Companies are now on the hook to retain a broader range of digital data than before

Companies that do not keep close tabs on PDAs, instant message conversations and other forms of electronic data may soon be in for a nasty surprise, should they find themselves in court. As of December 1, 2006, new guidelines, called the Federal Rules of Civil Procedure, go into effect. The rules, set by the U.S. Supreme Court, expand the types of electronically stored information that companies could be required to produce in a lawsuit.

That means companies will now be on the hook to retain and produce a broader range of digital data than before. Flash drives, voice-mail systems and instant message archives will all be added to the mix.

According to a recent online survey, executives are ill-prepared for the new rules: In a November study by Deloitte Financial Advisory Services, almost 70 percent of respondents said they require more training on their own corporate record retention policies and procedures (and this in an audience including many CFOs, tax directors, finance directors, attorneys and controllers). Deloitte says the time is ripe to examine your data retention strategy.

One way that enterprise IT can prevent surprises under the new rules is by more thorough auditing. Take instant messaging: According to a 2006 study by the American Management Association and the ePolicy Institute, more than half of those who use free IM software at work say that their employers have no idea what they're up to.

For most companies, the biggest worries stemming from the use of undisciplined instant messaging will be skyrocketing costs and lost productivity during discovery, says Jeffrey Ritter, cofounder of Waters Edge Consulting, an information management consultancy based in Reston, Va. "The burden facing companies is cost containment," he says.

Companies can get into real trouble when the CIO, general counsel and records manager are not on the same page, Ritter adds. "The most significant challenge for many companies is the lack of a teamed approach to evaluating the risk."