As a proxy for risk assessment, many legal practitioners are simply asked, “What keeps you up at night?” Aside from (i) small children and (ii) spicy Thai food, it’s becoming increasingly clear that eDiscovery is moving to the head of this inauspicious list, particularly for corporate boards, which now view risk management and regulatory compliance as their top concerns.
In a recent survey, BDO queried more than 100 directors at public companies with revenues between $250 million and $750 million and found that risk management factored heavily into the survey’s findings. Over half of respondents identified managing risk as the topic they should be spending more time on, with 61% saying that their liability risk has increased during the financial downturn.
“In recent years, the responsibilities of corporate boards have grown considerably and much of their time has been dedicated to responding to new regulatory requirements,” says Wendy Hambleton, a partner in BDO’s corporate governance practice, in a statement about the survey. “What we are seeing in this study is a willingness of boards to take a more proactive role in risk management and it seems to be related to the risk they face as directors.”
On a similar risk management theme, another survey queried general counsel about what keeps them up at night. Of these nearly 500 directors and GCs, 56% cited electronic discovery for litigation and investigation, which represented a marked increase since 2007, when only 36% of general counsel said they had the same nightmares.
This increasing concern around compliance and information governance isn’t surprising giving that the regulatory environment (FCPA, UK Bribery Act, Dodd-Frank, etc.) is much more rigorous than it was even a few years ago. And, the fears are that this supercharged regulatory environment will only increase in fervor, with the majority of GCs feeling strongly that it will be the single biggest contributor to their workload through the rest of this year and leading into 2012.
What is interesting about these concerns is the disconnect between the very real fears and the lack of action – since many practitioners simply aren’t taking proactive steps to mitigate their information governance risks. In an extension of the nightmare analogy, it’s like repeatedly watching scary movies right before bedtime and then being surprised when Freddy Kruger shows up in their dreams.
Symantec’s recent Information Retention and eDiscovery Survey revealed how blissfully ignorant some enterprises are about their shoddy information governance hygiene. Despite the numerous risks that are keeping so many up at night, the survey found nearly half of the respondents did not have an information retention plan in place, and of this group, only 30% were discussing how to do so.
Most shockingly, 14% appear to be ostriches with their heads in the sand and have no plans to implement any retention plan whatsoever. When asked why folks weren’t taking action, respondents indicated lack of need (41%), too costly (38%), nobody has been chartered with that responsibility (27%), don’t have time (26%) and lack of expertise (21%) as top reasons.
While it is important to get a good night’s sleep, it isn’t wise to slumber through the night with an army of ESI zombies ravaging your house, particularly when it’s possible to implement even the most basic information governance plans.
It’s beyond blissfully ignorant to ignore real risks and snooze away during what is assuredly an escalating regulatory climate. Instead, put the best possible people, processes and technology in place, and start again, well rested, in the morning.