The past 5 years of my career were spent in-house at Deutsche Bank as part of the eDiscovery technology team, and now that I have my own advisory practice, I can share my thoughts, advice, and opinions more freely. This article is based in my belief that focusing on the basics will keep your eDiscovery program on the right path regardless of the size and type of organization.
Why Back to Basics?
We all know that eDiscovery is the process of identifying, collecting, searching, reviewing, and producing electronic documents during the discovery phase of litigation. The same methods apply to regulatory requests, investigations, or other data requests that could, in the future, move to litigation.
Although organizations spend a significant amount of time creating their eDiscovery processes—working with the legal, compliance, and technology departments—they do not always review and update the procedures for technology changes. In my experience working in-house, it is essential to integrate eDiscovery practices with your organization’s change management process to avoid technology changes that could impact your eDiscovery effort today or in the future.
Below are some key basic areas that I always keep an eye on for our clients when discussing change management and process review.
People move, but their data may or may not go with them. As part of that process, organizations need to identify people that move to a different geographic location. It is important to track people, their responses to a litigation hold, reminding custodians of their hold responsibilities, and having a plan for dealing with custodians that have moved is all part of having a defensible legal hold process.
If you have employees moving to a country like Switzerland or France, you need to be aware of policies that inhibit your data access in the future. You may find data on litigation hold in the US may now physically reside in Switzerland where collection for a matter in the US could be nearly impossible.
Data is often transferred from legacy storage to new storage, but policies such as legal hold and retention do not necessarily follow. Usually what happens is that staff members on the technology team are tasked to find that data and then collect it. As a best practice, I advise clients to apply retention to folders and individual items to specify how long a message remains in a mailbox so that the appropriate action be taken when the message reaches the specified retention age based on that classification.
Data spoliation often occurs when organizations don’t track employee devices and data as they move across geographic locations.
In-place preservation and compliance archives can either prohibit or inhibit attempts to delete responsive ESI or maintain hidden copies of files. While backup tapes and other enterprise storage systems are used for short-term data recovery, data archiving systems are essential for long-term data retention and especially for regulatory compliance requirements. The failure to the maintain an efficient compliance archive could mean the difference between winning and losing an important legal case or even a significant fine or sanction.
It is critical to periodically validate an archives data feed to be sure one is capturing all the data from the source. Data sources add functionality which at times adds data to the data feed, but the destination system might not be capturing it. If the eDiscovery team’s process isn’t aware of the changes, the data won’t be collected opening a can of worms for the legal team.
In my next article, I’ll discuss some of the “Back to Basic” concepts around technology on-boarding and dealing with upstream data as well as providing some best practices from my experience in the trenches.
Let me know what you think. Send me a note at michael.epstein[at]ediscoveryadvisory.com.