Among his points one in particular stood out to me: the question of how much eDiscovery to bring in-house. His answer is that "no one size fits all." Quite right. My related answer is the infamous "it depends." I have been seeing a big press push towards internalizing eDiscovery, but not every company can or should bring more eDiscovery processes in-house.
The thing to remember is that the eDiscovery process is not monolithic. It is a complex workflow comprised of many stages, each of which has its own set of sub-stages. The corporate question to ask is not "should I bring eDiscovery in-house," but "how cost-effective is it to bring specific stages of eDiscovery in-house?"
For example, start with these questions:
- How deeply is my company invested in records and data management?
- How centralized is my storage infrastructure? (Or not?)
- How do we preserve potentially relevant ESI now? How well is that working for us? (Hint: Emailing data custodians and telling them not to delete their emails does not constitute preservation.)
- Is the GC staffed for internal review? If so, at which point does review happen in-house? Tier 1 initial review or upper tier review of sensitive data?
- Are there issues with processing, loading and ingesting data for review?
- Is the corporate culture comfortable with hosting relevant ESI outside the firewall?
- How involved is the company in producing reviewed data for the court or opposing counsel?
There are other questions to ask. The point is to take each eDiscovery stage and clarify how your company treats it now and how they might treat it for minimum risk and maximum efficiency. Note that this is not a legal department-only question; the attorneys must involve IT with more than lip service.