When to Bring eDiscovery In-house or Move to Cloud Computing?

Over the past 18 months, the “big buzz” in the eDiscovery market has been that the Global 2000 are bringing eDiscovery in house.  The value proposition is that outsourcing to legal vendors, service providers and/or outside counsel is just too expensive.  And, ultimately, ensuring that it (eDiscovery) is done properly (i.e. in a legally defensible manner, etc.) is the responsibility of the General Counsel (GC) and other C level executives (i.e. CIO, CFO, CEO) anyway.

However, what about members of the Global 2000 that don’t have enough litigation to justify bringing it (eDiscovery) in-house?  And, what about all the rest of the enterprises outside of the Global 2000 (the majority of the enterprises worldwide) that never have to deal with the issues and costs of eDiscovery?

First of all, with the inevitable convergence of eDiscovery and Governance, Risk and Compliance (See “ Government Intervention and Oversight Driving the Convergence of eDiscovery and Governance, Risk and Compliance (GRC)”) all enterprises worldwide are going to have to deal with the issues of information management and reporting as it relates to eDiscovery and GRC.
So, just because you never have to respond to requests to produce information due to litigation, it is negligent to not  be prepared (e.g. have a data retention policy and a plan for eDiscovery).  And now, with the accelerating increase in government intervention and oversight, Governance, Risk and Compliance (GRC) are almost certainly going to affect all enterprises worldwide in some way shape or form.

So, given the cost of “outsourcing” along with this inevitable new playing field, when do you bring eDiscovery in-house? Or, given the convergence of eDiscovery and GRC, maybe a better question is when should the enterprise have an  in-house plan and associated capabilities to support whatever legal and/or GRC requests come along?

The answer for some may be to keep outsourcing.  However, those that do had better brush up on their responsibilities (outsourcing or not) as the courts are no longer accepting ignorance as a defense.

Another alternative maybe to investigate Cloud Computing as a cost effective way of moving eDiscovery / GRC in-house without having to invest in all of the IT infrastructure.  Obviously, archiving data (e.g. email) “in the Cloud” has matured to the point where it is almost a “no brainer” for most enterprises to consider (no hate mail from the anti Cloud contingency please as your security concerns are beginning to wear a bit thin).  And, most if not all of the applications that it takes to support eDiscovery / GRC processing such as Early Case Assessment (ECA), Legal Holds, Search and Analytics and Document Review are now available as Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS).  Moving large amounts of data around and maintaining an appropriate chain-of-custody are still issues that need to be watched closely in this environment.

Enterprises worldwide, whether in or outside the Global 2000, are having to deal with the paradigm shift and subsequent realities of eDiscovery and Governance, Risk and Compliance (GRC) reporting.   And, the pressures of the worldwide financial crisis along with the accelerating increase in government intervention and oversight have unfortunately added another layer of complexity.

However, Cloud Computing is now a very viable alternative when considering moving your eDiscovery and GRC operations in-house.