Earlier this month, the Benelux Chapter of the Association of Certified eDiscovery Specialists (ACEDS) organized a panel discussion in Amsterdam. The panel addressed the complexity of internal investigations and audits and talked about how eDiscovery technology can help address these challenges. Judging by the large turnout, this is a spot-on topic that many of the participants could relate to.
Companies and law firms are doing more internal investigations and audits than ever before. These investigations are the result of the increasing number of requests from regulators and the pressure to be compliant with increasingly stricter laws and guidelines related to competition, money laundering, bribery, privacy and other matters. Since the introduction of the GDPR in May last year, the growing number of access requests from consumers and employees has exponentially increased the amount.
To respond to these requests for information accurately, internal fact-finding missions are essential. These internal investigations however, weigh heavily on the internal departments that must execute them. To make matters worse, these fact-finding missions need to be executed in ever-larger electronic data sets.
In the panel discussion on Thursday November 11th, Maaike Visser (Manager Digital Investigation, ING), Manon Cordewener (partner Litigation & Arbitration, Hogan Lovells), Bas Maat (Integrity Expert, Achmea), Dirk de Hen (Partner Forensic Technology, BDO Technology) and Jan Scholtes (President ACEDS Benelux Chapter, Professor of the University of Maastricht and CSO ZyLAB) shared their eDiscovery “best practices” for internal investigations and audits.
The participants explained that each type of investigation requires their own approach. Some – mostly internal – investigations you can prepare for. A file-investigation to prepare a case, for example.
Other investigations arrive unexpected. Dawn raids by national or international regulative authorities and in the Netherlands, the increasing number of “bewijsbeslagen” (link to blog in Dutch) come unannounced, are typically the most stress-full and error-prone.
Preparation, even for the unexpected investigation, is crucial. The panel recommends having a clear internal policy in place and to ensure the quality and integrity of the processes.
It should also be clear who is responsible for what, and legal and IT departments must work together seamlessly. The most important recommendation of the panel however, concerns the need for technology.
The use of eDiscovery technology in the collection, processing and reviewing of electronic data helps to meet short deadlines, control the costs and facilitate cooperation between third parties. In an earlier blog, we discussed how a good review plan reduces the number of ad hoc decisions and prevents duplication.
Each of the panel members indicated that today's data volume is the main reason to select a future-proof solution to conduct internal investigations. As one of the panel members rightfully pointed out, scaling up in terms of labor no longer makes a difference when you need to handle larger and larger data sets.
The only way to handle today’s massive data sets is by using smart technology, with the emphasis on "smart". The panel members indicate that "normal" or legacy technology is no longer adequate. Working with hypotheses formulated by the investigators, and search queries deriving from these hypotheses, allows you to make better assumptions.
Large and complex data structures are about patterns and algorithms and you need intelligent data science techniques to gain the insights that the researchers did not foresee having.
Finally, the panel members discussed the benefits of keeping investigations in-house. With a sufficient amount of investigations (more than five a month), it becomes beneficial to set up your own internal eDiscovery services department. This is made easier with the centralization of e-mail services. This way you can easily save 30-40% of the decentralized eDiscovery costs, in addition to the fact that you can meet deadlines faster and deliver higher quality results.
An additional advantage of keeping the investigation in-house, is that it is no longer necessary to inform third-parties about ongoing investigations. And because your sensitive data is not being unnecessarily sent back and forth, the risks are reduced.
With Software as a Service (SaaS) solutions, there is also the convenience of automatic updates. With a user-friendly solution, the company's own team can easily and without extensive training, conduct smaller investigations themselves. This becomes very convenient with smaller "data subject access requests".
An increasing number of organizations are also using eDiscovery technology for preventive analysis and cleaning up unstructured data. Obligations and risks related to new privacy regulations like the GDPR and the CCPA are pushing organizations to action!
Want to know more?
Early next year, the ACEDS Benelux Chapter is planning another series of panel discussions in the Netherlands and Belgium. Keep an eye on our event overview and connect via LinkedIn for the latest updates.