Electronic discovery, or eDiscovery, the process of identifying, gathering and analyzing digital information related to a legal matter, is a risk management issue. Virtually any legal action—including lawsuits, regulatory matters and internal investigations—includes eDiscovery, but many enterprises still don’t have an effective user document creation and retention policy, and many still use inadequate discovery processes that fail to harness in-house expertise and technology.
Too frequently, key players within the organization, including risk managers, executives and IT leaders, do not come together to create and implement an effective companywide policy on the treatment of electronic information with respect to legal controls and use. That means they are putting their organizations at risk. To achieve a more controlled, mature process, enterprise leaders must work together to identify and implement best practices—including establishing standard operating protocols for identifying people and systems that may be implicated in particular legal matters and to have in place the right technologies to gather, transfer and analyze relevant data.
Documenting Policies and Educating Employees
The first step in mitigating the risks associated with legal data compliance is to limit what employees put into writing. Employees should receive training that advises them to only put in writing what is absolutely necessary. This minimizes the risk of capturing items that might expose the company to liability, and it also cuts down on the volume of electronic communications, which is a cost factor since all possibly relevant items must be reviewed by attorneys to respond to legal discovery requests. It’s also important to make sure employees know that even items that seem innocuous can be taken out of context, resulting in unnecessary legal work to clarify the context. So simply educating employees about how to use communications better—to be careful in the way they communicate (both internally with colleagues) as well as with outsiders, is a key part of ensuring that the volume of data and the topics within the datasets, are controlled.
To ensure that only items that must be retained for eDiscovery (materials including email, electronic documents and databases) are stored securely, companies should use a system to classify data also known as records and information management (RIM) strategies. RIM strategies enable an organization to understand the corpus of data within the organization that must be tracked. The system can be automated using several popular technology solutions and augmented with well-classified indices and analysis processes. These analysis processes employ search and relevance coding to help focus, early in the course of a legal matter, on those documents that will eventually be needed by the attorneys and experts in prosecuting or defending a particular legal issue. Also, a system that helps classify and manage that data can be very helpful in reducing the risks of deleting or destroying data that are subject to legal preservation requirements.
Another effective risk management tactic is to limit the amount of email storage space users are allowed to use, and to restrict storage of important business documents to central locations, such as home folders on managed servers. Risk managers and legal teams should make employees aware of the cost of conducting a legal review of documents, which can surpass $25,000 per gigabyte. Therefore, all items eligible for deletion should be deleted, if only to manage costs.
Building awareness about what types of items should be put into writing, controlling storage and using automated solutions will also contribute to cleaner datasets that enable more accurate analytics in the event of a discovery request. An educated workforce and a management team that is willing to make and enforce relevant data use policies will reduce the risks associated with unnecessary document storage. Companies that create such an internal culture and use available tools can quickly realize time savings and reduce exposure to legal liabilities.
Building an Effective Discovery Process Using Technology Tools
When a discovery request is received, companies can minimize risks and maximize compliance by using effective processes and technology solutions. Those in charge of handling the request should leverage the knowledge of their data response teams and in-house subject matter experts. A good strategy is to gain manager buy-in for the eDiscovery approach and query subject matter experts about which employees are likely to have produced documents pertaining to the discovery request. Those processes together with a smart and clear records management plan (that is also well executed) will further reduce the risks associated with unnecessarily large data sets, typically involved in eDiscovery.
To ensure effective policy enforcement, it’s also imperative for those within the enterprise tasked with complying with discovery requests to confer with in-house experts (such as the legal department) to compile lists of employees whose data may need to be gathered. Using efficient yet simple processes such as interviews and questionnaires can go a long way in short-cutting a typically daunting process of culling data to find the relevant documents. Those interviews may be conducted via telephone, in-person and by using Web-based questionnaires.
Managing Risks by Optimizing eDiscovery
Electronic discovery is now a key part of the overall legal data compliance process, and companies need to acknowledge that fact by creating a sound data use and eDiscovery strategy to manage risks effectively. By proactively outlining document creation and retention policies, gaining executive buy-in and educating employees, companies can proactively address the risks of legal liability and ensure the enterprise and employees are protected when legal issues arise.
Enterprises can also create and implement eDiscovery processes and leverage available technology tools – in-house or through a service provider – to further reduce risks and ensure compliance. Companies that take these steps will position their business to successfully navigate the risks posed by data (both electronic communications and documents) that necessarily become part of a legal matter.
Alon Israely, co-founder and senior advisor in BIA’s Advisory Services group, has worked closely with IT departments, corporate security, legal, risk and HR executives for more than 15 years. With a background in IT and a license to practice law, he has helped create commercial methods for data handling and software for data gathering.