Ease The Pain Of E-Discovery

Here's how three companies have pulled together IT, legal, and other stakeholders to reduce the complexity and cost of finding information when the lawyers come calling.

June 3, 2009

11 Min Read
Network Computing logo

When the Office of Federal Housing Enterprise Oversight was subpoenaed for documents in litigation involving Fannie Mae and Freddie Mac, its IT department thought it had searched every cranny to find relevant e-mails. It turned out the agency overlooked disaster-recovery backups that were stored off-site.

That oversight triggered a legal fight and then a protracted search that resulted in a $6 million discovery bill--a whopping 9% of the office's annual budget.

When it comes to e-discovery costs, $6 million isn't an outlier, which points to the urgency of IT and legal departments working hand in hand to build policies and execute on them when litigation hits. At times, however, IT and legal work at cross-purposes--they don't communicate or, worse, argue over the best approach to collecting electronically stored information that's being called for, often on short notice.

To avoid these squabbles and the mistakes that come out of them, smart companies are creating e-discovery teams led by legal and IT principals, with other stakeholders in the organization brought in as needed. These teams set policies for data retention and preservation, oversee implementation of these policies, and handle e-discovery work related to specific legal cases. We'll look at what three companies--in insurance, telecom, and construction--are doing to make e-discovery the team sport it must be.

Team LeadersOne key component to the smooth operation of these teams is a liaison who coordinates the technical and legal requirements of discovery efforts. In some cases, this liaison may be a tech-savvy paralegal or attorney, but often it's an IT pro.

Brandon D'Agostino, of health insurer Blue Cross Blue Shield of South Carolina, had 10 years of IT experience, including four at BCBS working with application and database servers, when he left to get a law degree. He planned to become a litigator, but before taking the bar heard that Blue Cross was creating a new position--ESI counselor, charged with creating policies for the company's electronically stored information.

"We joke that I have street credibility from the IT department, because I was the guy getting called in at 2 a.m., so I understand what they're going through," D'Agostino says. They may joke, but street cred goes a long way toward smoothing over and anticipating conflicts between IT and the legal counsel's office. That's because a critical part of the liaison's role is to build relationships between the two groups.

You have to have buy-in from key people before a crisis erupts, D'Agostino says. He cultivated relationships with systems experts who work with Tier 1 repositories of information, such as e-mail and file servers, so that when an investigation hits his desk he doesn't have to spend precious time explaining to IT people what the legal department is trying to do.

Another lesson these liaisons have learned is that they need to convince IT that discovery efforts aren't a one-time exercise, and that the scope of any one investigation could easily expand. If legal needs e-mail from 10 people today, D'Agostino makes sure to ask IT what would happen if they end up needing it from 200 instead.

"If you give an IT person a horrible task to do one time, he'll complain," D'Agostino says. "Give it to him 10 times, and he'll find a way to automate it." E-discovery needs can't be attacked with "manual, fly-by-the-seat-of-your-pants processes," he says.

Verizon's director of legal discovery technology, Jaideep Singh, puts it another way: IT must understand that you'll be coming back. Singh, too, has an IT background, having initially worked in IT running billing and order fulfillment systems before moving to the legal department five years ago, where he quickly was pulled into discovery work because of his IT chops. Now he coordinates with the IT groups in charge of key sources of stored data, including e-mail, billing, and human resources systems.

Common GroundLegal-IT liaisons like D'Agostino and Singh generally work with IT on specific phases of the discovery process, like those outlined in the Electronic Discovery Reference Model. Created by George Socha and Tom Gelbman, EDRM lays out the steps required for a discovery process, creating a map for e-discovery that both IT and legal groups have adopted (see chart, "Steps To Discovery", below).

IT's main work in this model comes in the first four steps: information management, identification, preservation, and collection.

The information management phase encourages companies to institute data management policies and technologies that address the creation, retention, and disposition of information, including unstructured content. It's a critical stage for IT and legal teams to work together to make for a smoother and less expensive discovery process.

The relationship between IT and legal faces its real test, however, in the next three phases, when a discovery effort is under way.

The Identification PhaseThis phase focuses on finding all sources of electronically stored data that may be relevant to a legal action. Companies are required to keep such data and eventually may have to provide it to opposing counsel.

Legal departments generally have a rough idea which employees are associated with a legal matter, the time frame within which relevant information may have been produced, and keywords that are likely to lead to relevant data. It's up to the legal department's IT liaison to ensure that all appropriate IT systems will be included in the discovery effort.

It's also up to the IT liaison to dispel the Google myth. "Everybody has a perception that you can go to a screen and do a search, and all of the things relevant to a search are going to pop up," Singh says. Clearly, e-discovery isn't nearly that easy.

Often the key constraint is too few hands to do the work, as many IT organizations have been "cut to the bone," Singh says. In-house counsel shouldn't assume that e-discovery requests will always get priority over other projects that IT staffers are working on.

There are technology obstacles as well. When a discovery tool is used to collect information on desktops or servers at remote locations, coordination is needed with the network operations group to get access to those systems.

Another complication is that potentially relevant information may reside on mission-critical systems, and IT teams get twitchy when outsiders ask to mess with them. D'Agostino looks for workarounds, such as agreeing to read-only access or collecting data during off-peak hours.

Framing the scope of the discovery effort also is critical for IT-legal teams. If an attorney asks for all of a specific employee's e-mails on a certain subject, does IT just need to look in the in-box? What about the "Sent" or other folders? Does the request include locally stored files and ones on flash drives? If the request isn't clear, it will lead to mistakes. "You don't want technology folks interpreting legal requests," D'Agostino says.

Search terms also play a part in determining the scope of a discovery effort. Broad terms will kick back an unwieldy pile of results, as the legal department at Webcor Builders learned the hard way.

"They would say, 'Give me any e-mail about Oracle,'" says Webcor CIO and senior VP Gregg Davis, who also serves as a liaison between the construction company's IT and legal departments. The result was tens of thousands of e-mails when legal needed only a few hundred.

Experiences like this one led Webcor to form a discovery team that includes Davis, two IT administrators, two members each from the legal and HR departments, and people from the business side as needed. Since then, attorneys have been doing a better job coming to IT with refined search terms, specific date parameters, and the specific people whose data is involved, Davis says. As for IT, it has taught attorneys a thing or two about "if-and" statements and other search techniques to produce more accurate results, he says.

The Preservation PhasePreservation, the third stage of the discovery process, is where IT has a major role in protecting potentially relevant information from being destroyed. Companies must keep information not just when litigation's begun, but also when there's a reasonable expectation of legal action. For example, if a company fires an employee and things turn acrimonious, the legal department may issue a preservation notice for that employee's e-mail, HR records, and work files in anticipation of a lawsuit.

In these cases, IT must be able to shut down the machinery of automated deletion. So if the company's document management system purges files after a certain time period, exceptions must be made for data associated with a discovery effort. The same may apply to policies for overwriting backup tapes. Attorneys also rely on IT to put safeguards in place to prevent people from deleting any data that's potentially relevant to a discovery effort from PCs, shared files, and removable media.

IT has two options for preserving data. The first is to copy and move data to a secure repository. The upside to this approach is that IT and legal can be confident that data will be there when it's needed. But it's time-consuming and expensive, and it can be wasteful since many times the data won't ever be subject to legal review or required by the court.

The second option is to preserve data in place, changing user or administrator permissions to prevent people from opening, writing to, or copying the data. Many archives and document management systems let IT place legal holds on information.

Preservation, whether through moving data or keeping it in place, requires IT and legal to work together because large volumes of information may end up on legal hold for months or even years, which will affect storage demands.

The Collection Challenge

The final phase that requires IT involvement is collection. Here, relevant data is gathered and delivered to inside or outside attorneys (sometimes both), who review and analyze it. Based on that analysis, counsel may expand the search, coming back to IT with new names of employees whose data could be relevant to the case, as well as new search terms and date ranges.

Collection must be conducted in a way that preserves the data's integrity, including metadata such as information on when a file was last opened or changed. Where possible, collected information is also expected to be available to counsel in its native file format.

At Blue Cross Blue Shield of South Carolina, D'Agostino collects data himself, operating the discovery software used at the company. Verizon's Singh helps craft requirements and track down locations where relevant data may reside, but the company's security department does the collecting. Verizon chose this approach because its security team is experienced in collecting digital evidence for forensic investigations and knows how best to protect metadata and maintain data's chain of custody.

At Webcor, Davis runs sensitive searches himself. For nonsensitive ones, two trained IT administrators use an e-discovery module that sits on top of the company's e-mail archive. They use terms and date ranges provided by the legal counsel's office to conduct searches. The system is set up so that the administrators don't get to see the results; only the company's attorneys have that access.

It Takes A TeamCompanies can't appoint a legal-IT liaison and consider their work done. E-discovery needs a team that includes, at a minimum, IT and legal representatives, plus people from other areas with major information management responsibilities such as HR and records management. Thomas Smith, a partner and founding member of the e-Discovery Analysis and Technology group at law firm K&L Gates, also recommends a business unit representative who knows how information is used, what the business needs are, and where relevant information resides.

Regular meetings are key, even when there isn't pending litigation. Webcor CIO Davis meets quarterly with counterparts in legal and HR, and they sometimes bring in a business unit executive. The meetings are used to set policies and procedures, and for IT and legal to update each other on the latest trends in their fields that may be relevant to discovery. When a case hits, Davis maps out a strategy with legal counsel and HR for the collection and preservation of relevant information. E-discovery teams at companies where litigation is common tend to meet more frequently.

At Verizon, the e-discovery team takes part in finding and selecting discovery tools, so there's input on the IT, legal, and security needs when testing and choosing products, Singh says.

Some of the most important work e-discovery teams do in regular meetings is to set policies on information retention and disposal. Poor policy can be costly. IT may assume the legal department wants to save every e-mail, when in-house counsel wants IT only to save information that's potentially relevant to a legal action.

In fact, the legal department likely wants IT to delete information when allowed by the law and industry regulations. That reduces the amount of potential information that has to be collected and analyzed, saving on the cost of e-discovery.

"Follow your policies" is one of the first lessons Webcor's Davis and his IT team learned from working with legal counsel. "One of the first questions they ask you in a deposition is, 'Do you ever deviate from policy?'" Davis says. "If you say yes, you have another three hours on the stand. The minute you deviate from policy, you open the door to massive damages."

Opposing counsel is sure to raise questions about a company's ability to maintain control over its data, especially if that data strengthens a company's defense. "But when you show how on top of this you are, you take a lot of wind out of the opposing counsel's sails," Davis says.

Solid e-discovery policies won't guarantee a win in court. But they can ensure that a case isn't lost based on a misstep with data identification, collection, and preservation. Key to this is the strength of the e-discovery team, one that has established comprehensive policies and has mechanisms in place to ensure that those policies are followed.

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights