Electronically-stored information (ESI) and boards: the message to corporations is loud and clear: failure to adequately address the issues created by ESI is risky business.

• Author: Collins, Betsy P.

The likelihood of litigation or governmental regulatory investigations which entail large volumes of electronically-stored information (ESI) is a grim reality for most public companies, especially those in highly regulated or litigious industries such as insurance, finance, banking, pharmaceuticals, transportation, manufacturing, and energy. While many corporations focus on the spiraling legal costs associated with complying with discovery requests that entail massive quantities of ESI, the risks to corporations as well as their boards and executive officers are far more complex and the ramifications far greater than how to shave the law department's litigation budget.

[ILLUSTRATION OMITTED]

[ILLUSTRATION OMITTED]

Directors may tune out when they hear about ESI in the mistaken belief that it is all about discovery issues that should be handled by the law department. Over the last few years, however, several noteworthy cases have illustrated how a corporation's inability to effectively manage and retrieve ESI can lead to disastrous consequences including severe reputational damage, exorbitant jury verdicts, brutal monetary sanctions, large regulatory fines and even criminal penalties. When these consequences become material, the blame that follows tends to land on executive officers as well as the board.

Experts estimate that over 90% of new business records are created electronically, with 40% of those never even being printed on paper. Vast quantities of electronic information can be stored inexpensively. In the past, with hard documents, necessity forced companies to limit what they kept, but now a company can store a gigabyte of data--about 80,000 pages--for only about a dollar. Add to that equation the fact that some 247 billion e-mails are sent every day, on top of growing utilization of social networking sites such as Facebook and Twitter, handheld devices, home computers for company business, voicemail systems and the like, and it becomes easy to understand how daunting the task of managing electronically-stored data has become. Yet there is very little sympathy for corporate leaders when their organizations fail at this task.

Data management and information technology systems have become important risk factors for corporate boards. In particular, the audit committee, by virtue of its general oversight of internal controls and systems that might pose material risks to the company, should stay abreast of the company's data management...