About 42 percent of the 170 IT managers and staff surveyed said they did not know the status of their company's preparation for the new rules, while 32 percent said their company was not at all prepared.
The new rules specify requirements for submitting electronic documents -- including email and perhaps even IM logs -- as evidence in civil cases.
The rules were recommended in Sept., 2005, by the Judicial Conference of the U.S. Supreme Court's Committee on Rules of Practice and Procedure. Some states have instituted similar rules (see " ").
If the survey is correct, a widespread lack of preparation that could lead to large fines to companies, said John Bace, an analyst for Gartner Inc., Stamford, Conn., who said the Computerworld survey results are in line with his research.
The new rules, described in a 300-plus page document, require that companies that are involved in civil litigation meet within 30 days of the filing to decide how to handle electronic data. The firms must agree on what records are shared, which electronic format is used, and a definition of "accessible data."
Courts have indicated in past actions that penalties for failure to comply could be harsh ' and costly. Even before the rules were recommended, Morgan Stanley was fined US$1.5 billion -- half of which was punitive -- in May 2005 when a judge ruled that it had failed to preserve information.
Of the Computerworld survey respondents, 15 percent said their company was halfway or somewhat prepared, while 5 percent said their company was completely prepared. Twenty-two percent said they had prepared for the new rules by reading about them, and a few said they had retained inside or outside counsel to prepare. A number of respondents also said this was the first time they had heard of the new rules.
Don Green, manager of accounting and information systems at Texas Aromatics LP, a petrochemical company in Houston, said he had not even been aware of the rules changes before receiving the Computerworld survey, but he said he was going to speak to his outside legal firm to determine what the firm needed to do.
Jack McLaine, assistant vice president of MIS for Leesport Financial Corp., a Reading, Pa.-based insurance, investment and retail company, said the firm began taking steps to meet the rules a year and a half ago ' before the new recommendations had even officially been made. "We knew it was coming," he said. "We couldn't say, 'We'll do it next year.' We said, 'We've got to do this now.'"
Leesport spent $60,000 to set up an email archiving system, including document scanning, based on the Dynamic Information Services product from Permabit Inc., in Cambridge, Mass., he said. Since then, he has added redundancy and failover capabilities as well.
But most corporations aren't that well prepared, which Bace blames primarily on corporations' general counsel. The changes are to rules that haven't been modified since 1994, and many corporations' general counsel were simply not aware of them, his research indicates.
This is despite the fact that a number of legal organizations have held numerous seminars over the past few months to inform counsels of the new rules. For example, Fios Inc., in Portland, Ore., said it had held 15 seminars serving more than 1,000 people, in addition to free webcasts.
Corporations' general counsel should have acknowledged the new rules and had a conversation with the CIO about whether the organization was prepared, Bace said. As with the Sarbanes-Oxley Act of 2002, IT has to be involved from the beginning to ensure it can produce the records the rules require, he said.
A similar survey performed in May and June by AIIM, the Association for Information and Image Management, based in Silver Spring, Md, described its concern about electronic discovery as a key driver in implementing email management, with 25 percent of those surveyed indicating they had had to respond at least once during the past year to an ediscovery request, and that in organizations with more than 1,000 employees, more than 21 percent reported more than 10 instances during the past year in which email was tapped during ediscovery or during an internal investigation.
The most important preparation organizations can perform now are, first, take the steps required to be able to tell a judge what discoverable information the organization can provide and, second, develop document retention policies and content management procedures to help protect the organization in case documents get lost, Bace said.