Companies of all sizes are facing increased litigation risks and costs today. A great way to reduce those risks and costs is by adopting a proactive eDiscovery approach. If you're not sure what "proactive" eDiscovery means, this article not only offers a good definition, but also explains the trends that make proactive eDiscovery inevitable, how to implement a proactive solution that can save you money, and how to get started now.
Getting a Handle on eDiscovery
"Discovery" is the legal process that all companies facing lawsuits are required to go through in order to produce relevant documents for the court to consider. Generally, any company with $1B in revenue faces multiple legal matters. They may be spurious, or legitimate-but for good-sized companies, they're inevitable. What's notable is that those companies spend between $2.5 million and $4 million a year on legal discovery of electronic files alone.
What's driving those costs? Part of it is an increase in the number of lawsuits. Part of it is the new regulations that enterprises have to comply with in the wake of Enron, WorldCom, and Tyco. But probably the most important factor driving the increase in legal discovery costs is the rapid growth of electronic data that is generated and stored by companies as part of their ongoing business operations. While technology has made our lives at work easier and more productive, it has also contributed to the proliferation of electronically stored information (ESI). To make things more complicated, as much as 90% of all that information is unstructured and unmanaged. Most companies do not have well-defined information management policies in place to manage the explosive growth of this data. This is a recipe that can lead to huge litigation costs later for companies when they have to reactively dig through mountains of information to provide timely responses for eDiscovery requests.
Couple the explosive data growth with the new Federal Rules of Civil Procedure (FRCP) and you realize that companies need to pay attention - as UBS Warburg and Merck learned. They were fined $29.2M and $253M respectively in litigation that required eDiscovery of files. Clearly the new FRCP rules - unlike many other compliance rules - are being enforced.
eDiscovery is the process of using technology to identify, collect, preserve, process, review, and produce all the ESI that is relevant to a particular legal matter. "Reactive" eDiscovery means waiting until you face a legal matter, and then scrambling to find what you need scattered around the enterprise. "Proactive" eDiscovery means putting processes in place in advance to classify, organize, and manage (retain/delete) information so that when you're faced with a discovery request, you can respond quickly, easily, and at a much reduced cost. A crucial component - one that significantly reducing a company's risk and cost - is to dispose of old and obsolete data that the company is no longer required to retain. Last but not least, a proactive approach also helps you assess your risk before the first discovery meeting with your opposing counsel.
When you can react faster and more intelligently, you have a significant strategic advantage over the opposing party in a legal matter. And the best part about proactive eDiscovery? The fact that you can leverage what has been gained through proactively managing your information to:
- Organize storage resources better
- Cut down on the separate information "silos" in different departments that are redundant, wasteful, and prove difficult for IT management
- Comply with industry-specific regulations such as HIPAA, SEC Rule 17a-4, Sarbanes-Oxley, etc.
- Strengthen human resources in managing discrimination or sexual harassment
- Better manage executive committee goals for Six Sigma realization
- Guide IT in identifying unapproved or inappropriate material that has been downloaded to corporate servers (and dispose of it accordingly)
- Ensure that intellectual property is safe and protected
All of this results in tremendous risk reduction and significant cost savings.
Moving from a Reactive to a Proactive Approach
The vast majority of companies are still reacting to eDiscovery requests. Given the benefits of proactive eDiscovery, however, and the growing awareness of those benefits, it's not a question of if the majority of enterprises will adopt a proactive approach, but when. The tipping point probably isn't more than 18-24 months away.
So how do you get prepared? How can you move from treating each discovery request as a one-off, ad-hoc reactive project to adopting a business process that embraces eDiscovery as a best practice?
Proactive eDiscovery is litigation readiness. To be proactive, you need an approach that takes into consideration both best information management practices and best eDiscovery practices. The two concepts are interrelated, and a proactive approach to eDiscovery integrates both.
Good information management means you need to put in place the ability to classify and index all data, especially unstructured, electronically stored information. Your goal is to quickly identify and retrieve relevant information.
The first part of smart records management is to establish retention and deletion policies in line with your corporate or industry-specific compliance mandates as part of an intelligent information management technology strategy for your enterprise. Then, leverage that intelligent information management technology to establish data topology reports and automate policy enforcement across all data sources enterprise-wide.
This might be something as simple as a policy about when to delete records so that they no longer become a corporate liability and incur cost downstream. Case in point: DuPont. After a large legal case, DuPont conducted an analysis and found that 50% of the documents reviewed were kept beyond the required retention period. They had a policy in place, but they didn't enforce it. DuPont estimates it cost $12 million to have attorneys review all those old documents . . . documents that they wouldn't have had to review for the legal matter if they had only followed their own policies.
Companies need good records management policies that systematically expire and purge obsolete documents - reducing the overall storage content not only reduces storage cost, it has a direct cost savings impact on eDiscovery tasks that arise later.
eDiscovery Best Practices
Eighty percent of eDiscovery cost, according to some analysts, is incurred during the legal review process. That means it makes sense to drive down the volume of data you send to attorneys who charge $350 an hour to review that information. The goal is to collect only the smallest legally defensible data set.
Here are some other things a smart eDiscovery process should take into account:
- Know who "owns" your data. Know your custodians. One of the biggest problems many companies have when facing eDiscovery request is, they don't know where the data is, how to find it, or who the owners of the data are. Map your data to expedite identifying target custodians prior to collection and preservation.
- Know where your data is. It makes a big difference if it's on your network now, or if it's stored somewhere else on backup tapes. Don't walk into a required eDiscovery "meet and confer" session with the opposing counsel without knowing. Again, data topology mapping helps you analyze your ESI and preserve the "right" amount of ESI without under- or over-preserving.
- Determine how data can be delivered. Is it easier for you to present tons of printed material, or a clearly grouped set of PDFs or Tiff files? How is your current data stored, and what effort and process is required to capture it all in a common way? If you have a handle on this, you're much better prepared to assess how much time, effort, and money an eDiscovery request will cost - and better prepared to negotiate terms with the opposing counsel during the "meet and confer" sessions.
- Know how "heavy" or "light" certain keywords are. When you meet with opposing counsel during "meet and confer", one of the things you'll decide on is what keywords you'll agree to use to search through data that you'll produce for the court. Be prepared! If you know that a certain keyword is vague and will call up tons and tons of data - much of it extraneous, and all of which will have to be reviewed by the $350/hour lawyers - then you're in a good position to negotiate that it not be included. The best eDiscovery solutions allow you to create "what if" scenarios that you can use to scope out the range and breadth of data before you go into the "meet and confer."
Consider a worst-case scenario, which unfortunately, happens all too often in today's reactive eDiscovery world. Your counsel walks into a "meet and confer" session unprepared. He agrees to produce data without knowing where the data is. He agrees without knowing who the custodian of the data is. And he agrees to call data up using keywords that he doesn't have any clue about, in terms of their scope and range, and what sort or mass of data those keywords will produce.
The result? It will often turn out that he'll agree to produce data which is archived on backup tapes, and bringing that data back online and searching it will be very painful and expensive. He might agree to produce data using a wide variety of keywords. Those keywords might call up thousands of pages of documents, all of which both teams of lawyers will have to review. He might agree to produce things in an electronic format that his company has limited or no capability to produce, and that will require expensive investments he hadn't foreseen.
Proactive eDiscovery is about putting in place intelligent information management strategies, first, so you know where your data is, how it's organized, how to find it (and when to automatically delete it, as a best practice). Then, leverage those intelligent information management practices with solid eDiscovery best practices.
Ursula Talley is vice president of marketing for StoredIQ, a leading provider of enterprise-class Intelligent Information Management solutions that enable organizations to gain visibility and control over business-critical information in order to meet compliance, governance, and legal discovery requirements.