Stephen Welsh, Assistant Director, CIO, Arizona Department of Economic Security
E-discovery refers to any process in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. In legal proceedings, relevant and privileged data is often shared with opposing council. E-discovery is a well-established practice with cases involving corporations, legal firms, government, and heavily regulated markets. The first case involving the forensic collection of computer hard drives was in 2000 (Commonwealth v. Michael McDermott).
Historically, e-discovery has been email-centric, however, litigation has increasingly begun to include mobile devices, Bring Your Own Device (BYOD), social content, hybrid information (mainframe, relationship, and special data), text messages (SMS), voicemail, files and metadata (Lake v. City of Phoenix). Furthermore, this landscape has expanded from an on premise environment to cloud services. Millennials view social media as the norm for communications; email is viewed as a legacy approach. Collaboration can take place completely outside sanctioned structures at any time, and from anywhere. E-discovery requests largely address specific end user communication, which can carry the full weight of the Courts for collection and adherence to retention policy. The law and technology are intertwined. Because of the complexity of e-discovery and the rapid evolution of technology, the rate of change often outpaces case law and budgets. (Large data sets used for analytics, “Big Data”, are beyond the scope of this paper.)
Historically, e-discovery products and services have been on premise solutions; however, more organizations are looking for cloud-based e-discovery solutions. There are many issues that organizations must confront when considering cloud-based e-discovery services: data residency, privacy, encryption (at rest and in motion), and Service Level Agreements (SLA) for response timeliness. The sizeable technical requirements and resources that cloud delivered e-discovery entails, as well as the increasing demand for these services from enterprises, will create a greater conflict in the market than already exists between e-discovery specialist vendors and larger infrastructure providers.
Electronic Discovery Reference Model
The Electronic Discovery Reference Model (EDRM) outlines a formal conceptual methodology for organizations to manage e-discovery (Creating Practical Resources to Improve E-Discovery & Information Governance). Use EDRM to discuss e-discovery technology with your general counsel and with vendors (Figure – 1).
The model shows that organizations need to have strong data governance to facilitate the process. The governance policies govern data identification and feed the analytical process.
The Cost of E-Discovery
To contain costs organizations strive to limit the amount of electronic data collected by reducing collections points, clearly defining data custodians, and constraining dates and keywords.
Reducing work early on reduces costs during processing, review, and analysis. Efficiency algorithms can reduce collection volume, and predictive analytics can speed up processing, review, and analysis.
Data preservation and data growth is a compliance challenge. The more data and more data sources there are the more pressure and complexity organizations face during data collection and processing. According to Bloomberg, legal costs for the biggest U.S. banks totaled $30 billion in 2014. As a result of changes included in the newly proposed Federal Rules of Civil Procedure (FRCP), organizations face a shorter time frame for responding to discovery demands. For collection and processing, the scalability and speed of processing has become a key differentiating factor for e-discovery products and services. Additionally, the number of organizations receiving e-discovery requests in increasing. The following data from Fulbright & Jaworski, LLP was cited by Gartner:
Organizations need a solid strategy for data governance in order to respond to, and manage the risks and costs of, e-discovery demands. The following should be considered in developing an e-discovery strategy:
■ Develop a governance structure and memorialize it through policy. Also, determine the standards and processes by which the policies are enforced.
■ Construct a map of electronically stored information (ESI) sources, including mobile devices.
■ Map regulations to policies and controls to identify overlaps, redundancies and gaps in policies, controls, and records retention requirements.
■ Identify the current state of social media usage within the appropriate span of control. Communicate revised social and mobile policies to employees on at least an annual basis.
■ Keep business records for the shortest time permitted by regulation.
■ Keep non-regulated records for approximately 12 to 36 months, as required by the business.
■ Define a system of record for documents that exceed this period and ensure that steps are taken to assure retrieval.
■ Develop and define a legal-hold process. Identify the relevant data custodians and notify them of their duty to preserve data, audit tracking, and process reporting.
The e-discovery market has been in a state of constant expansion since 2006, and an expanding universe of inputs is accelerating this process. For example, BYOD and wearable computing devices are now considered discovery targets. The first court case that sought Fitbit data and leveraged data analytics was recorded in November 2014. This technology expansion creates demand for new e-discovery products and services. In 2014, the e-discovery software market was $1.8 billion, worldwide, and had a five-year compound growth rate of 12 percent.
Data Archiving and Sanitization
Data migration and IT infrastructure modernization offer opportunities for organizations to analyze data and clean up data sets. Outdated or redundant data can be identified and classified, and rules can be applied to cull out unnecessary data. Organizations typically over-retain data, and migration represents an opportunity to delete data that no longer has any business value, as long as there is not a need to retain the data for legal or regulatory purposes. Archiving solves several problems that cannot be handled in native email systems, social media systems, or by using file shares as primary storage. Archiving systems can be put in place as solutions for storage management, e-discovery, compliance, indexing, search and business or market analysis.
Cloud based storage solutions require and environment and data retention policies that support responding to events like audits, investigations, litigation demands, and litigation-related processes, such as legal holds. Storage managers must relinquish control of policy enforcement and e-discovery response activities. The centralized nature of cloud-based archiving can be used to simplify policy enforcement.