eDiscovery 101

Information governance and data preservation are challenging systems to deploy given the rapid increase in data volume, types and locations in today’s marketplace.  However, it is something that should not be ignored because it can save millions of dollars and dramatically reduce the volume of data that is discoverable at any given time.   The key to an effective data defensibility program is participation and buy-in from all stakeholders; from the CEO down to Legal, Operations, IT and HR.  With the correct committee of people and a clear corporate mandate in place, it can (and should) be done.

In order to begin planning for a corporate-wide information governance program, there are a series of preliminary steps that should be undertaken:

1. Know Where All Your Data is Located

    

   While it seems like an obvious issue, it a not necessarily an easy task to perform.  Legacy data has been accumulating for years.  Systems have been partially replaced and satellite offices often have separate systems.  Very few companies have moved everything to the cloud.  Add to that the fact the increased number of new data types such as:  mobile, chat/messaging apps, cloud services, and social media postings, all of which require different approaches to preserve than “standard” email and document storage.  It is hard to get a handle on all the forms of communication in use by different divisions within a company, making identification and location the first logical steps.

    

2. Create a Strong Working Group

    

   You need to have management buy-in to the process so that plans can and will be executed.  You also need to gather the correct stakeholders together to make sure that no important steps are left out of the process.  Depending on the structure of your organization this should include at least the following: COO or Operations, Legal (including GC and general Litigation counsel), Project Manager, IT and usually HR.  Each member of the Working Group will bring a different perspective and knowledge base to the problem.  Collaboration results in a more complete solution and complete understanding of the importance they play in the overall strategy

    

3. Update Existing (or Create) Data Management Policies

    

   The only way that an organization can manage its data is to create detailed policies that make sense for your corporate mission.  A complete data management policy that includes the increasingly disparate sources of data will facilitate identification and subsequent collection of data types when the need arises. It will also identify data that can and should be eliminated from the systems.  Additionally, constantly updating the list of individuals with data responsibility and their email addresses will insure that litigation hold orders can be immediately implemented. A complete Data Management Policy will result in proactively controlling data before the need to collect and produce arises.  There will be less panic in the organization when a plan can be implemented that is familiar to all the players.  Make sure that all departments follow any data destruction policy that is written and implemented creating a defensible position with the courts moving forward.

    

4. Develop a Collection Plan 

    

   As part of the data management plan, making sure that a data collection plan has been created is key to successfully controlling data.  It is important that everyone be aware of any existing litigation holds that might impact collection as well as any other auditing/archiving/logging actions that are required by the organization.  Knowledge is power and creates efficiencies when executing an effective collection plan with the least amount of corporate disruption.  In fact, some content may already be retained/captured in usable formats, so reaching out to appropriate stakeholders within the organization may shortcut the entire process.

    

5. Understand the Scope of the Request 

    

   Spending some time evaluating the scope of the collection need beforethe plan is implemented is time well spent.  This evaluative process and pre-planning will result in efficiencies down the line.  Refrain from the impulse to “get started immediately” and make sure that the Working Group is involved in the scope evaluation.  Creating a list of exactly what is needed for a particular response would include decision points on items such as: how many disparate sources of data may need to be captured (email, data files, chat messaging apps, social media postings, mobile data, unstructured data and/or legacy content; custodians that require hold notifications, responsive date ranges, and perhaps most importantly responsive categories of documents.  Remember that courts are frowning on fishing expeditions that are too broad in scope and are requiring requesting parties to be more focused in their requests. Make sure the legal team reviews the plan before you get started.

    

6. Collection Execution 

    

   Every document request is different.  Sometimes it makes perfect sense to perform the collection using in-house staff (depending on the sophistication of the team), other times it might be more prudent to employ a third party to coordinate the collection, sometimes a hybrid approach is called for.  Determining what is at stake and the experience of your team will help guide this decision.  Regulatory or compliance litigation that has a focus on deleted information might require a “neutral” party to perform the collection in order to assure that defensible practices are used and eliminate potential liability issues.