It is only recently that IT departments have become involved with eDiscovery. The explosion of data now available on mobile, social media, and in cloud storage means the IT team has now become integral to the EDRM process.
The challenge facing CIOs is often IT staff are not trained or supplied with the equipment necessary to identify, retrieve, collect, store, analyze, and deliver data in a forensically defensible manner. This can lead to major compliance issues as courts tend to place high expectations on corporations when it comes to preserving electronically stored information (ESI) because they are seen as having the resources to do so.
When embarking on an eDiscovery project, the IT department will be asked to confirm:
- Where backed-up data is stored and the policies and procedures for retention and archiving
- What devices are currently used to back up data stored on laptops, desktops, and mobiles (i.e. iPads, smartphones, navigation systems).
- How is legacy data and data from ex-employees managed and stored?
- Are our policies compliant with data protection laws such as the General Data Protection Regulations and the California Consumer Privacy Act 2018?
- What software and technology is available to retrieve, store, review, and produce forensically defensible data?
Given ever-increasing budget constraints, more corporate legal teams are looking for ways to take control of the legal eDiscovery process. And to achieve this transition, from relying on external providers to doing the job themselves, IT, legal, and eDiscovery project management teams need to collaborate.
eDiscovery software and technology can reduce costs and the risk of data spoilage
Given the vast amounts of data which eDiscovery project teams must deal with, legal holds can no longer be managed with Excel spreadsheets and simple Microsoft search tools cannot be relied on to find relevant data and leave an accurate audit trail.
By bringing the eDiscovery process, especially retrieval, storage, review, and production in-house, the cost of outsourcing is significantly reduced. Even if part of the job is outsourced to an external provider, up to 90% of data sets can be reduced by running de-duplication methods and removing irrelevant files in-house. This drastically cuts eDiscovery spend and allows for stricter budget controls.
Controlled eDiscovery equals greater security
Transferring data represents a cyber security risk. By taking control of the eDiscovery process, you can mitigate the risk of data breaches, which can leave your organisation exposed to lawsuits, and harsh regulatory fines.
The Wells Fargo data breach, which hit the headlines in 2017 provides a cautionary tale on the risks involved in outsourcing eDiscovery. In responding to a third-party subpoena, outside counsel for the financial services company worked with an eDiscovery supplier to review and identify responsive emails for production. The outside attorney reviewed what she believed to be all the potentially relevant information, excluding irrelevant and privileged documents. She then did a ‘spot check’ on the production and turned over the CD to opposing counsel.
Unfortunately, it transpired that vast amounts of confidential information about some of Wells Fargo’s wealthiest clients had been provided on the CD, including, according to the New York Times report, “copious spreadsheets with customers’ names and Social Security numbers, paired with financial details like the size of their investment portfolios and the fees the bank charged them”.
There is little doubt that such a spectacular failure of due diligence could have been avoided had the eDiscovery process been under control, with a project team consisting of legal counsel, IT professionals, and researchers, working together to ensure cross-checking and data security.
The challenges now presented by the ever-increasing amount of data trails left behind by every one of us on a daily basis, not to mention the incoming complexity artificial intelligence will bring to the eDiscovery process, means IT and legal can no longer work in silos. By involving the legal team in the acquisition of eDiscovery software and ensuring they work with the IT team to identify, retrieve, and review relevant data, firms can not only slash costs, but prevent cyber security and data breaches.