Bridging the Gap Between Legal and IT (Part 1)

28
Jul
2010

Legal discovery, or ediscovery, has become a normal business process in most organizations. Perhaps not as frequently used as a sales force automation tool, but at times perhaps more important. With increasingly demanding rules for legal discovery and production, there is a critical need for what is becoming a near constant proactive review of the information held within the enterprise. Given the exploding amount of information and the growing number of sources where business information can reside, the legal discovery business process is now much more than a “sideline” activity that can be run from some small scale appliance under the desk of a legal professional.

The need for robust review of information stores for legal and regulatory reasons has made the legal discovery process a mainstream issue for IT. In this article, we’ll explore the current approaches to ediscovery and the challenges these approaches bring to Legal IT Professionals (the readers of this very publication) and how the right IT tools can help make the ediscovery and governance process more reliable, efficient and affordable.

The Problem
The legal department and regulatory officers of any FORTUNE 500 company require knowledge about electronic data stored within the enterprise. They are routinely asked to produce all data pertinent to a legal matter or regulatory filing. This may seem like a simple task however, since the data is not in one place there is no searchable representation of the data that can easily confirm that everything pertinent to a matter has been found. Beyond this, the process of collecting and producing data that has been found is tedious and prone to error. In current practice, a team of discovery professionals is sent on-site, paid a large fee, and the data is collected, sent out for processing at large per gigabyte rates ($1,000-$1,500 per gigabyte) and the 25-30% of the total  found relevant to keyword searching is produced for opposing counsel or regulators to review. This is an expensive and time-consuming proposition.

Please see Figure One (click to enlarge) for an idealized view of the challenges that an IT organization must face to meet the demands of the Legal or Regulatory officers within a company. Many locations with different characteristics must be searched individually. Then the data found in each repository must be collected manually. The expense that most companies face when attempting to address this problem becomes prohibitive when the realities of how much data exists within an organization are confronted.

Early Responses
Early responses to this problem have been focused in two areas:

1. The “Email Archive” approach
2. The “appliance under a desk” approach

Email Archive Approach
The legal department of many companies first realized that the enterprise IT group must build infrastructure that can retain email as business records. This was a good first response and was successful in establishing an initial platform for responding to many discovery related requests. There are a few problems with this however:

1. Discovery operations undertaken within the archive began displaying that there were many records that “leak” outside the archive boundaries. Emails relevant to a matter were sent outside of the organization, for example. These emails are then outside the protected reach of the email archive and become invisible to its discovery capabilities.
2. The size of the archive in many cases has outstripped the search scalability of the ediscovery modules that ship with the initial archive software. IT professionals in many cases have been unable to find things within the archive because of its sheer size.
3. The archive comes to contain many duplicate documents; most archive packages cannot eliminate these duplicates. This gives IT the headache of maintaining large amounts of unnecessary storage and having to provision more for the archive on a regular basis. Producing data becomes more costly and time-consuming as a result and often cannot be completed within acceptable timeframes.
4. Because of the above issues, data must be removed from the archive and placed into another system for analysis and production. This can lead to errors within the process of handling and producing relevant and legally defensible data. Data can be missed, its meta data can be altered, and the chain of custody for data can be impaired as a result of having to remove data from an archive before analyzing that it could be relevant to a case.

Necessary But Not Sufficient
All of these conditions make the archive a necessary but incomplete solution for legal and regulatory requirements. IT professionals routinely recognize that they need some scalable means by which they can access and manage the contents of an email archive beyond the stock tools it provides.

Beyond these issues, IT also realize that there is so much information outside the archive that qualifies for discovery (in SharePoint servers, back-up systems and on NT File Stores) that a general ediscovery system that can scale across both the archive and the other infrastructure is necessary to address discovery.

Appliance under a Desk Approach
The early response to the growing problem of ediscovery was that a legal professional would assume the role of “litigation theorist” and obtain an appliance solution for searching and viewing limited amounts of emails and other documents. Before the implementation of archive software and other ediscovery infrastructure products, this was a solution that provided the lawyer some insight into the current data within an Exchange mailbox or other repository that was limited in size and scope.
The only problem with this was that the data volume related to most matters under investigation soon outstripped the solution. The manual nature of the process also opened the possibility of spoiling data. When the IT group responded with the introduction of an email archive to retain data as business records, it became clear that there were so many of them that an appliance solution would not work as a part of a robust business process.

A Good Try; Bigger Thinking Required
As legal professionals came to understand this as well, the appliance approach was quickly seen as incomplete. The appliance is still part of the final pre-review process at many firms, but it is no longer seen as a solution in itself. Due to the critical nature of the problems around legal discovery and regulatory response, and the growing importance of these functions it was clear that the legal and IT departments had to craft a common solution. Beyond the need for the Legal IT professional, there is a need to supply this person with the right tools. In Part 2 of this article, we’ll cover more of what the ideal IT model looks like for ediscovery and governance and the benefits it brings to the enterprise.

[Part 2 can be found here]