4. Discovering Data Sources
The first order of business for an investigation is to identify potential sources of relevant information. Nowadays, most if not all data will be found in the IT systems, but in order to issue an effective legal hold, identification of data subject to discovery should be as thorough and comprehensive as possible. Finding the exact sources, typically means speaking to key players in order to find out what type of relevant records they may or may not be holding. IT staff and, if applicable, records management personnel, should be consulted in order to establish storage locations, retention policies, data accessibility, and the availability of tools to assist in the identification process.
The process of mapping data sources and collecting data revolves around answering four major questions: What are the potential data sources? What are the appropriate methods for collecting relevant data? Should collection be done internally or be outsourced to a third party? Who should be involved in the execution of data collection? Once these questions have been answered, identification is complete, and the investigation can begin with said data. From a case management point of view, executing a clear and defensible investigation is paramount, regardless if it concerns an internal investigation, an audit, legal issues, or regulatory requests.
Potential data sources
for an eDiscovery investigation
Data may be stored at a number of sources including email, computers, mobile devices, databases, tape backups, and third-party sources such as cloud storage and cloud backup sites. The Case Manager should coordinate with the requestor, and make use of appropriate legal and IT resources to determine where relevant data may be located. If it is possible to inform and involve custodians, questionnaires can be sent to the custodians to confirm that all potential sources of data are identified.
In addition to the coordination with legal and IT, other interviews may be necessary to clear up any uncertainty. For defensibility, the most important thing is to ask custodians the same set of questions, both in the questionnaire as in the interview.
Aside from identifying custodians, learning who they are and what work they do, the interviews should identify where they store data, including: identifying equipment that houses Electronically Stored Information (ESI), cloud storage, and hosted applications. Furthermore, the interviews should seek to understand how custodians communicate with the company and who they communicate with. The overall goal of these initial interviews is to establish the scope of the data map.
Appropriate data collection during an eDiscovery investigation
Prior to the start of collection, Case Managers should consider the trade-offs involved in different collection methods. Collection methods may include computer imaging, remote collections, or even assisted self-collection. Each method has its advantages and drawbacks regarding effort, cost, and completeness.
Invariably, weighing the pros and cons of every method falls on the Case Manager, who can seek advice form IT and legal. Defensibility is still paramount, but consistently going above and beyond the requirements of a case and completely disregarding the cost aspect of the equation leads to an investigation that struggles to justify it’s cost. Keeping an eye on proportionality, ensuring the ends justify the means, helps keep costs under control while ensuring the defensibility of the results.
Methods of collection may include computer imaging, remote collections, as well as assisted and self-collections. There are trade-offs to each approach in terms of efforts, costs, and completeness, but key is that the process needs to be defensible. For example, computer imaging is more likely to be appropriate for cases involving suspected wrongdoing, whereas self-collections may suffice for regulatory demands
Internal Data Collection versus External Data Collection
Once the size, scope, and means of collection are clear, investigators may want to take a moment to consider their options. Will they rely on internal resources to perform the tasks with regards to collection, or will they instead rely on an external party?
It’s a decision that can be based on a number of factors, considering that internal resources need to be available, the right skillsets need to be present, and experience with such matters is very desirable. What’s more, the data itself may pose some challenges in terms of expected volume, geographic location of sources, and legal restrictions (i.e. privacy laws) that restrict movement of data. Furthermore, an important consideration is to weigh the time and resource cost of the operation, especially since discovery typically employs tight deadlines. Finally, it is vital to measure the importance of the operation: if a vendor is to be used, and a possibility of sanctions (or even criminal charges) exists, that has to factor into the choice of vendor.
Who is involved in the execution of Data Collection?
If it is decided not to outsource collection, it’s key for the Case Manager to select employees who are up to the task of collecting materials internally. Employees involved in the collection activities should be versed with data handling procedures and the case management tools, where the process of handling evidence needs to be tracked.
Employees who handle the ESI should update the Case Management tool at each and every transfer in order to create a proper chain of custody for the evidence. If these updates are not properly performed, it could result in data being rendered inadmissible in a court of law or other legal proceedings. Even if the case in question doesn’t involve the courts, a defensible collection methodology is vital to meet the needs of regulators.