I suspect that I have dated myself by referencing the British pop hit from Bananarama; however the lyrics are relevant in appreciating those components of a successful eDiscovery project. It seems that at almost every eDiscovery meeting a client initially starts off by requesting confirmation as to “what tool are you using?”
I suggest that there is too much emphasis on what “tool” we are using, while forgetting two other key elements in any successful technology application or deployment; process and people. Having conducted investigations and eDiscovery projects for over 12 years, where I have leveraged technology in finding the nuggets of facts, at the end of the day if you are requested to testify, it all boils down to your training, experience, processes and methodologies used (notice I did not say “tools”). The risk is not to confuse process and methodologies as being synonymous with tools. Software tools are used to perform particular types of functions, while a user will employ methods, practices, procedures that will leverage such software.
If we look that the EDRM model which represents a conceptual view of the e-discovery process; the eDiscovery approach should be determined by the merits of the case (each of which will be unique) – in other words there is “no cookie cutter approach”. Moreover I would offer the following challenges faced by an organization that requires understanding “before” making any key strategic decisions as to how to execute an eDiscovery project:
- Information Management and Identification – poses the “greatest effort”; do we know what we are looking for? Do we know where it exits? Who and what is in scope?
- Information Preservation and Collection – poses the “greatest risk”; is the collection forensic or logical? Who is performing the actual collection/preservation? Do we capture only local email files (e.g. OST ) versus server/network email files (e.g. PST ), or both?
- nformation Processing, Review and Analysis – is the “greatest cost”; has it been determined if the review team is domestic or offshore? Does the data require hosting? Does the security of the hosting solution meet the data security standards of the organization? Have we managed privacy and confidential information exposure risks in processing?
On reviewing the decision of the Pension Committee of the University of Montreal Pension Plan v. Banc of America Securities, LLC (S.D.N.Y. Jan. 11, 2010), Judge Scheindlin identified some key failures that require consideration by those managing eDiscovery projects (by the way – there is no mention of software tools within the 87 pages decision):
- Identification of key players – ensure that the list of potential custodians are understood. Consider including those that have confirmatory knowledge who may validate the central facts of the matter, the secretaries of c-suite individuals are good examples.
- Preservation of emails – ensure that a user understands the practicalities in order to complying with the legal hold letter. Accidental deletion of emails by a user must be considered as a real risk in the preservation of ESI and appropriately managed.
- Supervision and management of document collection – few employees are experienced in conducting searches of relevant ESI. Declaring to the best of one’s knowledge in the absence of “..experience in conducting searches, received no instruction on how to do so, had no supervision during the collection, and no contact with Counsel during the search” – will only increase risk, costs and may result in a potential “negligence” or “gross negligence” ruling by the courts.
In order to manage these risks an effective project manager should to be established; who will be accountable for applying process and methodologies to identify and then mitigate the risks – a defensible strategy. The challenge for organizations is to understand the benefits versus the total costs associated with eDiscovery activities. As Adam Smith wrote in the Wealth of Nations; “It is the maxim of every prudent master of a family, never to attempt to make at home what it will cost him more to make than to buy”. Charging employees or internal IT departments with identification, preservation, collection and pre-processing activities may have cost advantages however; this needs to be balanced with the risk that there is a likihood they will have to articulate their training, processes and methodologies – for others to critique. An eDiscovery project is about process, people and technology; “T'ain't What You Do (It's the Way That You Do It) and that's what gets results”.