According to a new survey, more companies than ever have a strategy to address electronically stored information (ESI) discovery, but may not know what it covers or when it was last updated to reflect new technologies. Whatever steps companies have taken to protect and find information are quickly undone by their inability to revisit their policies after they are developed.

Kroll Ontrack, which provides technology-driven services and software to help legal, corporate, government entities and consumers manage, recover and search data efficiently and cost-effectively, surveyed 200 corporate IT and legal departments to get a better idea of how these offices are preparing for and responding to discovery requests and the challenges that rapidly changing technology, increased regulation and constrained budgets may bring.

We spoke with Kristin Nimsger, president at Kroll Ontrack and Jason Straight, vice president of legal technologies and business development about the Fourth Annual ESI Trends Report and what it means for the enterprise.

Trends in Corporate ESI Discovery

The report found that while companies were successful at implementing strategies regarding ESI and are confident about the ability to hold up in court, results also indicate that policies are not being revisited or updated to reflect changes in technology the company may employ. By breaking into 15 findings, the report covers everything from early case assessment to legal hold technologies to data mapping to litigation budgets and everything in between. Here’s a snapshot of what the report found:

Document Retention & Archival

  • 79% of companies in the U.S. have a document retention policy
  • Roughly three in five companies in the U.S. have an archiving technology platform in place to manage the storage and destruction of ESI in an automated fashion
  • Overall, IT (67 percent) is more aware of implemented archiving technology than legal (58 percent).

Legal Hold

  • 53% of companies have a mechanism in place to suspend their organization’s document retention policy
  • Almost one quarter (24%) of companies do not possess a legal hold tool

Confidence & Defensibility

  • 54% of companies believe that their ESI discovery strategy for responding to litigation or regulatory matters is repeatable and defensible.
  • IT (91%) is more confident than legal (73%) in the defensibility of their archiving platform

ESI Discovery

Learning Opportunities

  • Over half of companies (52%) in the US have an ESI strategy for responding to litigation or investigatory matters
  • 27% of legal as opposed to 18% of IT do not know if their organization has a policy in place

Testing & Repeatability

  • 40% of respondents tend to agree and 23% of respondents strongly agree that their organization’s ESI discovery strategy is repeatable and defensible.
  • 38% of respondents have tested their policies
  • 45% of respondents do not know if their policies have been tested

Cooperation & Responsibility

  • In the U.S., legal and IT are sharing an increased responsibility (44%) to develop and enforce the company’s ESI discovery strategy.

Updates & Follow-Up

  • 24% of companies in the U.S. have updated policies to reflect mobile devices and privacy laws than any other technology.
  • 55% of companies either have not updated policies at all or do not know if updates have occurred

Adding it All Up

Some of these numbers are very promising, indicating that companies understand the importance of creating and implementing strategies. But it seems that many have a false sense of security. By not actively updating their policies, they could be exposing themselves to great risk. Additionally, though most companies think that that both IT and legal have a shared role in developing policies, there are still many within these departments that don’t know exactly what’s going on.

Nimsger and Straight agree that while companies have good intentions, they may be too reliant on tools to solve their problems. In some cases, manual labor may be needed more. Looking forward, Nimsger thinks that more companies will begin to recognize the practical limitations of their policies and as a result will bring more "good technology" on board.

Just as the integration of e-Discovery solutions was slow to develop within the enterprise, so will the integration of policies that manage those solutions. Companies may not intentionally put themselves at risk, but if they are not careful, it may be too late to revisit their policies.