ESI Policy Growth: A UK/US Divide

December 10, 2008

Any attempt at quantifying the growth in electronically stored information within the business environment runs the risk of absurd understatement; such has been the shift to digital communication and record keeping in the last ten to 15 years.

Inevitably there has been a lag in terms of business reaction to this trend and this lag is especially noticeable in the area of litigation preparedness. Particularly in the UK, companies have been slow in recognising the legal, and ultimately financial implications of having relevant documents ready for disclosure and, with the economic environment increasingly hostile, an awareness of those implications is ever more crucial.

Awareness and Policy

The news, though, is not all bleak. Recent research commissioned by Kroll Ontrack (Kroll Ontrack Second Annual ESI Trends Survey 2008:  An international survey of in-house counsel and their practices for managing electronically stored information (ESI) in litigation and internal investigations) found that there has been a considerable growth in ESI awareness and policy enactment over the past 12 months.  This demonstrates that high-profile sanctions cases and education regarding ESI have been a real wake-up call to corporations and their legal teams.  However, British companies are lagging behind their US counterparts in their readiness to cope with the risks involved in legal actions, where huge volumes of computer-stored information play a crucial role.  Many companies are failing to appreciate the legal and logistical issues involved in the disclosure of often sensitive information in litigation or regulatory investigations and ensuring that they can provide details of anything that qualifies as electronic information.

Our study found that whilst 70% of US companies have policies in place to deal with ESI in a litigation process (compared with 40% in 2007), only 53% (compared with 43% in 2007) of those in the UK can rely on a similar level of preparedness. Both figures represent an improved awareness of the need for policy relative to 2007, but they also suggest that the US is still outstripping the UK. In the UK, policy development is up only 10% in the last year compared to an increase of 30% in the US.  The fact that companies in both the US and the UK are improving their understanding of ESI is positive, and at the same time very necessary. However, given the financial crisis, litigation is, for some, an increasingly necessary option and all companies need to be prepared in order to meet obligations in terms of data disclosure. 


While more companies have an ESI readiness policy, there has been a marked decline in the number of organisations that included top executives in the policy’s creation and enforcement. This, paired with the fact that respondents believe the company’s top executives should bear responsibility if their policy is called into question during litigation or an investigation, represents a worrying disparity for organisations.   Furthermore, companies are increasingly looking to IT departments to shoulder some of the ESI burden.

So whilst companies are increasingly looking beyond the boardroom in developing strategy for ESI, there remains a belief that CEOs and board directors should ultimately be accountable for shaping policy and its implementation. This is particularly evidenced in the UK where 54% of companies say that their CEOs and board directors should be held accountable if their respective ESI policies result in governmental fines, court imposed sanctions or reputational damage. This is despite the fact that only 20% of UK companies allocate actual responsibility for policy development to such senior figures.

However, the shift in responsibility for development and enforcement can be seen to represent a more mature, collaborative approach to ESI and policy development. The undoubtedly complicated and technical nature of ESI requires increasing reliance on IT but a close alliance between legal and IT is also crucial to ensure ESI strategies are legally compliant, all-encompassing and feasible. But policy discussions should also include CEOs, so they are fully informed and supportive of the policy. When a policy is called into question is not the best time to play catch-up


The huge growth in the number of companies in the US who say they have an ESI policy has been driven by the introduction of the new Federal Rules of Civil Procedure a couple of years ago, which has led to a number of high profile cases.  Fewer companies have a policy in place in the UK and the number of organisations in the US with a policy is soaring ahead.  This can be attributed to the number of cases that people have read about in the US and the fines that were involved, particularly Morgan Stanley and Qualcomm.

What’s interesting is that last year a whole host of barriers to successfully executing ESI policies were cited by respondents. This year, one-third of companies claimed that a lack of time and resource was preventing them from implementing any ESI policy successfully.   

In the UK there are slightly different drivers. There have been fewer cases involving ESI, but companies will act when they see a threat from the regulators, or when they have faced a difficult case themselves and realise that they need to be better prepared.  In the UK, there has been a slower progression and this can be attributed to a lack of time and resources.  In-house counsel believe that the judiciary is becoming increasingly well-informed about the importance of ESI in dispute resolution.  In the UK there has also been a formal call by the Commercial Court for increased corporate responsibility in disclosure in an effort to control litigation costs.  Judges are talking about the need for companies to have clear policies in place to justify their actions – if documents are missing and there is no plausible explanation, the court will draw adverse inferences.

Challenges Ahead

Companies in both the US and the UK are making headway in developing policies to deal with ESI and that is clearly a positive development. Nevertheless a number of obstacles to an effective ESI strategy remain.

In 2007, the greatest concern in terms of ESI for companies was quite simply gaining the relevant information and education. The key challenge now for companies is dealing with the sheer volume of data, suggesting that, even in the face of obstacles, there is a far better appreciation of the significance of ESI and the issues surrounding it.

The issues surrounding ESI have assumed a higher priority on the business agenda as the financial crisis threatens to trigger legal actions.  With litigation and the amount of electronic data requested in discovery on the rise, and coupled with tightening corporate budgets and regulation, corporations cannot afford an ESI misstep. Putting a policy in place, ensuring the executive board is part of policy creation and enforcement, and understanding your digital data landscape are critically important to risk management for the foreseeable future.

Tracey Stretton is a legal consultant at Kroll Ontrack: