While technology is making certain aspects of eDiscovery faster and easier—think of the process improvements that technology-assisted review (TAR) has produced—its rise is creating new challenges as fast as we can provide solutions to them. Between distributed data, mobile devices and the never-ending explosive rate of growth for all types of information, eDiscovery has become more complex and harder to navigate every year. The good news is that there are concrete steps businesses can take to address those challenges, starting today.
What are the problems?
Not only do we generate countless types of data—emails, text messages, images, videos, documents, social media posts and chat messages, to name just a few, with new types of data being created every day—but we also store that data in multiple locations. You may find relevant, discoverable information on a computer, on a mobile device, in the cloud or in all of these locations. Identifying, finding and preserving all of this information has made eDiscovery significantly more complex. Yes, our workflows and tools have expanded to readily capture discovery from email systems and standard office document software suites, but data is found on more platforms and locations every day: document-sharing sites, websites, SharePoint, CRM systems like Salesforce, practice-management software and the like. There is potentially discoverable data everywhere you look.
Who owns the information
And who owns what information? If business information is on an employee’s personal computer or personal mobile device because she uses that device pursuant to the company’s bring your own device (BYOD) policy, who owns that data? Who is in control of it? Who can access it? Does the device’s owner have any reasonable expectation of privacy with respect to that data? What about an expectation of privacy in any personal information she has that is commingled with business information?
When mobile devices, which are used for both business and personal purposes, are within the scope of eDiscovery, mining data from them can be a laborious manual process. Because personal and professional information can be intermixed—think of text messages ranging from the mundane to the critical—all the data on the device must be examined and parsed to determine what is and what is not relevant. Not only is this expensive and time-intensive, but it can often be personally intrusive. Sometimes we discover salacious personal information that would not have otherwise been uncovered in the process of extracting discoverable information from mobile devices.
To make matters more complex, mobile device companies are innovating in both hardware and software at lightning speed. Significant changes to operating systems are now commonplace: Apple releases a new iOS annually, along with minor updates and bug fixes throughout the year, and Android updates its system just as frequently. For both computers and mobile devices, eDiscovery vendors must develop, test and validate new processes as quickly as platforms change to produce results that are auditable, repeatable and defensible in court. The courts continue to make it clear that data spoliation and nonproduction can result in serious, case-impacting sanctions. Whatever process a business uses for discovery, it must be reasonable and stand up to judicial scrutiny.
Low cost solutions
Finally, businesses everywhere are drowning in data. The low cost and ready availability of storage solutions means that many companies don’t employ rigorous data-destruction practices. Instead, they keep legacy information around much longer than necessary, unwittingly driving their eDiscovery costs through the roof. Failing to manage and destroy unneeded data can lead to overwhelming costs if a future discovery request places that date range in the scope of discovery.
Human document reviews
Technology itself is helping practitioners keep up with the scope of eDiscovery. The integration of analytics technologies such as email threading, near-duplicate detection and coding propitiation and TAR workflows are replacing massive human document reviews.
Beyond those broad-scale improvements, however, there are three straightforward steps that businesses can take to limit the impacts of distributed data, mobile devices and explosive data growth on eDiscovery.
1. Understand your data
You must know where your data is, what it contains and who controls it if you want to effectively manage your information and contain the costs and burdens of eDiscovery. Work with your IT professionals to create strong, defensible information-governance policies and up-to-date data maps. Having comprehensive knowledge about what types of data your business generates, what data might be relevant and discoverable, where that data is located and who controls its distribution puts you ahead of the curve when it comes time to collect and preserve eDiscovery.
2. Define clear BYOD policies
If your company uses a BYOD policy, clearly define what that policy means both for the company and for the employees who use their personal mobile devices for work. Explain the terms of ownership and control of company and personal data in an employee handbook or in a separate BYOD agreement. Require that your employees sign off on these policies, indicating that they understand their privacy rights, responsibilities and limitations.
These policy terms do more than just simplify eDiscovery: a BYOD policy can also act as an information security policy, safeguarding confidential company information.
3. Eliminate legacy data
Develop strong records retention policies in conjunction with your IT professionals and an independent information-management expert. No matter how cheap your digital storage is, keeping outdated information can be a tremendous waste of company resources. Proactively examine what data you need to keep, what you can delete and how you manage your data archives. This may cause budgeting headaches: litigation is typically categorized as a nondiscretionary budget item, while information governance and records retention both generally fall within discretionary spending. Businesses that do not understand the litigation cost savings gained by strictly managing records and information—which can be in the millions—can end up making poor long-term decisions. Do not fall into the trap of cost being a “today” problem and risk being a “tomorrow” problem.
Limit your data
In short, to control your data in this age of burgeoning technological advances and ceaseless data growth, you must understand, monitor and rigorously limit the data your business holds onto. This comprehensive understanding will allow you to keep eDiscovery as affordable, cohesive and straightforward as possible, no matter where technology takes us.