But many companies, especially small and medium-sized businesses (SMBs), don't yet have well thought-out and documented policies to save data they may be required to produce in a suit. They may also lack the technology needed to archive it appropriately.
That leaves a gap that managed service providers (MSPs) can fill by expanding their backup-and-recovery offerings to include the archiving, indexing and recovery of old data. They can also reach beyond technology and help create information lifecycle plans that define what data may be destroyed, and when.
The civil procedural changes, which went into effect Dec. 1, mean litigants can be forced to either produce relevant email and other records or demonstrate that they were lost or destroyed according to reasonable, documented policies carried out in good faith.
"It's almost like the Email Archiving Vendors' Benevolent Act of 2006," said Graeme Thickins, vice president of marketing at Eagan, Minn.-based Intradyn Inc., which makes devices to collect and archive email and instant messages automatically. "We couldn't have wished for anything to come along better than this."
The rule puts the onus on IT departments to ensure they have adequate data-retention policies and that an archiving system that can retrieve documents in their original format, including metadata. To satisfy evidence requirements the systems may need to demonstrate that specific documents were not changed after they were archived.
Because the rules apply to civil suits, any organization -- not just public companies or those in financial services and other data-sensitive markets -- can be affected.
The FRCP amendments feed a trend that is forcing IT and legal departments to work together more and more, and some service providers have already taken advantage of the confluence.
Boston-based Iron Mountain's main focus is on data backup, but for a decade it has also provided data-policy consulting to help its customers determine just what needs to be saved and for how long, said Ken Rubin, senior vice president of corporate strategy.
"Most companies have been very late to consciously define and implement an archiving strategy," Rubin said. "One of the clear implications of the new discovery laws is that companies need an explicit archiving policy and technology, because archiving is the way that companies can ensure access and ensure they can apply rules to their records."
Iron Mountain is continuing to upgrade its archiving capabilities to cover more file formats, since lawyers can now demand that documents be delivered in their original format. Rubin said companies looking into archiving should plan a comprehensive approach that combines all of their formats and sources, as those will be the companies that courts look at most favorably when judging "good faith."
Although the rules themselves are newly codified, electronic information has been fair game in civil trials for years, so the changes impose no new burden on either litigants or their IT providers, said Edward McNicholas, a partner with Sidley Austin LLP, a Washington, D.C.-based law firm.
Instead, formal rules on electronic data should be "a wake-up call" for companies that need to review their existing policies and to service providers with the skills to help.
"It's a real business opportunity [for MSPs], because the small to medium-sized businesses are just becoming aware of [the need to retrieve old e-mail and data,]" McNicholas said. "Unless they had complex litigation in the past, they might not be ready."
To get ready, companies should know exactly what information they have and how much it will cost them to retrieve it, Babineau said. Under the rules, litigants in a case have 120 days from the day the suit is first served to begin negotiating the scope of electronic discovery.
"The incentive to negotiate is really not possible unless you know what you have, where it is and how much it would cost to produce it," Babineau said. "That's the big one. Most organizations don't have an understanding of what they have."
With a good idea of what data it has, where and in what format, a company will be better prepared to demonstrate that certain data may cost more money to retrieve than is reasonable or that it was destroyed according to a reasonable, documented information lifecycle management procedure.
Babineau said the attention the new rules bring could boost the fortunes of MSPs that offer data backup and archiving services, if they can expand their portfolios to include data search and recovery in response to lawsuits.
If a company is not able to produce required data or show that it had a good-faith policy in place, it could face legal sanctions including spoliation, in which the jury is told that the company cannot produce potentially damaging evidence and is left to infer what that evidence could have been, said Jonathan Scott, head of the litigation department at the law firm Scott and Scott LLP in Dallas.
All this means that IT and legal will have to work together. More and more, MSPs are "dealing with how technology deals with very common business issues, and sometimes legal issues," said Charles Weaver, president of the MSPAlliance, in Chico, Calif.
"It's both ways. The legal profession is now realizing how important technology is, and I think the technology industry, more specifically the managed service profession, is realizing how important the legal profession is," he said.
On the IT side, several experts said that archiving -- storing data in an easy-to-search method -- is increasingly being distinguished from backup, which is designed for snapshot, point-in-time recovery. Companies that use archiving will be able to easily search for and retrieve specific emails, whereas those which rely on nightly backup tapes for electronic discovery protection may have to sift through months or years of backups, a time-consuming and expensive process.
"The biggest thing I think it changes from the customer's standpoint [is that] the archive and backup process will be more segregated than it is right now," Babineau said.