What are some hurdles businesses have created reducing electronic discovery exposure?

Businesses don't want to keep a diary or log everything stated in email.





How have these companies taken on the task of ensuring their emails can't be used against them?|||This is still an evolving area. Below is some advice I've gotten from various attorneys. I do not make any claims about their validity and your mileage may vary.





Don't put anything really important or potentially damaging in email. Once you put it out there it's out of your control and it can and will be used against you. For things that you think could be a legal issue, simply put something like "please call me for more information on the incident 9/17/2010." Seriously.





Not everything is automatically discoverable so you don't have to keep a diary or log of everything ever said in email. However, once the company receives notice that something will become a legal issue, such as a request for information or somebody saying "I'm going to sue you," they need to be very mindful of keeping track of every email and document pertaining to that subject.





It was suggested that a separate email folder be created for that specific case and every email you send or receive on that subject needs to go to that folder. That way your entire email account doesn't become discoverable. You could create a mailing list for Risk Management or XXX Case for all the parties involved so that you can say that only emails sent to this group are applicable when discovery rolls around. Not sure if this holds up or if everybody could always be disciplined enough to do it though.





Don't attach documents to email. Use secure hyperlink or FTP. Keep all documents relative to a case in a single shared folder/FTP to keep your entire network from becoming discoverable.|||A good example would be a company "document retention" policy that clearly and automatically triggers things for destruction, unless manually overridden such as when a complaint is filed. It is axiomatic that you cannot be ordered to produce documents that were routinely destroyed. However, your "routine" will quickly become the focus of the inquiry. Figure out what MUST be kept, how long it must be kept, and then keep only those things.





Note also that employees have an annoying way of keeping things on their "personal" laptops or in some offline storage (for safe keeping) and you may have to deal with those as well. This would be in the form of a policy statement regarding the ownership and possession of company information outside of the central files, and the risks involved in violating the policy.