EDRM, the industry group tasked with developing ediscovery guidelines and standards defines ediscovery as “[the] process of finding, identifying, locating, retrieving, and reviewing potentially relevant data in designated computer systems.” Internal investigations, criminal complaints or corporate regulations occasionally drive information requests. Good ediscovery compliance policy should also ensure your organization’s process can stand up to the more rigorous standards used for civil litigation or government regulatory requests.
The ediscovery process ranges from information management through court presentation (see EDRM Diagram on right); however, this post is concerned with the the first few steps involved with collecting electronically stored information [ESI] as these steps can be some of the most time-consuming and costly parts of the process. Simply put, the steps of data collection are these:
- Receive an ediscovery request from an authorized source
- Locate the data stores that are relevant to the request
- Formulate criteria (dates, keywords, addresses, etc.) to cull data
- Extract and produce the ESI in a usable format (including associated reports or logs) to the requestor
Sounds straightforward, doesn’t it? However, to successfully achieve electronic discovery in a defensible, efficient manner, some steps should already be in place.
Communication between the requestors of the data (e.g. Legal, HR) and the IT department is essential. As part of this dialogue, it is helpful to have recurring, mandatory meetings between the legal team, business management and IT departments. In addition to establishing policy (retention, internet) and outlining process (discovery, ligation hold), this ongoing venue allows bilateral communication while alerting key parties to upcoming litigation, discovery requests, resource availability (i.e. employee, software, hardware), new technologies, process challenges, etc.
Another important step is to have a proactive Discovery Implementation Plan in place. This plan should detail how a request will be created and communicated. In addition, it will outline how relevant ESI will be identified, collected and produced in a defensible manner. It should include details of audit trails and other available reporting. Define what parts of the discovery process will be handed in house and what will be out-sourced. If you are doing the collection in-house, identify the ediscovery solutions you will deploy, ensure those tools will fit your environment and avoid spoliation of data.
In addition to the above, any good ediscovery compliance plan requires a thorough mapping of your environment that answers the following questions. What data is available; how easy it is to access; and who uses those stores. Be sure to outline procedures on how to retrieve that data and identify areas that are not ‘reasonably accessible.’ Another key to complete your ediscovery plan includes thorough documentation of your retention, ligation hold and archiving policies.
Once you have your communication teams established and discovery plans formulated, it is important that you constantly audit the process to ensure compliance with the established policy. In addition, test your ediscovery solutions to ensure they will stand up to scrutiny.
Proactively preparing for electronic discovery and litigation will save time and money in the long run. For more information on how Sherpa Software tackles these information managment challenges, check out www.sherpasoftware.com for free resources including webinars and white papers on this topic. Additional resources can be found on the web at the following locations:
Electronic Discovery Reference Model
Sedona Conference (EDiscovery)
Other Helpful EDiscovery Links
Thanks to Marta Farensbach for guest blogging on this series.