James D. Shook, Esq., CIPP EMC eDiscovery Expert

In today’s economic environment, companies deploying new technology have to show not just that they will be better and faster, but also just how much faster and better so that they can justify the expense.  Part of the buying process frequently involves gathering data on how much it costs to handle a business process in the current environment, how much can be saved with improvements, and establishing that the savings will justify the cost of the improvement (and frequently, how long it will take to do so).  Most companies refer to this process with the shorthand acronym of “ROI” or “return on investment”.  (In financial circles, ROI is actually a more complex analysis, but it’s still a good acronym for our purposes).

For companies that are looking to bring more of their eDiscovery process in-house, the ROI process can be difficult.  While we intuitively know that we can save money and cut risk with a leading eDiscovery solution, it can be tough to show that quantitatively because financial information is usually not readily available.  Even within the legal department, the cost of eDiscovery is frequently not well-known.  Often, time and money spent on eDiscovery issues is buried with other tasks in time entries from outside counsel; internal costs are generally not tracked at all; and payments to third-party processes are passed through (or marked up) by outside counsel and difficult to locate.

The benefits can also be difficult to calculate.  For example, many companies have poor eDiscovery processes (what we term “Faux eDiscovery“), where they wrongly or negligently ignore data sources and/or sound eDiscovery processes.  Faux eDiscovery can actually be very inexpensive — the real “cost” is in the risk with being caught and sanctioned.  But risk is difficult to quantify.  The result is that some companies trying to improve their eDiscovery processes may actually find a negative ROI (i.e. we only spend $10,000 per litigation now but it will cost us $50,000 to do it right) because they fail to identify or quantify the real ROI — their reduction in risk by handling eDiscovery properly.

If you are putting together an ROI analysis for bringing eDiscovery in-house, here are a few things to consider:

The general statistics available about eDiscovery costs are startling.  It’s well-established that having legal professionals review data – one of the later steps in the eDiscovery process — is expensive, with $18,750 per gigabyte a well-accepted number.  (Gartner, Reducing the Cost and Risk of EDiscovery in 2009, 1/9/2009 at 6).  Over the last several years, the average cost of discovery per case ranged from $621,880 to $2,993,567 (Litigation Cost Survey at 3).  And as noted earlier, Gartner advised an IT eDiscovery budget of $500,000 for a modestly sized case.    (Gartner, Reducing the Cost and Risk of EDiscovery, at 5).

Cutting through the noise, Gartner notes that many companies report a full return on their investment in an eDiscovery solution within 3 to 6 months — or within a single large case.  (Gartner, Marketscope for E-Discovery Software Product Vendors, 12/21/2009 at 2).  While these high-level facts alone may not be enough to convince anyone who requires a detailed ROI, they can help to set the stage for acceptance and also tend to strike a nerve with many C-level executives.

Undertake basic investigation on costs.  Talk to the legal department about how many “cases” they handle in each month (or year), being sure to include internal investigations and employment claims, regulatory inquiries and other matters where data is being preserved, collected and/or processed — not just “lawsuits”.  Ask them if they have information about amounts paid to outside service providers (perhaps through their law firm) for eDiscovery services.  Also check with the people who handle backups and email within the IT department — since different groups within legal may be asking them for help, they may actually have the best view of this work, and could even have hired an outside vendor to handle some eDiscovery-related work.  IT wil generally know whether the company has had to purchase tape processing equipment, additional storage or other non-standard equipment to help the lawyers with eDiscovery.

Check on soft-costs, too.  Most IT departments are only too ready and able to tell someone (anyone!) how much time they have devoted to eDiscovery tasks.  Frequently groups of 2-3 staffers can be assigned full-time or better for weeks or months on a medium or large case.  Without a chargeback model, legal might not even be aware of the massive undertaking to help them.

You may only be able to gather information on a few cases.  In that scenario, try to figure out whether it’s legitimate to extend the information out across the full volume of cases:  were these cases representative of what’s happening?  Do our cases tend to be similar or repeatable?  Do I have a good sampel?  When detailed information is not available — and usually it’s not — your goal is to get an understanding of the magnitude of the spend, and not necessarily the exact dollar amount.

There are a variety of ways in which you can begin to assess the savings that an eDiscovery solution will bring to the company.  In many cases, after purchasing a solution the incremental costs fo reach case will be almost nothing.  The better systems will enable custodian notification, search, preservation, collection and processing within the platform, so that investigators can efficiently handle these tasks.  This is really the purpose of the ROI analysis — case-by-case handling costs should be very small, because the expense is up-front in the purchase and deployment of the solution.

One area where the savings can be significant, but still substantial, is with “eyes-on” legal review.  An efficiently deployed system will help to minimize the amount of data collected, processed and eventually reviewed; but the review volumes can still be large.  And the hourly costs of review will be the same (although you can get some savings from de-duplication, clustering, email threading, etc.).  Still, we routinely see 50%+ savings in review based on the reduction in volume for efficient collection and culling.

You may decide that risk is too difficult or political to calculate as part of the ROI.  Or you may decide that it’s a necessary component that you must include.  Both approaches can be effective.

If you decide not to calculate a specific value for risk, you should still consider some risk analysis as part of your process, even as merely a “plus” factor to your overall analysis.  In doing this, take note of recent cases where companies have paid sanctions, had their case compromised and/or faced a backlash in the press (and potentially from shareholders).  You may not have a value for that risk, but the message will resonate with management.

If you do calculate risk, consider a conservative approach and factor in the probability of a sanction.  For example, you might decide that a severe sanction would compromise your ability to effectively defend (or prosecute) a case, and a larger case can be worth $5,000,000.  If you estimate a 10% chance of being sanctioned, you could take the resulting product ($5,000,000 x 10% = $500,000) as a basis for your risk value.  Remember that this risk amount would apply to each such case; so while the risk amount for a sanction on a smaller case might seem low (let’s say $20,000), it would be applied over a far larger number of cases.  It adds up!

Also remember that sanctions costs can exceed the entire estimated value of a case.  There have been many cases where shoddy eDiscovery processes have resulted in expensive remediation efforts — legal fees in determining what went wrong and how to fix it (and fending off motions for sanctions), repeating earlier work or being forced to use extraordinary efforts such as tape restoration.  So even a $500,000 case with eDiscovery problems could easily require more than the case value to try to “fix”.  (And don’t let anyone argue that you could always just write a check to settle the case.  Opposing counsel may have valued the case at a higher value than you, and once they realize that you are in trouble, it could be tough to negotiate a fair settlement).

Sometimes a simple model is better.  We have used extremely complex ROI models that were spot-on, but difficult to explain, and ultimately were ignored. We have also seen very simple models — “an eDiscovery solution will save us 50% in review costs, and last year review costs were $5M” — that have carried the day.  Hopefully, as you work on your ROI project, you’ll uncover the method that will best establish your case.  Until then, consider using a scenario-based approach (small case, medium case, large case), develop your facts for each one, and extrapolate the costs across the volumes that you expect to see each year.

DISCOVER MORE

J. David Morris, EMC

All corporations need to find and manage content for litigation, compliance, and internal or regulatory investigations. Responding in a quick and cost-effective manner is directly related to how effectively an organization can identify and act on potentially responsive information. Today, most business communications and activities take place electronically; subsequently, the volume of electronically stored information (ESI) is growing exponentially. This information exists in a wide and ever-expanding variety of disparate systems and locations across the enterprise. Many of these sources are unmanaged, unorganized, and continually changing. As a result, the eDiscovery process—the identification, collection, preservation, processing, analysis, and review of potentially responsive ESI, can be an extremely time-consuming and costly endeavor if not properly planned for and managed.

The adage “Look Before You Leap” is a well known and a much heeded piece of advice.  It also applies to eDiscovery.  Performing analytics and an early case assessment can deliver valuable information on document volume, document type, repositories, custodians, document ownership, key date and timelines. With the insight provide by initial analytics and early case assessment, corporate attorneys can better determine litigation risk, legal strategy and eDiscovery scope, as well as litigation related expenses.  Initial analytics and early case assessment should be a standard part of a corporation’s eDiscovery processes.

Why? Realistically, the work must be done anyway, as the courts expect companies to be ready for litigation.  This includes having fluent knowledge of the IT infrastructure, content repositories and network architecture, so that the pretrial conference leads to consensus on what ESI is discoverable (FRCP 16).  Despite the legal necessity and overwhelming value, most corporations don’t conduct initial analytics or early case assessment before collection begins.

Corporations, more often than not, find themselves in a reactive eDiscovery situation, i.e. “Leap before You Look.”  After litigation is initiated, the legal clock starts (FRCP 26(a)(1)(c) & 26(f)) driving the eDiscovery timeline.  Due to the tight timelines and often lack of eDiscovery capability, legal and IT are faced with deploying eDiscovery capability, constructing policies and collecting relevant documents for the litigation proceedings all at the same time. The aforementioned tasks are each projects in and of themselves.  Trying to solve them all at once forces corporations to sub-optimize and over collect, which wastes time and money, as well as forces the corporation to accept more litigation risk than necessary ((FRCP Rule 26(b)(5)(B)… we have a clawbacks provision, but they aren’t a given.).

How can corporations avoid the “Leap before you Look” challenge and deploy the necessary capability to heed the “Look before you Leap” advice?  The answer is to deploy eDiscovery capability that delivers the ability to conduct initial analytics and early case assessment and construct your IT policies prior to the initiation of a litigation event.  According to Fulbright & Jaworski’s 6^th Annual Litigation Trends Survey Report, 89% of companies face litigation and 40% of the largest companies spend over $5M annually on litigation. So, it is not a question if you are going to have a lawsuit; it is only a question of when you are going to have a lawsuit and be forced to conform to FRCP16.

EMC SourceOne eDiscovery – Kazeon delivers a robust suite of capabilities across the Electronic Discovery Reference Model (EDRM) from information management, identification, preservation, collection, processing, review, analysis and production, as well as an initial analytics, early case assessment and legal hold capabilities.  The ERDM model below highlights Kazeon’s capabilities across the eDiscovery model:

EMC SourceOne eDiscovery – Kazeon capability model (see interactive EDRM):

EMC SourceOne eDiscovery - Kazeon EDRM+

Furthermore, Kazeon’s application connectors allow corporations to perform eDiscovery on the most common enterprise applications to deliver electronically stored information (ESI) no matter where it is in the enterprise.  EMC SourceOne eDiscovery – Kazeon delivers your corporation the capability to “Look before You Leap.”   To Discover more visit www.kazeon.com/discover.

About the Book:

Discover the process of e-discovery and put good practices in place.

Electronic information involved in a lawsuit requires a completely different process for management and archiving than paper information. With the recent change to Federal Rules of Civil Procedure making all lawsuits subject to e-discovery as soon as they are filed, it is more important than ever to make sure that good e-discovery practices are in place.

e-Discovery For Dummies is an ideal beginner resource for anyone looking to understand the rules and implications of e-discovery policy and procedures. This helpful guide introduces you to all the most important information for incorporating legal, technical, and judicial issues when dealing with the e-discovery process. You’ll learn the various risks and best practices for a company that is facing litigation and you’ll see how to develop an e-discovery strategy if a company does not already have one in place.

• E-discovery is the process by which electronically stored information sought, located, secured, preserved, searched, filtered, authenticated, and produced with the intent of using it as evidence
• Addresses the rules and process of e-discovery and the implications of not having good e-discovery practices in place
• Explains how to develop an e-discovery strategy if a company does not have one in place

e-Discovery For Dummies will help you discover the process and best practices of managing electronic information for lawsuits.

Learn about e-discovery rules, protections, and vulnerabilities

Here are the issues, challenges, strengths, and limitations of e-discovery in an easy-to-understand guide. Find out how to identify, protect, and produce electronically stored information, prepare for litigation, avoid tainting evidence, and much more. It’s a much better (and cheaper) way to learn about this hot legal issue than through experience!

• What happened — explore the legal changes that made e-discovery an issue and what they mean to you
• Your ESI IQ — get a comprehensive look at your electronically stored information (ESI) and how to manage it effectively
• Set up a team — assemble a team of employees from your IT and Legal departments and establish how to work together on important e-discovery projects
• Make a plan — identify potentially relevant ESI and how to comply with litigation holds
• Put the plan into action — preserve ESI, redact privileged info, and produce ESI in its native format, including metadata
• If you’re challenged — find out how to evaluate admissibility and document your evidence
• Be prepared — build an electronic records management program and policy and monitor compliance
• Call for backup — know when to bring in outside vendors and computer forensics specialists

Open the book and find:

• Why you can’t ignore e-discovery
• How to prepare for litigation
• Ten essential e-discovery rules
• How to create a data map
• What data to keep
• How to set up a document repository
• Suggestions for controlling your e-discovery costs
• How to review, process, and filter information

About the Authors:

Linda Volonino (PhD, MBA, CISSP, ACFE) entered the field of computer forensics and electronic evidence in 1998 with a PhD and MBA in information systems (IS). She’s been a guest lecturer on computer forensics and eDiscovery at the State University of New York Buffalo School of Law, and to attorneys and state Supreme Court justices as part of Continuing Legal Education (CLE). She’s a computer forensics investigator and e-discovery consultant with Robson Forensic, Inc. working for plaintiff and defense lawyers in civil and criminal cases. In addition to standard e-mail and e-document evidence, she’s consulted on cases involving electronically stored information (ESI) from social media sites and handheld devices as part of eDiscovery.

Linda’s coauthored Computer Forensics For Dummies and four textbooks: to on information technology, on on information security, and one on computer forensics. She’s published in academic, industry, and law journals on e-discovery and the need for electronic records management as part of pre-litigation readiness. She’s a senior editor on Information Systems Management and was Program Chair for the 2009 Conference on Digital Forensics, Security, and Law.

Ian J. Redpath holds a Bachelor’s degree from Hillsdale College, a JD from the University of Detroit, and an LLM from the University of Wisconsin. He has 34 years of experience in litigation and has been admitted to practice in the states of Michigan, Wisconsin, and New York as well as the Federal and Tax Courts. Ian is also a former prosecuting attorney. He has published numerous articles on contemporary issues and topics and coauthored several books.

Ian has taught American Jurisprudence at the University of Clermont-Ferrand School of Law in France and lectures regularly on American Law at prestigious MGIMO in Russia. He has extensive national and international experience in developing, writing, and presenting continuing education programs.

Currently, Ian is the principle in the Redpath Law Offices with offices in Buffalo and New York City where he specializes in criminal and civil litigation.

Click Here for the LegalTech Super Session Flyer

Andrew M. Cohen, Esq., VP & GM of EMC SourceOne eDiscovery - Kazeon

EMC SourceOne eDiscovery – Kazeon announces groundbreaking super session “The Ten eDiscovery Commandments: The Judges Speak” with noted guest speakers The Honorable Andrew J. Peck and The Honorable Frank Maas at LegalTech New York on Feb 2nd, 2010 at 9:00 a.m. in room SS1 on Concourse C.  CLE credit is available for this session; however, session attendance is limited.  Send an email to reserve your seat, email or register online at http://www.kazeon.com/newsroom2/legaltech.php.

“The rapidly evolving and highly fluid eDiscovery practice requires legal and technology professional to adapt to amendments in law, compliance, and technology surrounding electronically stored information (ESI).  We have found that there is often significant anxiety surrounding ESI for our corporate customers. They are looking for eDiscovery guidance and expertise.  Our session, “The Ten eDiscovery Commandments: The Judges Speak”, is structured to candidly deliver the Judges perspective on eDiscovery,” says Andrew M. Cohen, Esq., VP & GM of EMC SourceOne eDiscovery.  “For corporate counsel and attorneys, their  first eDiscovery experience is often during litigation, which is too late.  The Judges session delivers valuable insight into how cases are evaluated and summarizes the top eDiscovery missteps corporations should avoid.  For IT professionals, the Judges’ frankness will emphasize the legal viewpoint, underscore the value of ESI, and elaborate on eDiscovery implications of corporate IT policies. This sessions is truly a unique opportunity to gain autonomy by learning ESI best practices from the bench.”

Click Here for the LegalTech Super Session Flyer

t

Excerpt from Report:

EMC

EMC has revolutionized its position in the e-discovery market. In April 2009, with the release of SourceOne for archiving, with additional e-discovery management modules, the company made it clear that it was serious about the e-discovery and information governance markets. The recently closed acquisition of Kazeon to cover the identification, collection and legal-hold capabilities outside the archive will enable EMC to compete against the most capable vendors in the e- discovery market. EMC’s Documentum product family, which includes RM, is widely deployed in heavily regulated industries, the same industries most in need of end-to-end e-discovery capabilities. EMC’s acquisition of Kazeon is confirmation of the trend that e-discovery must become part of infrastructure vendors’ offerings, as enterprises seek short-term tactical solutions to their most pressing e-discovery issues, along with a longer-term strategy of better information governance. EMC has a solution that covers information management through processing and that allows for early case assessment. Along with its worldwide sales and marketing teams, which include a unique legal and technology sales team, EMC is now a formidable competitor in the e- discovery market. EMC is rated in “Magic Quadrant for E-Mail Active Archiving” and “Magic Quadrant for Enterprise Content Management,” Kazeon is rated in “Magic Quadrant for Information Access Technology,” and EMC’s RM product is covered in “MarketScope for Records Management.” EMC was not formally rated in last year’s MarketScope, while Kazeon was rated as Positive.

Rating: Positive.

Download the Full Report

5. EMC consumes eDiscovery partner Kazeon. EMC‘s other storage deal of 2009 was a small one – it bought Kazeon for an undisclosed price to try and boost its SourceOne compliance and eDiscovery platform. EMC used a combination of partners Clearwell Systems, Kazeon and StoredIQ Inc. when it launched SourceOne last April, but is now integrating Kazeon more deeply while phasing out the others after the September acquisition.

Read the full article

By Heidi Maher, Esq.

Heidi Maher, Esq. eDiscovery Expert

Corporate malfeasance is the cancer that if left undiagnosed and untreated can cause extreme problems or even death of an organization.  The best known treatment for cancer is early diagnosis, extraction of the cancerous cells and treatment via chemotherapy and/or radiation.  The approach is similar in the corporate sector.  An early diagnosis, extraction and treatment of a problem can effectively heal the cancer that has the potential to cause anything from monetary loss via regulatory fines and new requirements, to soiling of market place reputation and/or dissolution of a company, as in the case of Enron and Arthur Anderson.  This realization is perhaps why there is now a trend toward corporations hiring specialty attorneys who can help manage internal investigations.[1] Organizations have now come to realize that they have two alternatives: either they proactively root out the cause of the problem or someone else will.  The consequences of the latter are grim enough to justify a serious new emphasis on resources and tools needed for internal investigations.

Some of the events that drive internal investigations are:

1. Alleged employee malfeasance (theft of trade secrets and other criminal activity)
2. Whistleblower actions
3. More Board Member attention paid to alleged corporate misconduct
4. Audit committee members and directors wary of personal liability
5. Due diligence requirements during mergers and acquisitions

Internal investigations and audits tend to be more wide-spread in their span since often there is no “smoking gun”,  rather it is the internal investigations team proactively monitoring and managing company policy to ensure adherence. Since the majority of a company’s information is stored in an electronic format, this means corporate counsel and corporate security officers tasked with this job will potentially be forced to sift through terabytes of information on an on-going basis.  Since most internal investigations are conducted in a clandestine fashion, there is a need to rely on technology that can facilitate covert and highly efficient methods of identifying, analyzing, extracting and preserving valuable information from repositories of custodians or persons of interest.

The most important steps to an internal investigation are:

1. Collection – This must be done in an expeditious manner especially when dealing with electronically stored data (ESI).  This is to prevent situations where the employees and persons of interest become aware of the investigation.
   1. Targeted – Although most investigations necessitate a broad sweep, the actual collection of data will need to be very targeted.  It is burdensome enough for corporate counsel to deal with large data collections for civil litigation.  They do not want to add even more data to those collections due to various in-house investigations.  Over-collection adds to operational costs and creates a large pool of data, outside of the normal records retention policy, that could then be the subject of future litigation.
   2. Speed – Collection should be done before interviews of employees can commence.  This is to prevent tampering of volatile data by employees in anticipation of corrective action.
2. Preservation – Now that the data has been collected, there is a need for the data to be preserved in such a way as to minimize its impact on the current records retention policy.  In other words, a method that can extend the company’s traditional legal hold policies and retention capabilities all the way down to the data collected for the individual.  Since there are so many disparate sources of data, it can be a vastly different process to collect data from an email server than from a file share.  Having technology that can enforce legal hold policies into many different data sources can eliminate a lot of time and effort.
3. Security – Typically multiple parties are involved in an internal investigation: internal counsel, external counsel, internal auditor, security officer, executives, etc.  Each of these parties will need access to the preserved data set at different times.  The organization should have tools that allow flexibility of access and can change access authorization as needed.
4. Time to Assessment – Since internal investigations can be quite disruptive to the business of an organization, the goal is to reach a quick decision as to the next appropriate action: reprimand or termination of employee(s), self notification to regulatory body, hiring of specialty outside counsel, etc. Organizations have to put together the process and tools that can significantly decrease this time to resolution.
5. Defensibility – Although defensibility in an internal investigation is not as important as in a formal litigation hold situation, there is always the strong possibility that the same data will become pertinent to a lawsuit or outside investigation at a later date.  To this end, internal investigations should be conducted with an eye towards that possibility.  Therefore, having a forensically sound and reportable process that prevents alteration of metadata[2] or spoliation throughout the investigation process is essential.

Investigations can be taxing on an organization but technology can greatly aid in the process.  Having the ability to conduct efficient and thorough inspection of ESI via advanced analytics tools can uncover hidden meaning and criminal acts that previously would have gone unnoticed for years.  A recent example of this is when a prominent mortgage company in California, through extensive internal investigation of their financial and email data, was able to discover that several employees were part of an intricate money laundering scheme.  It was a situation that, if left unchecked, could have shuttered the doors of the company.  Instead, internal investigators were able to alert the appropriate authorities in time to maintain the company’s credit rating, prevent further loss and calm customer concerns.

Analytic tools provide a wealth of information that can jump start an investigation and provide the ability to quickly hone in towards the correct people and issues that need to be investigated.  Furthermore, for investigations involving electronic data “analysis must be done every step of the way.”[3] Analytics is indispensable in sifting through millions of pages of emails and documents in order and providing a greater understanding of the incident under investigation. Performing analysis before collection helps an investigator to do a targeted collection resulting in a quicker, more accurate process.  Analytics can also be utilized in internal company investigations to identify patterns of conduct. For instance, an investigator can use an analytics tool to search a set of emails sent within a nine month period involving a suspected employee.  A good tool provides graphs and threads showing who the individual corresponded with during that nine month period, and what was discussed. For example, should the resulting graph show that the employee began communicating with a third party at a competitor just prior to the incident at issue, the investigator could then direct the investigation accordingly. Visualization features of an analytics tool allow for quick identification of impending problems as well as potential stores of relevant data, thereby increasing the ability to mitigate damages.

A rich analytics engine is just one technological capability necessary for a good investigation tool. Other requirements include:

1. Scalability – The tool must not only be able to index large volumes across the enterprise but also have the ability to grow with the company’s electronic discovery and investigation needs.
2. Performance – A tool that had a proactive index is necessary to have almost instantaneous results to queries.  If a fileshare has to be re-crawled for each query, it will greatly slow down the investigation process. Since the entire goal of an investigation is to come to a resolution quickly, the tool has to be able to perform and complete each stage of the process very quickly.
3. Accuracy – For a successful investigation, accuracy is essential.  An organization cannot afford to miss relevant content in its internal investigation.  This could lead to a false sense of security or bad internal decisions.  Rest assured that outside investigators will catch what was missed.
4. Targeted collection – Having a robust analytics engine helps in targeting the right people and evidence, but the ability to actually collect disparate types of data across multiple repositories should exist within the tool.
5. Comprehensive legal hold – The tool must be able to preserve the data and its metadata by making a forensically sound copy and placing that copy on immutable hold.  This eliminates the “hold everything forever” philosophy that many companies have been forced to adopt due to the lack of an in-house electronic discovery solution.
6. Chain of Custody –A good investigation tool will need to provide a log and detailed report on every step of the process.  The value and integrity of the data depends on this proof.  Otherwise, there may be challenges to the data presented by your organizations,f which will be difficult to refute.

With these core technological competencies, a company will have the right approach in rooting out the cancer that can eventually invade even the most prestigious organizations.

“A well-run internal investigation can turn a potential corporate crisis into a valuable opportunity to enhance a company’s reputation.  It can also position a company to achieve a far better result in regard to potential liabilities and penalties…the key is to aggressively employ good judgment and proven resources.”[4]

[2] Metadata – also known as the “data about the data” or “embedded data”.  Includes information recording, among other things, when a document was created, last accessed, last modified and who created the document.

[3] Tom Gelbmann, Managing Director, Gelbmann & Associates

[4] George J. Terwillger III, White & Case, LLP, Internal Investigations, November 2007

Scandal, Suspicion and Conspiracy Theories aside, The White House experienced email and email archival issues that are all to common in today’s corporate environment.  From the Washington Post article, once the IT professionals noticed the email and email archival issue and brought it to the attention of ”policy makers”, they deemed it too expensive to restore the emails, even though it put The White House in clear and explicit violation of the law (sound familiar to anyone?).

What if The White House was a corporation? How would a judge have viewed the misleading statements and oversight of 22 million emails in a Civil Trial? How would the subsequent discovery of a priori knowledge of the email and email archival issue, as well as a detailed plan to correct the issue (which was never implemented), be viewed by a judge today? Given the sanctions in Qualcomm v. Broadcom, The White House, if held to today’s corporate standard, would have likely been the new poster child for what not to do in regards to eDiscovery best practices.

In view of the email debacle, Nixon’s 18 1/2 minute gap in the Watergate tapes seems rather minor.

-JDM

James D. Shook, Esq., CIPP

In this issue of eDiscovery StraightTalk, we interview James D. Shook, Esq., CIPP, a noted attorney, author, lecturer and a recognized eDiscovery and Compliance legal expert. SourceOne Kazeon asks the questions and Jim gives us the straight talk on what the challenges and issues are in eDiscovery deployments across the Fortune 500.

SourceOne Kazeon: In your experience, what are the top eDiscovery challenges that customers are experiencing today?

Shook: There are certainly a lot of challenges, and they vary greatly by customer.  But if I have to pick just a few….

While one might anticipate that the top challenge would be something complex — like what to do about Instant Messaging, transient data or even data in “the cloud” — the real winner is something very basic — the lack of good communication between IT and Legal departments on these issues.  Without those two groups working together in an open, efficient manner, very little meaningful progress can be made.

Another big challenge is just how difficult it is to translate legal principles to IT systems and vice-versa.  It’s one thing to talk about “preservation” of ESI as a legal principle, quite another to put that principle into practice in the real world, where that ESI is stored in so many repositories and can represent terabytes of data.

SourceOne Kazeon:Is eDiscovery a horizontal application or are their specific verticals which eDiscovery is more prevalent?

Shook: It seems like the Pareto principle (the 80-20 rule) applies even in eDiscovery.  So regardless of industry, 80% of the ESI resides in systems that tend to be common across companies — email, laptops, desktops, fileshares, content management systems, archives, etc.  The last 20% is where the differences tend to occur.  For example, in the healthcare industry, a lot of data tends to be tied up in proprietary clinic and patient systems.  In manufacturing, data is in ERP systems.  Whether that data is simple or difficult to access depends upon those systems.  But regardless, that seems to be where most of the differences reside.

SourceOne Kazeon: What areas are most often overlooked in the eDiscovery process?

Shook: The top overlooked issue relates to the timing of conducting a litigation hold.  It seems to be very rare that companies are actually preserving data within a short period time after they should “reasonably anticipate” litigation — whether that preservation is through actually locking down the data or just sending a proper notification to custodians.  I think this is an issue that courts will start to scrutinize more in the near future.

Another issue is one that I’ve written about before, which relates to companies handling eDiscovery on what they have determined is a “best efforts” basis.  Certainly reasonableness is part of the process, and the proportionality principle (that eDiscovery efforts / cost should be proportionate to the “value” of a case) will apply to limit eDiscovery requirements.  But I often see companies going much further. For example:  deciding that only email really matters in the eDiscovery process, completely ignoring other systems; or companies that rely solely upon their custodians to preserve and collect information, with almost no instruction or oversight on how that process should be performed.

SourceOne Kazeon:It seems that the Chain of Custody for ESI is much less understood than it is for physical evidence.  How do you see case law developing in that area with the technology advancements in eDiscovery?

Shook: The issues around authenticity and admissibility are very difficult, mainly because the rules of evidence tend to be difficult to understand in practice.  Surprisingly, this is an area where I think many people are doing great work.  Many people are familiar with “chain of custody” from criminal cases — from TV, movies or even books.  Many people do not realize that this issue in a criminal case is much more stringent than in a civil case.  So as they strive to meet requirements that are far in excess of what they really need, they tend to do a good job.  Also, the automated systems (like our Source One eDiscovery – Kazeon) build much of this process into the system, which will quickly make this a non-issue.

SourceOne Kazeon: What are critical issues that Corporate Counsel should consider in choosing a eDiscovery strategy?

Shook: I worry about how we will review and analyze the incredible amounts and variety of data that we’ll have in the next few years.  The data volumes are so incredible that we must have — and permit in the legal context — automated systems to help us handle the review and categorization of the data. The top issue is to make an informed, risk-adjusted decision on strategy.  There is a lot of risk and expense in the eDiscovery process.  However, if your company has minimal litigation exposure, those costs may not be meaningful to you, and old-fashioned manual processes may work well.  But gather the data, get informed, and weigh your risks with your costs.

SourceOne Kazeon: What are judges saying about eDiscovery?

Shook: One of the important issues relates to the cost of eDiscovery, and how that is (and will) affect access to the judicial process and the ability to try a case.  This high-level issue tends to drive a lot of sub-issues, such as the need for hands-on case management, the call for more cooperation among counsel, and other issues such as different ways to handle privilege review. The Sedona Conference’s Cooperation Proclamation is one activity in this area that has a lot of momentum and interest from the judges.

eDiscovery StraightTalk by James D. Shook, Esq.

We hope you have found this issue of eDiscovery StraightTalk insightful.  If you have questions that you would like to have answered, please submit them via email at david@kazeon.com.

Breaking News!

Celebrated author Malcolm Gladwell (The Tipping Point, blink!, and the new What the Dog Saw) will join Dr. Lisa Sanders, The New York Times’ amazing medical columnist, will join Thomson Reuters chief strategy officerDavid Craig, and vice president of West Government Services, Steve Rubley, for a panel discussion on Feb. 3, from 9 a.m. to 10 a.m. The title: “The New Convergence of Intelligence, Intuition, and Information.”

Gladwell and Sanders are two of my favorite authors, I can’t wait to hear them. (And if you haven’t bought it already, be sure to get the audio version of What the Dog Saw – Gladwell is one of the best storytellers alive. (Not every author can effectively read aloud his or her own works).

And the opening day keynote is also intriguing: Nobel LaureateMohamed ElBaradei, former director general of the United Nations International Atomic Energy Commission, will join Peter Warwick,president and CEO of Thomson Reuters Legal. They will explore “the dynamics of emerging nations, technology, infrastructure, and the role of international institutions in supportin the rule of law in an era of increasing regional instability.”

For registration information, please visit Legal Tech.

Photo credit: Brook Williams, from Gladwell.com.

December 8, 2009 in Breaking News, LTNY 2010 | Permalink