Organizations today have to conduct an increasing amount of investigations. Regulatory authorities issue more requests for information than ever before. With the GDPR now in effect, citizens have the right of access to and deletion of all personal information that an organization has stored about him or her. Organizations add to the pressure, with preventive investigations and audits as result of their more proactive attitude towards compliance and transparency.
To respond to all these requests from citizens and regulators and to investigate possible corporate mishaps proactively, a thorough internal investigation is crucial. However, all these internal investigations put considerable pressure on the already stretched legal and IT teams that have to conduct these investigations.
The use of eDiscovery technology helps to meet the short deadlines, control the costs of the investigation and also improves the cooperation with regulators. This blog specifically addresses the benefits of an efficient review plan.
When starting an investigation after receiving a regulatory request for information, in case of a legal dispute or when corporate abuse is suspected, the investigator faces a number of challenges.
First, there is the enormous amount of data that the investigator must select out of the even larger total amount of data that companies store. To complicate matters, you never know when to expect an investigation. Most requests for information come unannounced. Organizations and teams that are not prepared, face unavoidable and uncontrollable ad-hoc out of pocket costs.
Another challenge that is often underestimate, is the lack of knowledge and understanding of the processes and techniques that are needed to efficiently conduct internal investigations and audits. Especially when it comes to complicated and extensive fraud investigations.
The so-called “review plan” determines systematically a large part of the investigation process starting with the processing of the data to the moment of presentation. By carefully considering the most important steps in this review process before proceeding, valuable time can be saved when it matters most.
When you start thinking about the categorization of the data that needs to be processed immediately at the start of the process, obscurity and unnecessary searching are prevented later. Therefore, ensure consistency in the naming of custodians, sources and any other metadata that can be added during processing.
Consider beforehand which configuration you will use in processing to increase relevance. Consider, for example, de-duplication scenarios, ignoring known system files, what file types can be ignored if any, etc.
Decide and note how to reduce the total processed set of data to a relevant data set. You have different options; you can search manually, use Artificial Intelligence or combine both approaches. This may differ per (type of) investigation, but by thinking about this beforehand, you can save valuable time later.
Discuss in advance how you will label the relevant data set. Which tag strategy do we use? Do we tag single documents or families and why do we make that choice? Do we go for predefined labels or do we let reviewers choose themselves? Consider the pros and cons of both options. Create a log describing the meaning of each tag.
How do we set up quality control? By first and second level review? By sampling?
How do we report the review progress? How can we measure the effectiveness of the review and individual reviewers?
In which way do we want to offer the relevant set of documents for presentation? Which formats do we choose and how do we report? How do we export the metadata if needed?
With a clever review plan, you can reduce the number of ad-hoc decisions and avoid duplication of effort. You get a clear insight into the efficiency of the process so that you can estimate the costs; the quality assessment is much better and through good reporting you create a transparent process that is guaranteed, repeatable and assures the integrity of the investigation.
You are welcome to join us for an unique panel discussion (in Dutch) on internal investigations and audits on November 14 in Amsterdam, organized by the Benelux Chapter of the Association of Certified eDiscovery Specialists (ACEDS). For more information and registration, you can click here.
For more information about the data privacy standards, you can attend ZyLAB’s upcoming webinar on GDPR and CCPA on November 12th.
If you are interested in hearing more about solutions that can assist your corporation with internal investigations, please reach out to us to schedule a call or demonstration.