eDiscovery is a focus in numerous DCIG blog entries. DCIG analysts have previously examined what laws are prompting the need for companies to perform eDiscoveries, keys to selecting the right eDiscovery solution and why recent Wall Street scandals foretell the need for companies to prepare for expanded eDiscovery requirements going forward as more government regulations seem almost certain to emerge. But an eDiscovery request is not a task that a company necessarily needs to dread. Rather, by establishing and putting in place best practices and procedures now, an organization can take much of the uncertainty out of an eDiscovery request and even use the looming threat of eDiscovery requests as motivation to lower an organization’s cost of performing eDiscoveries.
A natural inclination of many organizations when first presented with a legal eDiscovery request is to quickly comply with the inquiry and seek to exonerate itself from any allegations of wrong doing. However if an eDiscovery occurs without an organization first having previously established internal and agreed-upon processes in place and then following them, an eDiscovery request ends up turning into a fire drill and leaves the company with no time to assess the information it has gathered. To help prevent this from occurring, here are some steps that an organization can take now to ensure it is appropriately prepared to respond to an eDiscovery request in the most efficient and effective ways possible:
Step 1 – Quantify exactly what information is requested in the eDiscovery request. About the worst thing an organization can do is immediately search their data repositories for requested information in an attempt to comply. Rather, an organization should first quantify exactly what information the requesting party needs. If the legal request only needs information from certain individuals or departments in the organization, it makes no sense to search for data in locations in the organization where it could not possibly be kept or from individuals who would never handle that information.
Step 2 – Create an intelligent data map. Organizations may have multiple types of data (files, emails, PSTs) stored in multiple types of content repositories (SharePoint, Documentum, Symantec Enterprise Vault) that reside in multiple locations (corporate data centers, laptops/desktops, remote offices). The trouble is, “How do you track it?” Mark Diamond, the CEO and President of Contoural, recently wrote an excellent article that explained how creating an intelligent data map of electronically stored information (ESI) may not only expedite searches for data within an organization but save enterprises hundreds of thousands of dollars in eDiscovery costs. In essence, a data map creates a layout or schematic of what your information landscape looks like. Aside from information about where the data is physically located, it includes:
- The names of the individuals responsible for managing the data
- The types of systems or applications that contain the data
- How data can be accessed in those specific data stores
- Who creates and manages the data retention policies.
Creating this data map takes the anxiety out of doing an eDiscovery as it helps an organization accurately and quickly pinpoint where the data resides which contributes to defining the scope of the eDiscovery.
Step 3 – Do an in-place analysis and review of the data. Once organizations know what data they need, leaving the data in-place (i.e. in its current location) expedites the eDiscovery in couple of ways. First, all of the data accessed and searched during the initial ediscovery may not be information that is needed to satisfy the terms of a particular eDiscovery so it makes no sense to move it. Second, it helps to preserve the integrity of the data. If all of the data is moved or copied to a secondary location, questions about the original permissions on the file can arise so by leaving it in its original location, an organization can avoid these issues.
Step 4 – Perform an early case assessment (ECA). This is a critical step in the eDiscovery process. At this point an organization can finally make an assessment based on the information it has gathered so far as to whether or not there is any merit in the pending litigation and how to best proceed. An organization can more thoroughly analyze the merits of the case as well as postulate some possible defenses. From this information, the organization can begin to quantify how much time and money it will cost to defend the case and weigh the pros and cons of defending the case versus mediating it.
Performing an ECA is only possible if an organization has its ESI house in order. The Federal Rules of Civil Procedure (FRCP) only provides an organization 60 – 90 days to respond to an eDiscovery request. So if an organization is consumed with locating and producing the ESI requested during this entire time period, the organization may never get to the point where it can do an ECA or, if it does perform one, the assessment may lead to the organization making an incomplete or inaccurate conclusion as to how to best proceed.
In part 2 of this two part series, I will take a look at what steps an organization should take in analyzing the data after the preliminary data is collected and preserved in order to best satisfy the terms of an eDiscovery request.