Gartner Blog Network

Legal and IT Are Still Not Communicating

by Debra Logan  |  May 6, 2009  |  5 Comments

 Being an analyst is a funny old thing.  I’ve been talking about e-Discovery for a few years now and so much of what I said and wrote for Gartner at the beginning of the current e-Discovery hype seems very old news indeed.  One of our cardinal pieces of advice is that in matters of data retention, information management policy and particularly e-discovery, that lawyers and IT both had a role to play.  The two groups needed to talk to each other.  From that, Good Things would flow.  Surely I thought, they must all know they need each other by now.  Time to move on.


Not so much.  At last weeks’ Governance Risk and Compliance Summit in Chicago, I learned that there are still many IT types being handed instructions like, ‘Keep all the responsive data’, ‘Data retention policy is your job because data management is your job’, ‘Its up to YOU to create an e-mail usage policy’.  Because the dialog has started, at least among our clients, I also had a chance to hear it from the lawyer’s point of view. 

They are being told things like “Well, we ran the searches you asked for with the keywords you asked for and we got 10 million hits.  They’re here:  c:/lawyer_archive/XYZ-SNAST4.6.27.9/that_ought_to_keep_you_troublemakers_busy_for_a_while.  Let us know if you need any help.” 


Those aren’t dialogs, they are a lazy cop-outs and/or a grave lack of understanding of what really needs to happen.  I used the word grave with intent.  Not understanding technology is becoming a handicap for lawyers and indeed at least one high profile Magistrate Judge has stated that lawyers need to understand technology to do their jobs.  Electronically stored information is now the predominate form of business record.  Lawyers (partners, not junior associate spear carrying types) who know this area stress the need for involvement from senior litigators, because e-Discovery is can often be a strategic issue in preparing a case.


 In dealing with e-Discovery, retention and policy issues, our cardinal piece of advice remains to set up an on-going dialog with one another:  legal and IT. Hey, you might even want to include those much maligned but sadly necessary ‘business users’ at some point. Many companies do already do this, don’t get me wrong, and we are seeing the creation of more positions that are liaison positions, permanent links between the two groups.    But there is still a long way to go.


Here’s some do-it-yourself advice if you need it, particularly if you are from IT and are feeling overwhelmed with the tasks you may be being given to do around e-Discovery. 


Begin by familiarizing yourself with the e-Discovery Reference Model (  You can read all about it there, but I use it to explain the process to IT clients and demonstrate to the lawyers which technology can be used for what part of the process.  The EDRM is vendor neutral, the steps are explained in a wiki on the site, and it really does  help to clarify and explicate the issues.  There are Those Who Say that the model is too simple and doesn’t include things like ‘early case assessment’ (ignore this if you are a novice.)  But we still find it very useful, despite its relative simplicity, and those that do the most complaining are the vendors that can’t sell what they have based on the model.  Simple explanations are always the best, IMHO, and if something cannot be explained simply, then the person doing the explaining doesn’t really understand what they are talking about in the first place.  Either that or they are trying to confuse you into a panic-y state to soften you up for something, usually signing a contract.


So, I will continue to repeat myself, even though I feel I must be boring everyone into a stupor.  My advice does meet my own criteria after all, in being simple:  go knock on the door of your inside counsel and start a dialog.  If you are a lawyer, don’t expect your IT partners to understand what you are talking about when you say ‘Save responsive documents’.  If you do, don’t be surprised when they then complain that the ‘litigation hold policy’ is costing them too much and taking too much of their time.  It is not reasonable to ask them to do this:  storage of electronic information is NOT cheap, despite any rumours you may have heard.  Neither legal or IT should return to their respective tribal habitats until both sides are sure they understand what is being said.  House counsel and in-house IT are on the same side.  Indeed, according to The Sedona Collaboration Proclamation(, you should even be co-operating with your adversaries, on discovery issues anyway, and save the fighting for the substantive issues of the case.  See?  I can speak a bit of Lawyer.


The evidence from the conference is clear.  Two and a half years after the changes to the Rules of Civil Procedure, the respective responsibilities of legal and IT still are not being carried out by many because they don’t understand them.  Only dialog between legal and IT will change that.

Additional Resources

View Free, Relevant Gartner Research

Gartner's research helps you cut through the complexity and deliver the knowledge you need to make the right decisions quickly, and with confidence.

Read Free Gartner Research


Tags: e-discovery  edrm  legal  the-sedona-conference  

Debra Logan
Research VP
5 years at Gartner
25 years IT industry

Roles and Responsibilities Debra Logan is a vice president in Gartner Research. She covers enterprise content management, records management, knowledge management and worker productivity, intellectual capital, and intellectual property topics and compliance as related to documentation... Read Full Bio

Thoughts on Legal and IT Are Still Not Communicating

  1. Unfortunately, the communications gap between “tech” and “suit” is not a new story. The solution remains the same: each needs to learn what they other’s mandate is, and what the other’s *limitations* are. Until more attorneys understand what *can* be done, and IT professionals understand what *must* be done, many organizations are doomed to run into this problem. Ironically, both good lawyers and good IT pros often do essentially the same tasks: troubleshooting, risk assessment and management.

    I will note that, in a modest way, the program I direct (the Institute for Business, Law and Technology at Touro Law Center on Long Island) is facing this challenge head on. Law students in our Cyberlaw, Cybercrime, Privacy and other courses and our Business Technology Law Externship are taught not only what the law is, but as much as possible about how the technology works, and reminded frequently that while it’s easier and safer for a lawyer to say “no,” the clients need lawyers to say “yes, and here’s how” whenever possible, saving the “no” for the true illegalities. We also do a great deal of outreach to the technology business community with real-world information about the laws and rules they must address, dispelling myths and teaching best practices. The goal is to make everyone better risk managers for technology-enabled organizations, and to break down the barriers that this piece highlights.

  2. Debra Logan says:

    Jonathan thanks for this.

    My position is that this historic gap between ‘IT’ and ‘Business’ must be closed, somehow. In fact, Gartner has been saying ithat for while now, and not just in legal. I am complete agreement with what you say in your post. The way it plays out is specific to the organization or kind of work being done. – Gartner research is dedicated to finding this out and writing about it on an industry by industry and role by role basis. I don’t feel as if we need to ask ourselves that question in this domain. I firmly believe when it comes to e-discovery, data retention, privacy and compliance that only deep understanding and academic training will suffice. The domains are too complex and the risks of getting it wrong are too high.

    We clearnly need a whole new kind of job role, too, not IT security collecting evidence and throwing it over the wall and lawyers sifting through hugh piles of STUFF to find what they want and complaining that technology is not up to the job – it isn’t. But they also need to realize that Technology Alone Will Never Solve this problem. The perfect search and collection tool does not exist and it won’t. Technology must be brought to bear, but its not going to make the problem go away. If you’re holding out for that, you might as well stop and start addressing the problem now with the (sometimes very good but never perfect or complete) tools that exist now.

    Your program seems to address the need for training, both deep academic training and a source of advice for current practitioners.

    Its great to hear about another program like yours, because we only know of a very few that are addressing this issue head on. I will certainly add it to my list of places where our clients can turn to get this expertise and training. Keep us updated on your efforts.

  3. Nick Mehta says:

    Hi Debra,

    Excellent post. I too have been in this space for a while now (5 years I guess – wow time flies 🙂 ) and it’s amazing to me how this conversation is the same one we were having years ago. Things have definitely progressed and I see lawyers becoming much more savvy about technology. But the process is slow.

    Beyond that, however, I’m also struck at how different the incentives for IT and legal can end up being. Both jobs are about mitigating risk but different kinds of risk. While lawyers are charged with the corporate legal/compliance risk, IT has a very nuanced job. Technically, they are supposed to do fun things like “enable business value” and “reduce TCO” when in reality most IT people are just trying to prevent their users and/or management from yelling at them. Seriously, I have a lot of empathy for IT staff because it’s a thankless job.

    Case in point – legal may want to enforce a shorter retention period to reduce company risk and IT may be totally on board (storage savings), yet may end up getting the end around at the 11th hour from some senior exec who decides “that retention policy is fine for everyone else… but you’re not taking away MY PST files!”

    Anyways, your post was very provocative!

    More at

  4. Debra, great post (again) it is the2nd one of yours that I will be sending around to all my clients.

    It was as if you were eavesdropping on our group at the EDRM last week where we were this very subject came up numerous times in numerous interviews with both IT staff and attorneys.

    I sense it is beginning to change but it is in large part due to folks like you and EDRM & Sedona who shine a light on this subject.

    Keep up the great work!


  5. Hey Debra, Great minds must think alike.

    Over the past two months we published a four part series of free white papers on the “Disconnect between Legal and IT Teams” that educates and stimulates conversations between these groups. We covered an overview of what each side doesn’t know about each other, email retention concepts and pitfalls, sample email policies, and why manual archiving just doesn’t cut it.

    We’ve received way above average response from legal staff (inside and outside counsel) who are getting educated on ESI. IT managers and technicians are passing our white papers up to “C” level managers so they can see the issues from both sides.

    The debate rages on. Judge Facciola took the the legal profession to task on ESI at LegalTech in New York this year. He even advocated the “certification” of lawyers on ability to understand technology.

    Keep up the good work. There are voices listening.

    Here’s a link:

Comments are closed

Comments or opinions expressed on this blog are those of the individual contributors only, and do not necessarily represent the views of Gartner, Inc. or its management. Readers may copy and redistribute blog postings on other blogs, or otherwise for private, non-commercial or journalistic purposes, with attribution to Gartner. This content may not be used for any other purposes in any other formats or media. The content on this blog is provided on an "as-is" basis. Gartner shall not be liable for any damages whatsoever arising out of the content or use of this blog.