Five Ways to Tackle Your E-Discovery Quandary

Posted 12-14-2012

Five Ways to Tackle Your E-Discovery Quandary

By Mark Karnick

A new topic has come up in the IT-related focus groups in which I frequently participate. When asked, “What technology issues are with you concerned with right now?” my fellow CIOs offer up the usual answers: network security, disaster recovery, limited resources, etc. However, lately I’ve been hearing something new: e-discovery.

Once the responsibility of corporate legal departments and outside attorneys, CIOs and IT directors are beginning to encounter technology issues related to preserving, collecting and producing electronically stored information (ESI) during the discovery process of a lawsuit (hence the term e-discovery). Consequently, there is a palpable amount of uncertainty and apprehension about these new responsibilities and expectations. How did this come about?

Until recently, companies that found themselves in a lawsuit often had to hire expensive third-party consultants to help them comply with the rules of discovery, that is, the legal requirement that parties in a lawsuit produce and supply all relevant and nonprivileged evidence to the other side. In many instances this required the forensic analysis of computer hard drives, email systems, corporate servers and other ESI sources, a phase known as “collection.” Once collected, the data is then processed into a standardized format that can be reviewed and analyzed by the company’s attorneys, provided to the opposition and ultimately presented at trial. Evidence collection and processing is mind-bogglingly expensive; a major lawsuit between corporations can generate hundreds of thousands of dollars in discovery-related costs. Writing giant checks to e-discovery vendors on a regular basis has led many companies to make a concerted effort to find less expensive alternatives.

A number of specialized software programs for e-discovery collection and processing exist, but they have been used primarily by e-discovery vendors and technologically advanced law firms. A few software companies recognized the demand for in-house e-discovery solutions and began to offer products directly to corporations. Their success attracted major industry players to the e-discovery market. Companies such as Clearwell Systems (now owned by Symantec) and Autonomy (now owned by Hewlett-Packard), along with independent companies such as kCura, are marketing products directly to corporate customers that want to reduce or eliminate their e-discovery vendor costs by bringing collection and/or processing capability in-house.

Electronic evidence software tools are fairly complex, and their deployment and use requires a level of technical expertise above the scope and abilities of the average corporate legal department. Usually, the required support for these programs can really be provided only by, you guessed it, IT. Consequently, CIOs are increasingly being tasked with acquiring and deploying e-discovery systems or creating in-house e-discovery management processes. This trend is not limited to large corporations. Smaller companies have just as much incentive to reduce their outside vendor costs and often cannot afford to purchase a full-featured e-discovery product. These companies are now attempting to address e-discovery requirements by manually accessing their email archives, backup systems and server stores, relying solely on their internal IT departments and off-the-shelf search tools.

Five Ways to Tackle Your E-Discovery Quandary

Adding to the pressure on CIOs is the requirement that they educate themselves and their companies in e-discovery techniques, best practices and procedural requirements. Get it wrong, and there could be serious legal ramifications. A 2010 Duke University School of Law study noted a significant increase in the number of companies penalized for improper handling of ESI, most commonly for failure to preserve relevant data. As expected, defendants were found to have violated the rules far more often than plaintiffs. The penalties imposed by judges range from stiff fines to case dismissal or even default judgment. The study also revealed that courts are increasingly willing to impose penalties on companies even in instances where the mishandling of electronic data was unintentional.

Given these issues, what is a CIO to do? Here are a few important tips:

1)      Work with your law firm—As CIO for a nationally recognized law firm, I often consult with the CIO and other IT department personnel of our clients to make sure the company’s in-house collection of e-discovery data is performed using defensible processes and procedures. Among other things, this means identifying all potential sources of discoverable data, ensuring that the data is formatted in accordance with court rules or an agreement between opposing counsel and, most importantly, ensuring that the discovery data is collected unaltered and intact with all relevant metadata. In addition, many law firms have begun to expand their e-discovery services due to the increasingly high cost and inflexibility of outside vendor services. Our law firm elected to make a significant investment in advanced e-discovery software products, giving us in-house processing capabilities that equal or surpass those of many outside vendors. This decision was driven primarily by our desire to create an efficient, responsive system that avoids the pitfalls of dealing with outside vendors and minimizes costs for our clients.

 

2)      Carefully deploy e-discovery software—Companies that implement in-house e-discovery software must ensure that the software is deployed and configured in exact accordance with the manufacturer’s specifications. It is especially important to make sure that the software is able to access all of the relevant data sources and that the software’s internal search and indexing features are functioning properly. Once deployed, test the system vigorously.

 

3)      Upgrade your existing tools—Software vendors are now adding e-discovery functionality to many of their existing products, especially in the areas of email archiving and document management. If you have an enterprise agreement that entitles you to version upgrades, it may be worthwhile to determine whether an in-place upgrade will provide new discovery-related features.

 

4)      Beware of backups and disaster recovery (DR) tools—Some CIOs assume that they can use their existing backup and DR tools if they ever need to recover data for litigation purposes. This is rarely feasible; most backup products have limited search capabilities, and it is often very difficult to restore data from DR tools into production environments. In addition, this type of data recovery tends to be very time-consuming and expensive, and almost always has to be performed by outside forensic or DR vendors.

 

Five Ways to Tackle Your E-Discovery Quandary

5)      Enforce data retention (and destruction) policies—A comprehensive data retention policy sets clear guidelines not just for data retention but also for data destruction: when and how data is NOT to be retained. IT personnel are naturally reluctant to destroy data, so if you don’t have an ironclad data retention policy, you’ll find years-old data stores that were kept on hand “just in case.” This recently occurred with one of our clients, which still had old backup tapes for a hardware system that had long since been discarded. It cost the client a small fortune to recover the data from those tapes, but because the client was obligated to produce all relevant data, it had no choice.

Managing e-discovery resources in a corporate IT environment represents a new challenge, but it need not be a source of anxiety for CIOs. Being an e-discovery savvy CIO doesn’t require a law degree, but it does require knowledge of how the available tools and processes can fit within your organization, and an awareness of the importance of properly managing your organization’s electronic documents.

 

About the Author

Mark Karnick is the CIO at Glaser Weil Fink Jacobs Howard Avchen & Shapiro LLP in Los Angeles. He earned his Master of Science degree in Technology Management from Pepperdine University and is a relativity certified administrator, LAW prediscovery certified administrator, OpenText certified DOCS administrator and a Microsoft certified systems engineer.