organizations need to ensure there is some level of interoperability between their security and e-discovery tools, a McAfee executive urged.
George Kurtz, the security vendor's senior vice president and general manager of risk and compliance, said without such interoperability, security-related policies such as encryption would hamper the e-discovery process.
"It is important for corporations to realize their e-discovery strategy needs to dovetail or tie in to the security strategy, because there're many things you're not going to be able to do unless you have the cooperation of the security group--and in many cases, security vendors--particularly…when you try and extract that data," Kurtz told ZDNet Asia during a visit to Singapore last week.
He said the security industry is increasingly seeing convergence in the areas of data loss prevention (DLP), e-discovery, gateway protection and IT forensics. E-discovery elements such as tracking who has access to what information, or how data has been moved or changed, were related to DLP.
"By leveraging DLP solutions in combination with e-discovery technologies, I think organizations would have a leg up on actually being able to…meet some of the requirements [arising from legal protocol]," he said.

Singapore organizations including the government still tend to have "a lot" of manual and paper-based processes, Brown said, but are increasingly working toward digitization. However, they inevitably reproduce the same manual processes in managing electronic data, which could lead to a situation where records are available and customer interaction times are reduced, leaving the root problem unresolved.

"Longer-term, we haven't dealt with the need of the organization to manage that information properly, and that has consequences on e-discovery," Brisbane-based Brown said. "If the information is poorly managed, it will be difficult to find it later and hence it would be difficult to meet the rules of e-discovery in terms of what is a reasonable and fair discovery request. And it would become costly for these organizations in the longer-term."

He said history has shown that organizations that practise good information management "aren't necessarily as badly affected" by legal procedures. "It's almost [a given] that information management produces a by-product of compliance and ease of e-discovery," he added.

Matthew Gyde, general manager of security solutions at Datacraft Asia, pointed out that many organizations, not just in Singapore but regionally and globally as well, do not manage data well.

With the establishment of the e-discovery protocol in Singapore's legal framework, companies that have not already done so, need to invest in the management of their data, Gyde said in a phone interview.

He noted that several organizations in Singapore are addressing requirements from the new protocol or already "have mechanisms in place" to meet them. The financial services and government sectors, he added, appear to be more prepared to handle requirements resulting from the introduction of the protocol.

HP's Brown said the company's customers in Singapore were aware "these rules were coming" and have been assessing if they were ready for legislation relating to electronic evidence. "What we've been advising, and what we’ve been talking to these customers about, is that to just meet the rules is more than possible…however, there are significant benefits as an organization to think about this more from an information management perspective."

"Impossible" to remain status quo
With the introduction of the new protocol, organizations cannot afford not to do anything about their information assets, Brown warned.

"I don't know or haven't met an organization, in recent history at least, that doesn't have some form of electronic data, and I haven't met an organization that doesn't have any interaction with public or other organizations," he said. "Because of those interactions and their electronic data, there is no such thing as status quo."

Citing the legal proceedings involving Enron over the accounting fraud, Brown said there were numerous companies that did nothing legally wrong, but were asked to submit evidence as they had business dealings with the energy giant. Those that failed to do so were eventually fined, he said.

Keystone Law's Tan noted that from a legal perspective, there would be serious consequences for failing to comply with a discovery request. If an organization possesses electronic material that it claimed it did not have or could not locate, the case could be awarded in favor of the opposing party as such behavior may be deemed as contempt of court, he explained.

Editorial standards