T&R: E-discovery costs have been onerous for a while. Are they getting worse?
Diamond: Yes. There were more settlements of civil lawsuits last year than any other time. We believe that when faced with e-discovery costs that are higher than the claims themselves, many companies decide to settle claims. Last year, more than 38% of all settlements in civil litigation were either influenced, or strongly influenced, by the potential discovery costs, according to a study by the Federal Judicial Center. The danger is that companies that settle all the time build a reputation as soft targets.

T&R: What about WikiLeaks?
Diamond: Both governments and corporations face a new information security and public relations threat: large-scale leaks of e-mails, files and other sensitive electronic documents intended to embarrass, harass or damage an organization. Governments have already been the victims of leaks from sites such as the WikiLeaks document archive, and, at the time of this writing, WikiLeaks was rumored to be readying a "megaleak" from a U.S. bank. Some fear that "WikiLeaking" may become a common tactic to hurt companies and other organizations. It appears that most of the documents come from disgruntled employees or other individuals with access to large amounts of information. What makes WikiLeaking different is the sheer quantity of documents published. WikiLeaking thrives on quantity over quality.

T&R: Some companies delete all e-mail after 30 days. Does this work?
Diamond: Nearly all companies retain too many older, unneeded documents that have no business value or regulatory retention requirement. But aggressive deletion strategies often backfire. When employees know e-mails will be deleted, they engage in underground archiving, saving e-mails on USB drives, printing them out or even sending work e-mails to their home accounts. This increases the cost of e-discovery, forcing companies to search in more places. An employee came up to me after a seminar and bragged that he forwarded all the e-mail he received and sent at work to his home computer and every three months put it on a CD. Regulators are savvy to this and often widen their search. For example, incriminating e-mails from Lehman Brothers traders were found on the traders' wives' e-mail accounts.

T&R: How can companies improve the management of their data before an inquiry?
Diamond: Companies are beefing up their record retention programs, implementing technology to better store and control their electronic information, educating employees on appropriate use of company information and developing defensible, ongoing data deletion programs. Paper-based record retention programs focused on how long documents should be saved. The new approach is to strive to control information while allowing employees to access it. E-mails that are captured and controlled in an archive, for example, are available to search during discovery, and most important, enable easier deletion when the e-mails no longer have business value.

T&R: Is there a return on investment for these efforts?
Diamond: Yes, but ROI can be difficult to measure. Companies see a reduction in data storage costs, for example, when they delete older data. But the largest savings come from avoiding expensive discovery costs or compliance risks. Some companies have a predictable enough litigation stream to calculate a specific ROI. But most companies face variable amounts of litigation, so no one knows for certain the number or size of next year's lawsuits, for example, in order to project the cost savings on e-discovery. Many in-house counsel understand that their company is at risk and should invest in better records compliance and litigation readiness, but they are frustrated because they cannot forecast a specific ROI. CFOs should take a big-picture view of these risks and costs.

T&R: Which groups typically run these programs?
Diamond: In many companies, everyone wants to see these programs executed, but no group actually wants to own them. Often the projects are tossed like a hot potato from legal to IT to compliance to audit. Department heads fear they will be stuck with an unfunded mandate. CFOs play an important role in recognizing that this is an enterprise-wide issue that requires collaboration. The best approach is to create a steering committee jointly managed and chaired by legal and IT. Successful approaches build a consensus across the organization.

T&R: What are the biggest mistakes?
Diamond: Trying to create the perfect policy and the perfect process and obtain the perfect technology. The problem is that records compliance and e-discovery are inherently imperfect. The good news is that the courts and the regulators do not expect perfection. They are looking for reasonable, good faith efforts. Don't let perfect be the enemy of good.

T&R: What level of data control and deletion is achievable?
Diamond: It depends on the particular company, but we have seen organizations over time defensibly delete more than 40% of their structured data and get rid of 60% of their e-mail. This can drive a 30% to 60% decrease in discovery costs. Companies have done this while maintaining or increasing records compliance. It takes some real work, but the right approach can yield real benefits.