Increases in the mobile workforce, litigation and adoption of cloud technologies have created a perfect storm for IT and InfoSec teams struggling to comply with sweeping eDiscovery requirements. eDiscovery refers to any process in which electronically stored information (ESI) is collected, secured, and searched with the intent of using it as evidence in an investigation or litigation.
With 75% of today’s workforce mobile and employees routinely using multiple devices, enterprise data now resides in a multitude of corporate and employee-controlled platforms, devices, and databases. At the same time, mobile workers have enthusiastically adopted cloud-based services in order to access, use, and sync data.
The problem? Vast repositories of data now live outside of corporate firewalls, invisible to IT. As businesses forsake outsourcing in favor of in-house eDiscovery, the limitations of enterprise IT portend a bumpy road ahead.
But it’s not a big deal . . . right?
So Sue Me: Legal Risks Hammer the Enterprise
Under the Federal Rules of Civil Procedure, a party to litigation is expected to preserve and as needed, provide ESI in its “possession, custody or control”. That’s all well and good, but what are the odds of a company having to do this? And at what cost?
The statistics are sobering. In 2014, 34 percent of companies faced at least one lawsuit with more than $20 million at issue. Likewise, 71 percent of companies in 2013 spent $1 million or more annually on litigation. Yet a survey by Deloitte found that only 51 percent of companies are confident they can preserve data on mobile devices. Worse yet, 58 percent of respondents do not even know if an eDiscovery plan exists for their cloud applications!
Mind the Gap: The Divide between Outsourced and In-House IT
Typical IT departments lack the resources, staff, and skills to answer to the Legal team’s eDiscovery needs, only contributing to costly outsourced services. On top of this, the legacy approach of collecting a device, imaging it and shipping the data or a stack of hard drives off to outside counsel is a costly process that does not scale well. Beyond this, the dispersion of data now makes this process ineffective, as much corporate information resides off the device in the cloud.
In Forrester’s 2013 Security Survey, 48 percent of legal and IT respondents report that understaffing drives them to outsource eDiscovery or governance activities; 33 percent of IT respondents cite a lack of in-house IT skills. But make no mistake: CIOs and IT decision-makers are hungry for change. In the Forrester study, 46 percent of organizations viewed eDiscovery as a “high” or “critical” priority in the coming year.
The good news is that eDiscovery affords IT new opportunities to prove their value within an organization. What issues should IT consider as their company transitions from an outsourced to in-house strategy?
6 Steps for In-House eDiscovery
To implement more effective eDiscovery workflows, IT’s approach must be both proactive and comprehensive to monitor and govern before the onset of litigation.
Key elements of this approach should include:
- Centralized governance processes to reduce complexity and increase visibility and control over today’s dispersed information environment from disparate data sources.
- Data visibility and audit trails to demonstrate a clear, unbroken chain of custody for responsive data, including all the touch points involved in the discovery process.
- A non-intrusive way to collect data from endpoints and cloud services without needlessly disrupting user productivity.
- Forensic-based collection to ensure legal admissibility and remove the risk of spoliation.
- The ability to place legal holds via an integrated platform that efficiently aggregates end-user data, no matter where it resides—including mobile devices, cloud applications, and third-party repositories.
- Integration with downstream eDiscovery solutions for analysis and review to streamline the handoff between systems, reducing manual intervention and lessening the chance of data being compromised.
If IT embraces the above tenets as it moves forward with eDiscovery, it can help phase out pricey outsourced services, reduce the risks and costs of litigation, and help the enterprise achieve greater ROI. Who can argue with that?
Learn how to build a comprehensive strategy for legal hold and eDiscovery data collection in our new white paper ‘Staying Ahead of the Curve: A Mobile & Cloud Data Strategy for Legal Hold and eDiscovery.’ Access it now.