Close this search box.

Legal risk management requires a corporate strategy, mindset and commitment

Synopsis Part 1: Legal risk management requires a corporate strategy, mindset and commitment.

Electronic data discovery Interview – Stephen “Steve” Whetstone, Esq., Vice President, Client Development and Strategy; public presenter and evangelist for Stratify, a division of Iron Mountain Digital (NYSE:IRM) .(Part 1 of 3)

Stephen was a litigation partner at Testa Hurwitz & Thibeault, LLP, one of Boston’s largest law firms, where for 11 years he represented clients in securities class actions, government and internal investigations, patent and intellectual property matters, and other complex commercial litigation. Before joining Testa, Stephen was a litigator at Skadden Arps.

By Joshua Konkle writing for

Joshua Konkle: In your work with corporate legal counsel how do you help them synchronize their policies and their IT, what is the mood of legal counsel out there?

Steve Whetstone: The challenge for F1000 is that they often don’t have breathing room to put considered and comprehensive document management plans in place.  Instead, they are immersed in multiple litigations, so they don’t have the benefit of waiting for the calm.  They are thinking about it against the backdrop of multiple litigations.  But, to do it effectively, the right combination of IT, legal and compliance must sit at the table. That team should agree on synchronizing goals, resources and time lines with a top down mandate from a President, CEO or CIO and Chief Security Officer.

Joshua Konkle: Steve, there seems to be a disconnect with respect to retention policies as written by legal counsel, technology capability and IT resources to implement.  What is kind of experience do you have as an discovery services provider?

Steve Whetstone: There are one of four quadrants that a company can fall into based on a y-axis of cost and an x-axis of complexity.

  • Y = number & criticality of controversies (litigations & investigations)
  • X = complexity of IT systems (by Electronically Stored Information (ESI) volume, data type and location)

Depending on where the company falls on the quadrant will affect how they implement policies.  Companies that find themselves in the upper right hand quadrant (lots of controversies in highly regulated industries with lots of data/data types spread about computers around country/world) are at high risk and should work especially hard to put meaningful document management systems in place and spend the necessary dollars to do so

Companies that find themselves in the lower left hand quadrant (fewer controversies and smaller amounts of data/types in a small number of locations) are at much lower risk and may not want/need to spend much time or $$$ fortifying against controversies that may never arise (and if/when they do, ESI management may be relatively easy to handle if basic policies and practices are in place).

Companies that find themselves in the upper left or lower right hand quadrants should strive to find the elusive, middle ground.  Of course, a company’s risk-profile can change, and so it is important to re-assess periodically.

For example, if a company is at low risk of litigation or investigation, and has a relatively simple IT infrastructure, it likely will not want to throw large sums of money building out detailed data management policies.  Instead, it may opt for a simpler routine data management plan and an aggressive litigation hold policy when the duty to preserve arises.  That should be sufficient.  Conversely, if a company is a serial litigant and has a complex, varied and distributed IT infrastructure, it should devote the necessary funds and resources (human and machine) to develop and draft a detailed document management and litigation hold plan so that when the inevitable controversy arises it can pounce.

Part 2 and 3 of DCIGs interview with Mr. Stephen “Steve” Whetstone will appear later this month.

If you would like to communicate with him directly, he can be reached at swhetstone (at) or in his Boston, MA office at 617-330-2828.

DCIG, Inc publishes weekly interviews with legal professionals; click here for more eDiscovery interviews or sign up for the feed.


Click Here to Signup for the DCIG Newsletter!


DCIG Newsletter Signup

Thank you for your interest in DCIG research and analysis.

Please sign up for the free DCIG Newsletter to have new analysis delivered to your inbox each week.