At some point, your Legal department is going to come to IT asking for help with an eDiscovery project due to pending litigation. Ideally, that request arrives before the business is under fire for a publicly reported problem. Here’s how — and especially when — the IT department should get involved to spearhead an eDiscovery project.
Every IT organization — no matter the size — struggles to manage its data. After all, content management is a huge portion of what IT does — which also extends to analyzing, organizing, and protecting that data.
A unique challenge arises when the corporate Legal department needs data relevant to a case, an investigation, or an anticipated litigation. This may include creating a legal hold (requiring that data of affected employees be preserved, who in some cases may not know that they’re under investigation) and otherwise collecting and electronically sifting through corporate data (or Electronically Stored Information (ESI), in legal parlance).
Since for many companies the act of preservation is an extraordinary event, IT departments are mostly unprepared to give the Legal department what it needs before it asks for it. Legal personnel are apt to ask for help only when the project is an emergency; and, as with other departmental use cases, they know more about their problem than they do about the technology, process, and workflow best suited to address it.
We’ve found that enterprise organizations look for e-Discovery solutions in one of two situations:
As with any project, it’s always better to solve a problem without the loud accompaniment of an urgent emergency. But we humans don’t always respond that way; sometimes it takes a bad experience to suggest preventative action.
Let’s look at an example of the first situation. Years ago, a large chemical company was challenged by how much of its information was spreading through different systems within the organization. Like most chemical companies, it had a lot of ongoing and pending litigation, including matters that lasted 10 or 20 years, maybe longer.
For this company, managing data was a big struggle, especially in the scope of legal matters. In this case, the company shared a common challenge among many enterprises, information stowed away in various content management systems. New content management systems (like SharePoint) were springing up across the company without anyone actually managing their adoption.
To add to the challenge, eDiscovery was a manually intensive process. The staff had to copy hard drives and ship the drives to their law firm to cull through all that data. You can only imagine how much more complicated their environment became with the proliferation of mobile devices and laptops.
For this chemical company, the tipping point for adopting technology to better access all those enterprise systems and track all that data was the increase in litigation and eDiscovery needs, as well as the increasing costs and risks to the business due to being in a heavily regulated industry. At some point, the cost of the status quo — of not planning ahead and adopting a long-term solution — was more risky than trying a new approach. In this case, the path that led to an eventual eDiscovery technology implementation was a difficult (and costly) one.
The better way to spur an organization to consider eDiscovery technologies without it leaving scars is to learn from other’s mistake. When we see a news story or hear industry gossip and think, “That could have been us!” it can and should be inspiration to take action before it is us.
However, in reality, when an IT department is caught off-guard with a lawsuit or internal investigation, it needs to act quickly. In these cases, organizations have two options. They can attempt to manage the process on their own; typically that is very arduous and risky without staff who have prior experience. Or, more often, they engage an outside consultant or third party to come in and step through the forensics, collection, and preservation process. Doing so means throwing tons of money at the problem. Over time, it puts a lot of pressure on these organizations to figure out another route. They consider: How do we become more efficient? Where do we streamline, so we’re not hemorrhaging all this cash?
The most obvious reason to implement eDiscovery technology is the cost savings measured by your company’s dollars – and time. The Legal department’s main job is to mitigate risk, so it’s always weighing how much a thing’s is going to cost versus the chances of it costing the organization more if something adverse happens. Some large enterprises spend $20 million – and up – in yearly expenses on e-Discovery. Our reading suggests that the average company, an average middle-to-large corporation, spends $3-5 million a year. That is, if they even break out how much money they’re spending on eDiscovery. As Inside Counsel reported a few years ago:
Many eDiscovery costs are buried within individual matters, and little effort is made to identify the total eDiscovery costs separately from overall litigation spend, or use total spend to negotiate better rates with providers. One large corporation spent more than $50 million on litigation last year, and was surprised to learn that $26 million was spent on eDiscovery alone—everyone had thought the number was much less.
The eDiscovery expense is growing, as is the amount of litigation that a large company goes through. Even though most litigation settles before going to court, the expense of collecting data so that the matter doesn’t go to court is considerable.
Anything the organization can do upfront, before the law firm sees the data – to identify content, to understand it better, or to cull it down – saves money and, incidentally, time. It can also help the organization understand the legal risks earlier to determine the best strategy for the company in regards to the legal matter. Legal departments (and the IT departments who serve them) don’t want to hand over a huge amount of information to a law firm to have them go through the review process; that’s the most expensive portion of the equation.
Beyond the dollar costs, there is the fact that the process of outsourcing data collection means an enterprise is not going through the whole information management data hygiene process itself. It is paying someone else for classifying data, cleaning it up well enough to discover what’s there, and learning what they can do with it. You’re outsourcing corporate knowledge that might help the business and the insights do not propagate back into the organizations approach and methodology.
By planning for eDiscovery up front, IT and Legal can talk about the issues before they face an emergency. This helps the organization pay attention to industry trends out in the marketplace to keep abreast of what’s happening from a legal standpoint and how those rules are being interpreted. For example, if there is a large lawsuit in a related vertical market, this can give companies visibility into the ways their business might be affected, which bring the issues a little closer to home. Once that information is out there, then the C-level execs and other company personnel have an obligation to understand what caused that event, and why it went a certain way.
Another example is keeping up with the federal rules of civil procedure that basically dictate how discovery is supposed to happen, both with paper documents and with ESI. If an organizations’ employees are busy doing their daily activities, they often don’t realize the rules are in place on how you’re supposed to handle a discovery situation, as well as the case law that applies those rules to each situation. For example, preserving text messages. [citation: Small v. Univ. Med. Ctr. of S. Nev., 2014 U.S. Dist. LEXIS 114406 (D. Nev. Aug. 18, 2014)]
Closer ownership of eDiscovery allows organizations to come up to speed on what’s possible to accomplish, both as a matter of business workflow and as a technology problem to be solved. They can get an overview of the technology (such as what each feature provides and how it can help them), put a plan in place that they can implement, get a reasonable budget without barging into a board meeting, train personnel, and bring the right people into the process. This also enables the plan to encompass the non-financial and legal matters, such as the wisdom hidden in its own data.
As we’ve learned from working with companies implementing eDiscovery solutions, it’s much more advantageous for a business to take a proactive approach to eDiscovery than a reactive one. A reactive approach is fraught with unseen expense and risk, while a proactive stance gives you the opportunity to side step those two issues significantly.
We’re interested in hearing your experiences. Are you reactive or proactive when it comes to planning for eventual eDiscovery needs? Share your comments below.
Find out more about how AccessData and Druva partner to offer a comprehensive approach to eDiscovery. Download the Partner Brief.
Interested in specific recommendations for eDiscovery and governance in the era of mobile and device proliferation? Download the recent Forrester report now.