Electronic Discovery: An Introduction
Electronic discovery is a process in which electronically stored information (ESI) is captured, collected and preserved for the intent of being used as evidence in a lawsuit, audit or investigation. The term can also be used when data is retrieved for regulatory compliance, HR inquiries, proof of client communications and other similar corporate needs. Ediscovery is a vital part of legal compliance when legal proceedings or regulatory bodies demand that parties in a dispute provide data as evidence in court.
Electronically stored information accounts for 90% of all information collected for legal discovery.
The burden of eDiscovery has grown – in a recent study by Osterman Research, it was found that, during the past three years, 72% of organizations had to search through backup tapes to retrieve email in response to an eDiscovery request. In the same survey, it was found that 38% of organizations were ordered to produce employee email by a court or a regulator.
The Six Stages of Electronic Discovery
The Electronic Discovery Reference Model (EDRM) is a conceptual representation of the stages in the eDiscovery process. It’s important to note that organizations can diverge slightly from this model, in that they may “engage in some but not all of the steps outlined in the diagram or carry out the steps in a different order”.
57% of organizations spend more than $1 million on eDiscovery per year.
Electronic discovery is often viewed as a part of a larger framework called information governance – a holistic approach to managing corporate information that includes people, technology and processes that ensure that corporate information is created, handled, treated and disposed of properly. IG is important because it helps to mitigate risk and expenses in case eDiscovery becomes an issue.
The eDiscovery process typically consists of the following stages:
1. Identification – The organization locates relevant sources of electronically stored information and determines what information is relevant to the case.
2. Preservation – The organization makes sure that the relevant ESI is tamper-proof and protected against deliberate alteration and destruction.
3. Collection – Relevant data is gathered to be used in the eDiscovery process. This stage is critical as unstructured data often resides on servers, can be scattered across the organization – in places like email, instant messages or on employees’ personal devices.
4. Processing and Review – If necessary, the collected data is converted to forms more suitable for analysis (PDF, TIFF images etc.) and is subsequently reviewed for relevance.
5. Production – Electronically stored information is delivered to parties in dispute using appropriate mechanisms.
6. Presentation – The collected information is presented before an audience (e.g. a trial).
Will It Happen to My Organization?
In business, litigation is not a matter of if but when. A regulator for your industry may ask your organization to produce some information as part of a compliance request. Alternatively, a judge or a court may ask you to disclose information as part of a legal case. New legislation across the globe means that eDiscovery requests are being enforced like never before. Forensic data is especially important and may be requested when there is an allegation of fraud or sexual harassment.
85% of organizations in the US are currently involved in some kind of litigation, while 25% anticipate that litigation against them will increase over the next year.
It depends on the court how long an organization may be given to produce the data, and in some cases it can be weeks, if not days. The tight deadlines are a problem, especially when there are years of data to trawl through. Unless they have an eDiscovery solution in place, organizations have to invest in a round-the-clock team to search for the requested files. That’s why some Fortune 1000 companies spend up to $30 million on eDiscovery in a single year.
Ever since the global economic meltdown, organizations of all shapes and sizes have been under increased regulatory scrutiny, and there’s no reason why yours should be an exception. The greatest increase in litigation has to do with discrimination and privacy issues. These are all issues that are likely to require evidence. According to the American Management Association, 25% of Fortune 500 companies have to defend themselves against sexual harassment claims. The problem is that smaller organizations often can’t afford to hire external legal teams to retrieve data. If they can’t produce evidence quickly, the penalties can be too much for a small firm to bear.
It’s no longer possible to avoid eDiscovery, as the fines and court action associated with it are too hefty to ignore. In a survey by Osterman Research, it was found that the average time it takes to respond to an eDiscovery request is between 8 man-hours and 16 man-hours. That’s up to two full days. Without a proper eDiscovery strategy and relevant technology, the average cost to companies during an eDiscovery case is $1.8 million, 70% of which is paid to legal experts who review data.
How to Prepare for eDiscovery: Four Crucial Steps
When it comes to eDiscovery, being prepared for litigation involves several steps – knowing what kind of data your organization stores, who is in charge of the data and where the data resides. Establishing best practices for eDiscovery has proven to aid organizations in dealing with requests. Those business entities which are fully prepared are able to cope with an eDiscovery request in only one-third of the time that unprepared businesses take to respond.
1. Establish Best Practices for eDiscovery: What? Who? Where?
The type of electronic information you store will depend on your industry and business processes, but make sure you make a data map. Drafting a map of all the communication channels and storage systems you use will help manage all relevant information. You should start with email servers and employee laptops, but include mobile devices and company’s social media accounts as well.
“Electronic discovery can no longer be one of the last things companies involved in litigation think about. Instead, it now must be made a priority in most cases. Businesses have lost cases and millions of dollars by neglecting to preserve information related to a lawsuit.”
Steve Harvey, Pepper Hamilton
Electronic data is different from traditional, paper evidence, not only because of its intangible form and transience, but also because it’s accompanied by metadata (e.g. the device used to send a message or the date and time an email was written) that can play a vital part as evidence and also needs to be preserved. Hence, to preserve document metadata and to make electronic corporate exchanges searchable, it’s not enough to print an email or take a screenshot, especially because such formats can be susceptible to evidence spoliation.
DID YOU KNOW?
In 2006, the U.S. Supreme Court’s amendments to the Federal Rules of Civil Procedure created a category for electronic records that, for the first time, explicitly named emails and instant message chats as likely records to be archived and produced when relevant.
After some years of little to no involvement with eDiscovery, IT departments are now becoming responsible for data management in many organizations. This is because digital data is growing so fast and IT staff tend to be best equipped to deal with it. Because data growth is exponential in both private and public sectors, it’s now a major challenge to manage data storage and retention across a company network, especially because data storage mediums have evolved and remnants of old technologies can be found mixed in with new technologies.
Understandably, IT departments have been loath to take on these responsibilities, as the combination of data storage and compliance duties often equals one big mess. While complying with eDiscovery may seem like excessive work to everyone involved, companies are legally obliged to keep archives of all business-critical and sensitive information (and 75% of it resides in email).
DID YOU KNOW?
Big Data challenges are driving up the costs of eDiscovery. The biggest concerns are the volume & variety of data (50%) and escalating eDiscovery costs (42%).
After you’ve identified the key players in the case and know what kind of electronic information you’re looking for, you need to focus on the “where” question. Knowing the exact location of your data will minimize eDiscovery expenses and delays once discovery is under way. Reducing eDiscovery costs is easier when email data is managed and archived centrally. As email is the most common form of data produced by organizations, implementing an automated solution that can retain all enterprise email is a good first step.
2. Adopt Retention and File Destruction Policies
One of the key recommendations is the need for companies to get a grip on their information retention plans. There needs to be a clear plan for the deletion of information so that companies can expunge the unnecessary data with confidence. The decision to let your employees decide which emails to save and which to purge will probably come back to haunt you when auditors, lawyers or compliance authorities knock at your door.
Although 75% of information contained in email is considered critical to business operation, not all electronic content today is email. Organizations need to understand that the information that flows through alternative channels like social media and mobile messages is equally important. Check how your employees are using personal and enterprise-issued phones, include mobile communications in your policy and ensure that it spells out both company expectations of employees and the potential legal ramifications of any electronic communications (email, Skype, social media interactions, etc.) initiated from the workplace.
The policy must clearly specify that no electronic communication initiated from a workplace technology platform (and this can even extend to company-issued smartphones) is considered privileged or private. It must be clear to all employees that all written electronic communication is considered discoverable. Divorce attorneys have subpoenaed personal email sent by an employee through a corporate email system.
DID YOU KNOW?
The global market for eDiscovery software and services is projected to rise to more than $11 billion by 2020.
When defining retention periods, there will typically be differences based on the document type and the laws that mandate its retention. Unsurprisingly, the central email retention problem is the potential for important electronic records to be deleted. For this reason, your policy needs to contain strict guidelines regarding the deletion of business email, social media and mobile communications.
3. Create Synergy Between IT and Legal
The two teams that often seem at odds with each other will have to collaborate in order for your organization to have a successful eDiscovery program. Each team possesses very specific knowledge and a close cooperation between them is critical for successful eDiscovery. Your legal team needs to understand the technical aspect of record preservation, while your IT department can’t know much about the organization’s legal obligations unless they join forces with legal.
4. Invest into eDiscovery Technology
There’s no better way to control your enterprise information, observe all federal, state and industry regulations (including data privacy laws), ensure eDiscovery readiness and provide relief to your IT and compliance departments than to invest into proper technology.
The discovery process once relied primarily on lawyers sifting through documents and looking for evidence. This manual process has been replaced by various types of software that use complex algorithms to search and produce relevant documents. The main advantage of eDiscovery tools lies in the fact that they can sort through a vast amount of data quickly and find specific documents relevant to a legal request. Storage administrators have a number of options for managing discovery requests for email and other electronic records, and archiving is one of them.
How Email Archiving Fits in Your Litigation Response Strategy
Email archiving is hardly a new practice and it has always been known to improve eDiscovery preparedness. With an email archiving solution, all incoming, outgoing and internal email is captured, and a copy of it is indexed, made searchable and packed for secure long-term storage. Modern solutions have additional capabilities and can be customized to retain various kinds of discoverable data, from social media to PowerPoint. Below is an overview of the main eDiscovery features that email archiving solutions contain and a guide on how organizations can improve their legal response using archiving technology.
Your organization could receive an eDiscovery request asking you to produce all emails and instant messages exchanged between two employees within a particular date range. Thanks to indexing, you’ll be able to find and present those emails without paying external teams to perform extensive and expensive manual searches. When an email or text message reaches the archiving solution, it is read against a set of criteria. All metadata is memorized and can be used as search criteria later.
The indexed messages can typically be searched using the standard mail header criteria: from, to, cc, bcc, hidden, recipients, senders, subject, body and message. A good archiving solution will be able to search based on criteria such as attachments, conversation (between two people), message size and attachment size. Many solutions do a pretty good job of indexing the email header criteria and message bodies, but very few can actually index attachments. As evidence often hides in the attached documentation, organizations should look for an email archiving tool that indexes attachments.
2. Data Authenticity
The biggest enemy of legal discovery is the destruction of evidence. In electronic discovery, changes to ESI, including unintentional data deletion, can occur throughout its lifecycle. End users delete and overwrite data on a daily basis and even data that’s already stored for long-term safekeeping can be compromised due to bit rot or hardware failure.
Under the SEC Rule 17a-4, all electronic records must be preserved in a non-rewritable and non-erasable format. This means that your archiving solution must be designed in a way that prevents message alteration or deletion. To ensure full compliance with federal, state and industry regulations, make sure your email archiving solutions records data in WORM (write once read many) format.
Given that email and other electronically stored information can be used as evidence, it is of paramount importance that your organization can prove that the emails have been archived in their original state and remained intact while in the archive. To minimize legal risk, improve compliance and help with eDiscovery or internal investigations, a good archiving solution will make sure all messages are time and date-stamped. In order to be able to prove that a specific email hasn’t been manipulated or tampered with, organizations should look for eDiscovery software that offers authenticity features and message verification. The verification process begins with message ingestion ‒ each and every email gets a unique hash number that is visible when the message is retrieved. This serves as proof that what compliance officers or lawyers are reviewing is the original message with its original content and metadata.
DID YOU KNOW?
Apart from email, discoverable electronic information may include PDF and Microsoft Word documents, spreadsheets, instant messages, social media posts, text messages, phone records, voicemail, even data from wearable technology.
3. Retention Policies
Every email, just like any other kind of electronically stored information, is subject to document retention regulations and destruction policies. Old emails should be purged, but only when they reach the end of the standard retention period.
Having a retention policy reduces risk by ensuring the proper handling, retention and destruction of electronic records. As we already mentioned, your IT department shouldn’t be solely responsible for the creation and implementation of the retention policy, as they do not have the prerequisite knowledge to decide what should be retained and for how long. Only a close cooperation with Operations and Legal, who are both well-acquainted in litigation and eDiscovery, can result in proper understanding and implementation.
4. Legal Hold
One of email archiving features crucial for eDiscovery, legal hold is a process organizations use to preserve all relevant information as soon as litigation is anticipated. It involves the prevention of processes such as document deletion and alteration of retention policies. In simplest terms, legal hold suspends the regular retention schedule.
When there is reasonable anticipation of litigation, data identified as potentially relevant to the case is placed under legal hold. The person in charge of issuing a legal hold needs to identify the relevant electronic information, clearly inform employees that these documents must be preserved and protected from destruction or alteration, and make sure that legal hold stays in effect until the completion of the lawsuit.
5. Audit Trail
Email archiving solutions enable admins and compliance officers to perform audits. The audit feature offers a read-only log which is used to track activities on the appliance. It also allows authorized staff members to view the history of activities of a specific user (or another compliance officer) within a specific date range.
For instance, if an employee attempts to access a section they are not authorized to access, this activity will be recorded in the audit trail. The appliance allows admins to check whether specific keywords have been searched, which users looked for what data, whether they attempted to modify certain rules or whether somebody tried to overstep their authority. In other words, the audit trail feature maintains a chain of evidence and helps organizations to prove that the documents have remained unchanged.
DID YOU KNOW?
According to a report by FTI Technology, only 30% of organizations have approved BYOD policies but 67% of employees continue to use personal devices for work despite the official BYOD policy that may limit or prohibit their use.
6. Advanced Search
In order to search millions of archived emails in record times, email archiving solutions need superior search functionalities which allow organizations to respond to eDiscovery requests in under 30 minutes.
Email archiving solutions usually come with two types of search – simple/quick search and advanced search. If used for a litigation case, the quick search functionality would leave you with too many results, which means it’s not really suited for complex queries. You would need too much time to review all the data. Advanced search, on the other hand, lets you structure your search much better and end up with a manageable number of results. It allows you to search for data across servers, locations and departments, narrow down your search and filter the search results, leaving you with a manageable amount of data.
Electronic discovery has become the norm in the litigation process and organizations need to align their legal strategy to be better prepared. Although email is typically viewed as the core of an eDiscovery program, there is a wide degree of flexibility, especially after the recent amendments to the existing laws that now mandate the retention of alternative information sources such as social media posts, chats and mobile messages.
Organizations that wish to master the art of appropriate information housekeeping need to understand that it requires a proactive approach to storage, eDiscovery and information management. To devise an email archiving program that will stand up to legal scrutiny, business should train their staff in data retention and eDiscovery best practices, start working on a retention plan and foster a culture of archiving their enterprise email, social media and other unstructured information. Although the implementation of an email archiving solution does not guarantee automatic legal preparedness, it does give organizations the peace of mind that comes with knowing that every record is retained accurately and consistently.