Electronic evidence and e-discovery forum 2009 and ESI Trends

26
Oct
2009

Joanna Goodman

Legal IT Professionals was selected as media partner to the electronic evidence and e-discovery forum 2009, held at the Victoria Park Plaza Hotel in London on 20th and 21st October. Joanna Goodman reports from the event.

The Electronic evidence and e-discovery forum 2009 was organised by AKJ Associates, which organises events focusing on business risk, corporate strategy and security management – key elements in managing electronically stored information (ESI) and e-discovery.

The timing of the event was fortuitous, coming only a couple of weeks after the 8 October judgment in the case of Earles v. Barclays Bank Plc by His Honour Judge Simon Brown QC in which Barclays’ award of costs was reduced due to its failure to conduct adequate searches of its electronic data.

It also coincided with the release of sponsor Kroll Ontrack’s 3rd Annual ESI Trends Report which focused on three key themes: preparedness, response and security. This article highlights the main topics running through the report and the event.

ESI Trends Report
While most organisations have a document retention policy, significantly fewer have an ESI discovery readiness strategy. This gap indicates a false sense of security that the existence of a document retention policy is adequate to protect organisations in the event of litigation or other events requiring ESI. The key findings bear this out:

• Only 56% of respondents believe that their ESI disclosure policy is repeatable and defensible. 14% of UK and 28% of US companies surveyed strongly agree that their e-discovery policy or strategy is repeatable and defensible;
• Only 39 % of UK and 57% percent of US companies surveyed have a mechanism to preserve potentially relevant data when litigation or a regulatory investigation occurs;
• 54% of UK and 63% of US companies surveyed believe the need to produce ESI for litigation and or an investigation has increased in the past 12 months. Despite this, less than half of companies have updated their ESI discovery policies to include newly utilised corporate technologies and channels such as virtualization and social networking sites;
• Moreover, UK and US businesses report experiencing an average of at least one data breach annually, proving effective ESI risk management is further complicated by security considerations.

The report concluded that it is now time for organisations to implement practices and strategies to help them manage the risks and costs involved in e-discovery.

Strategic considerations
The implications of getting e-discovery wrong, coupled with the fact that spending on e-discovery has doubled in the past year mean that it is top of mind for many businesses. The Electronic evidence and e-discovery forum attendees were an even mix of legal and IT experts.

Presentations agreed on the need to take strategic approach to reducing data volume, increasing efficiency and controlling costs. An effective e-disclosure readiness strategy requires clear leadership and project management, bringing together legal, IT and other relevant functions.

The globalisation of business has broken down geographical and cultural boundaries and businesses and individuals routinely access and exchange ESI. Advances in technology means that ESI exists in more formats and platforms than ever before. It is not simply that letters, memos and documents have transferred from paper to electronic documents, e-mails and instant messages; there is also audio in the form of voicemail, text messages, images, call records and other information stored on  mobile phones and BlackBerrys as well as Web 2.0 applications and social networking sites.

Technology is both the problem and the solution. Advances in technology and developments in the way that businesses and individuals use and access data creates constant challenges, and software tools are continually developed to address them. It is critical to keep up with what is available and decide what is appropriate – and cost effective – for your business and apply it accordingly. As one speaker said, software can conduct complex analysis, but it cannot make decisions. Education seminars presented a selection of cutting-edge tools for identifying, collecting, processing, filtering and reviewing different types of ESI.

A significant challenge driven by globalisation and developments in information and communication technology is the lack of a universal e-discovery model. Kroll Ontrack led a discussion examining some pitfalls of the Electronic Discovery Reference Model (EDRM) in the light of rapid advances in technology and changing working patterns and behaviours and the potential for further developments. The situation is complicated further by contradictory rules and regulations in different jurisdictions, when, for example, a US organisation requests documents from its EU subsidiaries.

The way forward for international businesses and law firms handling cross-border e-discovery is to distil best practice into a standardised approach. Kroll Ontrack presented a model based on defensibility, proportionality, co-operation and cost control which outlines the key decisions that need to be taken at each stage of the EDRM.

Risk and readiness
The sheer volume of rapidly increasing volume of electronically stored information (ESI) that businesses produce means that e-discovery is more time consuming and expensive than ever.

Therefore businesses need to find ways to identify, capture and analyse only ESI that is required and relevant, while minimising the risk of missing potentially relevant information. This means focusing on e-disclosure readiness. One presenter outlined four key action points:

• Prepare a data map
• Decide what to handle in house and where to use third parties
• Develop joint approaches
• Prepare supporting materials

The benefits include hard savings in time and money and soft savings in terms of reducing risk and improving the quality of investigations.

E-discovery readiness requires leadership and designating responsibility for various stages in the e-discovery process. There was general agreement that it is important to appoint a gatekeeper to stay on top of the process and keep it on track. It is equally important for legal and IT to work together. ESI Trends found that in 21% of companies surveyed in the UK and 35% of companies in the US responsibility for ESI disclosure strategy lies jointly with IT and in-house legal counsel. In a further 20% of UK companies and 11% of US companies, responsibility lies with a cross-functional team.

Early case assessment, scoping the project at the outset contributes to volume reduction and cost savings. Several presenters emphasised that the age of data is a crucial factor. If you do need to access older data, important considerations include accessing legacy systems and software and retrieving data from decommissioned hardware.

In-house or outsourced
Managing e-discovery in house is expensive, but the benefits include saving time and the ability to devise a tailored yet standardised approach. Many organisations combine in-house and external provision.

Organisations – including law firms – are increasingly outsourcing their IT services and entrusting ESI to the cloud. Managing e-discovery in an outsourced environment is an area that is likely to attract more attention as more businesses turn to third parties to manage their IT services.

Ideally, the person with responsibility for e-discovery will have a grasp of the legal and IT issues so that they can manage contracts with both outsourcers and e-discovery software suppliers. Depending on which services are outsourced, the outsourcer may not be geared up to large-scale discovery, in which case an external technical e-discovery provider will add value to an e-discovery strategy. Many firms outsource help desk services or utilise web-based email services. E-discovery readiness should include examining and, if necessary, amending contracts and service level agreements. In terms of external suppliers, key considerations include equipment repair, hardware swap outs and software upgrades.

Massive data volumes, remote and mobile working and dealing with ESI in different formats and locations complicate the situation, as do conflicting data protection and privacy rules.

Advanced tools and techniques have been developed to address these challenges. Visual analytics (the Centre for the Investigation of Financial Electronic Records), audio e-disclosure (Autonomy), mobile device and mobile phone forensics (Stroz Friedberg) and country-specific issues arising in complex cross-border investigations (PricewaterhouseCoopers) were just a few of the topics covered.

Choosing an external e-discovery supplier
Several speakers touched on the considerations involved in selecting suppliers. Put simply, this is about identifying the extent and nature of the external support you require. Cost is obviously a significant factor. Detailed recommendations are provided by The Sedona Conference Working Group on Electronic Document Retention and Production http://www.thesedonaconference.org/ediscovery_html which was recommended by several keynote speakers.

When analysing external e-discovery, look for gaps in provision. Concern was expressed about vendors with untested claims, so it is important to find out what a product or service does and doesn’t do. Test your e-discovery tools for gaps in coverage before you have to put your strategy into action. Examples might include Excel spreadsheets with passwords, PDFs with embedded data, legacy systems and applications.

Monitor new and evolving technologies and their implications for e-discovery and consider whether the latest tools and techniques apply to the risks faced by your organisation.

Key messages to take away
Here are some of the key messages from the report and the event:

• Take a proactive project management approach. Develop an e-discovery readiness strategy and conduct test exercises.
• Understand the risks. This means keeping up to date with regulatory and legal requirements and knowing your rights – you may not have to disclose everything.
• Understand and manage relevant ESI – where does it reside and who is responsible for it?
• Communication is critical to devise and deliver effective e-discovery policies. Establish lines of communication between IT, lawyers, managers and suppliers. Establish who is responsible for gathering information. Develop and implement effective data management and retention policies. Define the scope of scope of each project at the outset.
• Keep a meticulous log of every stage in the e-discovery process. As well as providing a valuable audit trail and helping to manage costs, this record will provide key learnings and shape future policies and procedures. “What is the worst possible way to do e-discovery? Do it twice!” said one presenter. Given the escalating cost of e-discovery, it is likely that most attendees agreed wholeheartedly.

Finally, an unlikely e-discovery guru emerged – Donald Rumsfeld! Several presenters cited his famous quotation: “There are known knowns. These are things we know that we know. There are known unknowns. That is to say, there are things that we know we don’t know. But there are also unknown unknowns. There are things we don’t know we don’t know.” Successful e-discovery means avoiding as far as possible the “unknown unknowns”.