eDiscovery Processes and Procedures: The Information Analysis Steps Part II of II
Responding to an eDiscovery request is definitely not a task that most enterprise organizations eagerly anticipate. But the pain of an eDiscovery is often a result of poorly written or non-existent internal policies and procedures. An organization that takes the time to put internal policies and procedures in place may not only avoid this scenario but also lower its overall cost of doing an eDiscovery.
In a previous blog entry, I discussed the initial information gathering steps an organization should take when responding to an eDiscovery request. In this blog entry, I take a look at the steps an organization should follow to analyze the electronically stored information (ESI) pertinent to the eDiscovery after it has completed a preliminary collection and identification of the data.
To read steps 1 - 4 in an earlier blog entry, click here.
Step 5 - Collect and preserve a subset of the data. Once the early case assessment is done, organizations can identify a subset of data that satisfies the criteria of the eDiscovery request. Since a legal hold affects present and future records that are involved in litigation, or reasonably anticipate needing in the foreseeable future for pending litigation, organizations should collect and preserve this data in an unalterable format for further review and analysis. This subset of data may either be kept in-place or in a secure, targeted repository. However to try to cover legal hold is one bullet point is an oversimplification of the process since it is such an important aspect of preservation so DCIG will cover this more thoroughly in a future blog entry.
Step 6 -Analyze the collected information. Now that a subset of the ESI is collected and preserved, an organization needs to analyze it so only ESI that is germane to the eDiscovery request is shared. To do this, an organization needs software that analyzes the ESI. The software should perform simple or complex search queries against the collected ESI with reports that contain sufficient detail to determine which ESI is relevant to the eDiscovery request.
Searching and analyzing the ESI is easier said than done. The collected ESI may exist in any of a number of common file types (Adobe Acrobat files, Excel spreadsheets, Word Documents, etc.), less common file formats (Lotus 1-2-3, WordPerfect) and email repositories. Further, the search should support the creation of complex search queries that do more than just match specific words. It needs to examine the context of the data within the emails and files so only the results most germane to the search criteria are returned.
Step 7 - Perform further analysis and review in-house. An article entitled "eDiscovery Attorneys: Hot or Not?" that appeared a couple of years ago on Law.com included a statement that said, "The problem with eDiscovery is that the laws and technology are imperfect." The article goes on to point out that there even though there are tremendous number of vendors, consultants and law firms, reasonable eDiscovery expectations are incredibly difficult to set.
While those statements are still true, one statement that the article goes on to make that has changed in the last two years is that the technology your firm uses will be no different than what is used by third party vendors. The fact is that the eDiscovery software that organizations use in-house may well be different than what outside vendors use to perform eDiscoveries. Vendors tend to use eDiscovery software that focus primarily on the initial processing, review and analysis. But as organizations bring the eDiscovery in-house and continue to further analysis and review, they will find that software from other vendors such as Kazeon Systems are better suited for ongoing analysis and review in-house since is it also addresses these aspects as well as the management and preservation of data.
Step 8 - Continually refine the eDiscovery process to make it forensically pure. The eDiscovery task is already complex and bound to become more so in coming years. Therefore the onus is on companies to maintain the integrity of ESI subject to a legal hold for whatever the duration is of the legal hold. Minimally this will require companies to maintain an audit log that tracks how ESI data subject to the legal hold is accessed. Information the audit log needs to capture includes what the data and time the ESI data was accessed, who accessed it and what data they viewed. Further, depending on the duration of the legal hold (which can last years or even decades) organizations may need to copy and store the ESI to an appropriate form of media that further helps to preserve the integrity of the data.
How information is stored will also change over time and a company needs to adapt its eDiscovery policies and procedures to match these changes. Already high capacity, consumer storage devices make it easier for individuals to store ESI outside of corporate networks and the growing interest in companies storing their ESI with Internet providers in the form of cloud storage is bound to create new dilemmas in performing eDiscoveries.
Responding to an eDiscovery request is not a task that any organization particularly enjoys but it is now a part of how organizations need to expect to do business. No company should assume that it is immune from the possibility of an eDiscovery. If anything, organizations should assume exactly the opposite - that at some point they will be subject to an eDiscovery request and probably sooner rather than later. It is because of reasons like this that organizations should put in place eDiscovery policies and procedures so they know how to act when they are confronted with an eDiscovery request as well as take the initiative to obtain solutions like the Kazeon Information Server so organizations can access, search and produce information germane to that request.
In a previous blog entry, I discussed the initial information gathering steps an organization should take when responding to an eDiscovery request. In this blog entry, I take a look at the steps an organization should follow to analyze the electronically stored information (ESI) pertinent to the eDiscovery after it has completed a preliminary collection and identification of the data.
To read steps 1 - 4 in an earlier blog entry, click here.
Step 5 - Collect and preserve a subset of the data. Once the early case assessment is done, organizations can identify a subset of data that satisfies the criteria of the eDiscovery request. Since a legal hold affects present and future records that are involved in litigation, or reasonably anticipate needing in the foreseeable future for pending litigation, organizations should collect and preserve this data in an unalterable format for further review and analysis. This subset of data may either be kept in-place or in a secure, targeted repository. However to try to cover legal hold is one bullet point is an oversimplification of the process since it is such an important aspect of preservation so DCIG will cover this more thoroughly in a future blog entry.
Step 6 -Analyze the collected information. Now that a subset of the ESI is collected and preserved, an organization needs to analyze it so only ESI that is germane to the eDiscovery request is shared. To do this, an organization needs software that analyzes the ESI. The software should perform simple or complex search queries against the collected ESI with reports that contain sufficient detail to determine which ESI is relevant to the eDiscovery request.
Searching and analyzing the ESI is easier said than done. The collected ESI may exist in any of a number of common file types (Adobe Acrobat files, Excel spreadsheets, Word Documents, etc.), less common file formats (Lotus 1-2-3, WordPerfect) and email repositories. Further, the search should support the creation of complex search queries that do more than just match specific words. It needs to examine the context of the data within the emails and files so only the results most germane to the search criteria are returned.
Step 7 - Perform further analysis and review in-house. An article entitled "eDiscovery Attorneys: Hot or Not?" that appeared a couple of years ago on Law.com included a statement that said, "The problem with eDiscovery is that the laws and technology are imperfect." The article goes on to point out that there even though there are tremendous number of vendors, consultants and law firms, reasonable eDiscovery expectations are incredibly difficult to set.
While those statements are still true, one statement that the article goes on to make that has changed in the last two years is that the technology your firm uses will be no different than what is used by third party vendors. The fact is that the eDiscovery software that organizations use in-house may well be different than what outside vendors use to perform eDiscoveries. Vendors tend to use eDiscovery software that focus primarily on the initial processing, review and analysis. But as organizations bring the eDiscovery in-house and continue to further analysis and review, they will find that software from other vendors such as Kazeon Systems are better suited for ongoing analysis and review in-house since is it also addresses these aspects as well as the management and preservation of data.
Step 8 - Continually refine the eDiscovery process to make it forensically pure. The eDiscovery task is already complex and bound to become more so in coming years. Therefore the onus is on companies to maintain the integrity of ESI subject to a legal hold for whatever the duration is of the legal hold. Minimally this will require companies to maintain an audit log that tracks how ESI data subject to the legal hold is accessed. Information the audit log needs to capture includes what the data and time the ESI data was accessed, who accessed it and what data they viewed. Further, depending on the duration of the legal hold (which can last years or even decades) organizations may need to copy and store the ESI to an appropriate form of media that further helps to preserve the integrity of the data.
How information is stored will also change over time and a company needs to adapt its eDiscovery policies and procedures to match these changes. Already high capacity, consumer storage devices make it easier for individuals to store ESI outside of corporate networks and the growing interest in companies storing their ESI with Internet providers in the form of cloud storage is bound to create new dilemmas in performing eDiscoveries.
Responding to an eDiscovery request is not a task that any organization particularly enjoys but it is now a part of how organizations need to expect to do business. No company should assume that it is immune from the possibility of an eDiscovery. If anything, organizations should assume exactly the opposite - that at some point they will be subject to an eDiscovery request and probably sooner rather than later. It is because of reasons like this that organizations should put in place eDiscovery policies and procedures so they know how to act when they are confronted with an eDiscovery request as well as take the initiative to obtain solutions like the Kazeon Information Server so organizations can access, search and produce information germane to that request.
Leave a comment