Taking back control of e-discovery

May 2021  |  SPECIAL REPORT: BUSINESS STRATEGY & OPERATIONS

Financier Worldwide Magazine

May 2021 Issue

The speed in which new information is created is a challenge for businesses around the world and results in data identification, collection, analysis and review complexities for legal professionals. IDC predicts that by 2025 the “global datasphere will grow from 33 Zettabytes (ZB) in 2018 to 175 ZB”. According to Taru Khurana, a marketing manager at Cisco: “If each Gigabyte in a Zettabyte were a brick, 258 Great Walls of China (made of 3,873,000,000 bricks) could be built.”

The sheer volume of global information makes it near impossible to tell a complete story about the data when investigating or supporting legal discovery. The purpose of this article is to provide the reader with an understanding of the convergence between information governance and e-discovery. While this is not a new topic, the growth of data means this convergence has evolved.

Enterprise data management is the first step in building a formidable information governance and e-discovery programme. The ability to measure this programme is critical to gaining data insights and containing cost. Investigations and litigation rely on a company’s information governance programme to readily identify, collect, analyse and review meaningful data. The cascading impact of an organisation that is unable to link information governance and e-discovery may result in increased risk and cost.

Therefore, revisiting the current state of information governance and e-discovery is not a futile exercise and could result in enhanced compliance. Peter Drucker, the famous author and management consultant, was often quoted as saying “you can’t manage what you can’t measure”. When it comes to enterprise data, the ability to manage the types and storage locations of data, along with access controls, will dictate the ability for legal, security, IT, compliance, human resources, internal audit and other teams to quantify risk and value. The insights gained by legal and compliance teams informs data protection, data collection and analysis while containing cost.

While most of the world is making fascinating advancements by leveraging technology, it is the legal profession that is lagging. Dev Stahlkopf, vice president and deputy general counsel at Microsoft, once stated, “the legal market and lawyers are incredibly slow at change and digital transformation... But legal cannot afford not to transform as the world around us goes digital... We cannot lag; we must scale to meet new demands, and we will need to leverage tech to this”.

Information governance and e-discovery programme transformation

Legal teams can follow certain steps to accelerate or transform their programme, as outlined below.

Understand data assets. The information governance reference model (IGRM) links duty and the value to information assets to drive efficient and effective management practices. Duty is considered the legal obligation, whereas value is the utility or business purpose of specific information and it is specific to each container of information. The IGRM provides a foundation for e-discovery and data protection programmes while allowing legal teams to make informed compliance decisions.

Using the IGRM as a framework, the organisation places information at the core of the discussion. Data assets should be identified and quantified to ensure that the records management practices align with legal and business responsibilities. If you do not understand what data you have, then it is harder to collect it, dispose of it, or protect it.

Another helpful step when evaluating data assets is to analyse the features and capabilities of technologies available throughout the enterprise. There is likely overlap throughout the organisation, which results in wasted time, energy and cost.

Identify high-risk data sets. Once an organisation gains an understanding of its enterprise digital footprint it is important to flag high-risk data sets, which typically include personal information, protected health information, payment card information and intellectual property. The benefit for the legal team to understand the locations in which this information resides will help to reduce discovery costs and reduce potential data leakage issues.

Additionally, the benefit of identifying high-risk data sets is that it provides intelligence for multiple teams, including: (i) compliance – the Health Insurance Portability and Accountability Act (HIPAA), the General Data Protection Regulation (GDPR) and the California Consumer Privacy Act (CCPA), among other privacy laws, require the development and management of data registers; (ii) legal – reducing the risk of overcollecting data that may not be relevant for the investigation or litigation, as well as providing a path forward as to what data may require redaction prior to producing these data sets to other parties; and (iii) security – encryption, anonymisation and pseudononymisation techniques can be applied and monitored.

Revisit policies and procedures. Policies, procedures and controls are foundational to providing transparency to organisational stakeholders and often help to reduce the risk of exposure and operating costs. For example, a company might employ technology that alerts the legal department when International Traffic in Arms Regulations (ITAR) data is sent to an unauthorised party, reducing the downstream e-discovery costs upon the violation. Tools like this should be outlined in user guides that have become an increasingly useful tool for communicating policies and procedures to end users. Upon revisiting policies, procedures and controls, user how-to guides provide an easy-to-use mechanism versus the arduous process of asking end users to read hundreds of pages of policies. The how-to guide should include an introduction and purpose of the document, the beliefs of the organisation, definitions and the necessary steps that an end user must follow.

Review data collection capabilities. In the US, lawyers are governed by the American Bar Association’s Rules of Professional Responsibility. Each of the states has adopted its own version of these rules. The very first rule, 1.1, discusses attorney competency. In particular, in order for an attorney to represent a client, she must be competent in the subject matter. In 2012, comment 8 of this rule was amended to state that competency extends to understanding the risks and benefits of relevant technology. Therefore, in-house counsel must gain an understanding of how, where and who collects data, types of data that can be collected, and Rule 1.6(c) states that a lawyer must avoid inadvertent disclosure during the discovery process. Lawyers that do not have this level of competency are unable to understand the risks and benefits of data collection technologies.

Using the electronic discovery reference model (EDRM), once the legal team knows or reasonably suspects that litigation may ensue, they must identify relevant data sets, place employees under legal hold, preserve the data, and then collect it for later processing, review and production. Data collection techniques have evolved over the last decade. Today it is less likely that you will only collect laptops or desktops, and more likely that the collection of mobile devices, cloud-based data sources, emails and databases will be required.

Standardise discovery practices. Organisations continue to evolve their e-discovery infrastructure by implementing dedicated e-discovery environments hosted in an enterprise cloud-based platform that is supported by a service-oriented managed services provider. The managed services organisation delivers reports that allow the organisation to make better business decisions, which ultimately drives the ability for the legal team to more efficiently and effectively review data. The moral of the story is to employ systems and teams that provide a solution that offers more than just an e-discovery platform. This allows for increased visibility, reduced duplication of data sets, as well as reduced risk and cost.

This has a multiplier effect when it comes to the business of e-discovery. First, it cuts down on outside counsel expenditures because the company’s e-discovery data is no longer distributed among several law firms and e-discovery providers. Second, this protects the corporation’s data better because the data is no longer spread out; it is all centralised within this dedicated environment. Third, and most importantly, it increases transparency. Just as it was noted at the beginning of this article regarding what needs to go right to govern a corporation’s information, so too is the same necessary and urgent to govern e-discovery data. Having the utmost transparency behind data allows legal professionals to focus on two very important areas: the substantive issues of law by being able to tell better stories about their data and managing the business of the legal department.

Data volumes are not getting any smaller and data creation is not slowing down. When it comes to e-discovery, the real digital transformation happens when there is seamless teamwork across disciplines combined with a trusted solution provider. When litigation, investigations or regulatory compliance matters occur, having business intelligence dashboards to deliver transparency to make better decisions allows companies to create a more secure and defensible approach to managing data while simultaneously empowering legal professionals to be more successful.

 

Daniel Gold is managing director of the e-discovery managed services practice at BDO. He can be contacted on +1 (314) 889 1106 or by email: dgold@bdo.com.

© Financier Worldwide

BY

Daniel Gold

BDO

©2001-2024 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.