The biggest mistake companies make in developing a discovery process is seeking perfection. Companies strive to create the perfect policy, develop the perfect processes and purchase the perfect tool. They believe that defensibility both in court and in the eyes of regulators is achieved through saving all the right records for exactly the right time, finding all and only relevant documents and deleting older information immediately after its retention period expires.
The problem is that records retention policies and discovery processes as well as the technology tools to support them are inherently imperfect. Likewise, the interplay between the people, processes, tools and technology certainly is not perfect either. Nor does making one link in the chain of the process, such as a record retention schedule, even more "perfect" make the weaker links and the overall chain any stronger.
The good news is neither the courts nor regulators expect perfection. They expect reasonable, good faith efforts. Having a documented policy and procedure surrounding e-discovery response is important to demonstrating reasonableness, but only if a good faith effort is made to follow those procedures. If you are ever called to account for your discovery processes, be prepared to show that the procedures in place are reasonable given your company's litigation profile and circumstances of the particular matter. To date, most courts are willing to give a company the benefit of the doubt even if mistakes were made, as long as the company took reasonable steps to address the problem. Of course, "reasonable" may be in the eye of the beholder. Companies should look for industry benchmarks, or at least comparable industry examples and experience.
The more enlightened litigators understand that this is about risk management, not perfection. Litigation readiness programs should focus on the areas of highest risk and/or greatest opportunity to reduce risks with a reasonable investment of resources. Likewise, readiness and compliance programs should be calibrated against compliance requirements and a company's litigation profile.
Equally important is executing your policies consistently across the entire organization. Companies should take a comprehensive view of what documents and data they have, where these documents are, and then and map out clear, implementable steps for saving, preserving, producing and deleting this information. It is much better to have a simple records retention policy applied consistently than a complex, albeit seemingly perfect, policy no one follows. One Federal judge told me recently that she does not expect perfection, but she hates it when parties have a great policy but no way to execute it.
I have seen companies who strive for perfection, and having not achieved this hold off implementing their programs. They are always revising, updating, modifying - in perpetual design mode - but never actually launching into execution. The risk of course is that while still in design mode that the large litigation or regulatory inquiry arises, and having never executed companies are completely unprepared.
Don't let perfect be the enemy of good.