So what guidelines should CIOs follow when they are looking at document retention and delivery? Rosenberg says first and foremost, they should expect to implement such systems only after close coordination with the company legal officers.

"They [CIOs] have to be careful about having a system that has more capacity than the legal officers really would want. That is, you don't want to be saving more than you have to save. For example on the metadata, if the legal requirement is to save the e-mail that went out, the question is why do you want a system that saves all the draft keystrokes rather than just the document that went out through the firewall?"

The medium by which e-mail is saved - and how immutable that medium is - is also important, because some regulators set standards for such matters.

The other issue for CIOs highlighted by the Morgan Stanley case is that there was clearly misunderstanding or worse between the lawyers from Morgan Stanley and their technology and information people, Rosenberg says. CIOs and lawyers alike must work on being able to better understand each other when both technology and law are involved in defending an issue at litigation. That is hard, he admits, because not many lawyers understand technology issues fully, and not many CIOs take at face value what the lawyers say. Lawyers see things in black and white, while technology people spend their days doing workarounds, approximations and estimations - things that make sense technologically, but do little to serve the corporate interest when matters of law are the issue.

"I think it's very important for CIOs and lawyers to stay in close and frequent contact," Rosenberg says. "I also think that there is a new trend in legal departments, which is to hire legal employees who are technology savvy and who are responsible for document issues and for trying to avoid getting into situations like Morgan Stanley did."

CIOs should welcome the trend, if only to reduce the chances of anyone ever saying to them: "I'll see you in court."

SIDEBAR: An Ounce of Prevention

The needs for evidence disclosure are very different from those of data or disaster recovery that most IT departments have in place. Now would be a good time to find out what your legal obligations might be. You should meet with your legal department, and to get the ball rolling in your conversation, here are five crucial questions you might want to ask:

• What is our document-retention policy and how does that fit with current judicial expectations?

• What are some of the potential liabilities to our company if we lose a case involving a large electronic discovery?

• How strict are court-initiated deadlines?

• What is spoliation, and how do I avoid it?

• Why do I need to know what's in the data?

First, whatever your document-retention policy may be, it can be overridden by legal action, or even the prospect of legal action. In some cases, companies have been sanctioned for destroying documents, even though the destruction was consistent with a document-retention policy. One ruling stated that the company could reasonably have anticipated that the documents could be relevant to a lawsuit that was clearly foreseeable, even though no suit had yet been launched. Under those circumstances, the documents should have been preserved, whatever the document-retention policy might have said.

Second, keep in mind that the stakes in litigation can be enormous, far exceeding the cost of the related legal and IT fees. Not every case results in a billion-dollar verdict but, depending on the issue, your organization could certainly suffer a significant financial impact. Being a party to a major lawsuit can also affect business processes and share price. The more efficiently and effectively you deal with gathering and analyzing the evidence, the sooner such impacts will be eliminated. It's even possible that corporate officers or employees could be facing the prospect of jail time. Gathering the evidence isn't something you want to get wrong.

Missing a court deadline, depending on the nature of the case, could result in a fine of up to seven figures for each day you are late in providing required evidence. Although you may think of the legal system as slow, deadlines can be very aggressive. These deadlines are made even tighter because attorneys often wait to start a discovery project until they have tried to do everything they can to get the case settled or dismissed. In addition, there is always the added risk that a judge will interpret any delays as deliberate and assume that you're putting off delivering the data because you have something to hide.

You need to especially avoid spoliation, which is defined as "the destruction, alteration or mutilation of evidence". It's important that the procedures followed for collecting electronic evidence are meticulous and meet appropriate standards. The data must be collected without being spoiled or altered, and someone must be able to attest to the chain of custody, showing how the evidence was collected and kept safe and unaltered from first to last. This in itself is a very good reason for using an outside vendor that's experienced in collection of evidence. Third parties are also less likely to be accused of having a vested interest in what they find or fail to find or of tampering with the evidence.

Finally, it's not enough to simply locate all of the requested files. You must know what's in them. You must weed out documents that need not be handed over. Any e-mail message containing legal advice from an attorney, for example, is likely to be "privileged" and need not be provided. Doing so could be very damaging. You also need to have a good understanding of the content in the documents you hand over so your legal team can prepare the best possible legal strategy.