Information Technology (IT) professionals are often at the forefront of in-house eDiscovery collections. These responsibilities are often thrust upon unsuspecting technical personnel with little notice, detail or even training. Because of the nature of their work, IT can be deposed or even called into court to testify about their role in gathering data for a case. Sherpa Software recently sponsored an MSExchange.org webinar featuring Bill Tolson and myself discussing this very topic and outlining some challenge areas. As a follow-up, this article will lay out some of the more common mishaps when collecting data and provide some options for avoiding these trouble spots.
Collections occur because eDiscovery is legally mandated for parties involved in litigation. For companies on the requesting end of a production, the goal is to complete the task in an economically feasible manner while maintaining a legally-defensible process. That means getting the job done with as little time, money and stress as possible while playing by all the rules. However well-intentioned the process, there are some key areas where mistakes are commonly seen.
Failing to Protect Data from Deletions
You cannot search or collect electronically stored information (ESI) that does not exist. Deletion and wiping activities are often scrutinized by the courts in an adverse manner, which could negatively impact the case. Your organization should have a documented retention policy to support defensible deletions, however, preservation of data that is relevant to the matter is essential. When litigation is imminent, automated deletion procedures must be halted for the targeted data stores, custodians or date ranges. Litigation hold notifications are also essential for a defensible process.
Collection isn’t just about gathering ESI. The data about your files, email and social content is fair game and can be essential to making or breaking a matter. More importantly, the default production formats under the Federal Rules of Civil Procedure mandate production in native format with metadata intact. The problem is that some methods or tools can inadvertently change the dates and other properties of documents. The best chance of avoiding these issues is to have well trained personnel using tools designed for discovery searches.
Poorly Defined Scope
Document review remains the largest cost associated with eDiscovery and this is directly related to the volume of ESI collected. Over-collection, quite simply, costs money. Equally problematic is the issue of under-collection, which can undermine a case. Both of these problems can be avoided with a well-defined scope. From the outset, the parameters of the collections need to be outlined by the eDiscovery team. This should include:
- Identifying and prioritizing key custodians
- Pinpointing pertinent ESI storage locations
- Defining the parameters of the search including dates, keywords, file types
- Choosing automated solutions and deciding on methodology
- Clarifying delivery formats for structured and unstructured data
- Establishing what is ‘reasonably accessible’ as related to the proportionality of the specific case
Lack of Communication
One of the most critical lapses in the collections process is when key stakeholders do not talk with one another. Communication between interested departments, especially IT and legal, is critical to keep the collection process running smoothly. Ideally, an eDiscovery liaison should be appointed. This key resource should work with IT to guide the process, establish parameters and navigate challenges. The liaison should be able to answer questions, work to safeguard defensibility, and ensure that collections address other legal or technical concerns.
Failing to Document Methodology
Defensibility is one of the main considerations in eDiscovery collections. Missing inventories and logs can weaken a case. In addition to robust documentation, effective testing should also be done to ensure process, policy and software are all working as expected. Make sure your tools are optimized for establishing a chain of custody and consistently reproducing results.
The best way to avoid difficulties and withstand legal scrutiny is to include a repeatable assessment process as part your collection plan, including:
- Document the steps that were performed
- Test software to make sure you can consistently reproduce results
- Review and validate your preservation workflow
- Lay out the quality control process as part of the initial plan of action
- Conduct pilot collections on a small set of potential custodians, before performing the overall collections effort
- Implement and monitor the litigation hold efforts to ensure enforcement
Employee Self Collection
A common (but highly unreliable) method of collection is to have custodians collect their own data. This is often a recipe for disaster due to the lack of audit trail, inconsistent searching and potential conflict of interest. Trained, impartial personnel (which often exist in the IT department) should perform the collections, preferably with peer-reviewed and commercially-available tools. This helps to avoid mistakes due to lack of knowledge of systems, scope or process.
Waiting Until the Last Minute
Lack of preparation will cost you stress, time and money. Without a plan in place, communication is compromised, there is no defensible deletion, and IT will be scrambling to get the job done. At the very minimum, have retention policy and data maps in place and updated. The more litigious a company, the more important it becomes to establish and document overall procedure. While not all of the steps can be handled by the IT department (much of the execution is as part of an overall information governance strategy), IT personnel must maintain a critical role in the process.
Smooth collections require planning and communication. If you have already addressed these areas, you are ahead of the curve. If not, please check out other resources from Sherpa Software to help you manage all your information governance needs.