This Page

has been moved to new address

The eDiscovery Paradigm Shift

Sorry for inconvenience...

Redirection provided by Blogger to WordPress Migration Service
----------------------------------------------------- Blogger Template Style Name: Snapshot: Madder Designer: Dave Shea URL: / Date: 27 Feb 2004 ------------------------------------------------------ */ /* -- basic html elements -- */ body {padding: 0; margin: 0; font: 75% Helvetica, Arial, sans-serif; color: #474B4E; background: #fff; text-align: center;} a {color: #DD6599; font-weight: bold; text-decoration: none;} a:visited {color: #D6A0B6;} a:hover {text-decoration: underline; color: #FD0570;} h1 {margin: 0; color: #7B8186; font-size: 1.5em; text-transform: lowercase;} h1 a {color: #7B8186;} h2, #comments h4 {font-size: 1em; margin: 2em 0 0 0; color: #7B8186; background: transparent url( bottom right no-repeat; padding-bottom: 2px;} @media all { h3 { font-size: 1em; margin: 2em 0 0 0; background: transparent url( bottom right no-repeat; padding-bottom: 2px; } } @media handheld { h3 { background:none; } } h4, h5 {font-size: 0.9em; text-transform: lowercase; letter-spacing: 2px;} h5 {color: #7B8186;} h6 {font-size: 0.8em; text-transform: uppercase; letter-spacing: 2px;} p {margin: 0 0 1em 0;} img, form {border: 0; margin: 0;} /* -- layout -- */ @media all { #content { width: 700px; margin: 0 auto; text-align: left; background: #fff url( 0 0 repeat-y;} } #header { background: #D8DADC url( 0 0 repeat-y; } #header div { background: transparent url( bottom left no-repeat; } #main { line-height: 1.4; float: left; padding: 10px 12px; border-top: solid 1px #fff; width: 428px; /* Tantek hack - */ voice-family: "\"}\""; voice-family: inherit; width: 404px; } } @media handheld { #content { width: 90%; } #header { background: #D8DADC; } #header div { background: none; } #main { float: none; width: 100%; } } /* IE5 hack */ #main {} @media all { #sidebar { margin-left: 428px; border-top: solid 1px #fff; padding: 4px 0 0 7px; background: #fff url( 1px 0 no-repeat; } #footer { clear: both; background: #E9EAEB url( bottom left no-repeat; border-top: solid 1px #fff; } } @media handheld { #sidebar { margin: 0 0 0 0; background: #fff; } #footer { background: #E9EAEB; } } /* -- header style -- */ #header h1 {padding: 12px 0 92px 4px; width: 557px; line-height: 1;} /* -- content area style -- */ #main {line-height: 1.4;} {font-size: 1.2em; margin-bottom: 0;} a {color: #C4663B;} .post {clear: both; margin-bottom: 4em;} .post-footer em {color: #B4BABE; font-style: normal; float: left;} .post-footer .comment-link {float: right;} #main img {border: solid 1px #E3E4E4; padding: 2px; background: #fff;} .deleted-comment {font-style:italic;color:gray;} /* -- sidebar style -- */ @media all { #sidebar #description { border: solid 1px #F3B89D; padding: 10px 17px; color: #C4663B; background: #FFD1BC url(; font-size: 1.2em; font-weight: bold; line-height: 0.9; margin: 0 0 0 -6px; } } @media handheld { #sidebar #description { background: #FFD1BC; } } #sidebar h2 {font-size: 1.3em; margin: 1.3em 0 0.5em 0;} #sidebar dl {margin: 0 0 10px 0;} #sidebar ul {list-style: none; margin: 0; padding: 0;} #sidebar li {padding-bottom: 5px; line-height: 0.9;} #profile-container {color: #7B8186;} #profile-container img {border: solid 1px #7C78B5; padding: 4px 4px 8px 4px; margin: 0 10px 1em 0; float: left;} .archive-list {margin-bottom: 2em;} #powered-by {margin: 10px auto 20px auto;} /* -- sidebar style -- */ #footer p {margin: 0; padding: 12px 8px; font-size: 0.9em;} #footer hr {display: none;} /* Feeds ----------------------------------------------- */ #blogfeeds { } #postfeeds { }

Thursday, May 20, 2010

When to Bring eDiscovery In-house or Move to Cloud Computing?

Over the past 18 months, the “big buzz” in the eDiscovery market has been that the Global 2000 are bringing eDiscovery in house.  The value proposition is that outsourcing to legal vendors, service providers and/or outside counsel is just too expensive.  And, ultimately, ensuring that it (eDiscovery) is done properly (i.e. in a legally defensible manner, etc.) is the responsibility of the General Counsel (GC) and other C level executives (i.e. CIO, CFO, CEO) anyway.

However, what about members of the Global 2000 that don’t have enough litigation to justify bringing it (eDiscovery) in-house?  And, what about all the rest of the enterprises outside of the Global 2000 (the majority of the enterprises worldwide) that never have to deal with the issues and costs of eDiscovery?

First of all, with the inevitable convergence of eDiscovery and Governance, Risk and Compliance (See “ Government Intervention and Oversight Driving the Convergence of eDiscovery and Governance, Risk and Compliance (GRC)”) all enterprises worldwide are going to have to deal with the issues of information management and reporting as it relates to eDiscovery and GRC.
So, just because you never have to respond to requests to produce information due to litigation, it is negligent to not  be prepared (e.g. have a data retention policy and a plan for eDiscovery).  And now, with the accelerating increase in government intervention and oversight, Governance, Risk and Compliance (GRC) are almost certainly going to affect all enterprises worldwide in some way shape or form.

So, given the cost of “outsourcing” along with this inevitable new playing field, when do you bring eDiscovery in-house? Or, given the convergence of eDiscovery and GRC, maybe a better question is when should the enterprise have an  in-house plan and associated capabilities to support whatever legal and/or GRC requests come along?

The answer for some may be to keep outsourcing.  However, those that do had better brush up on their responsibilities (outsourcing or not) as the courts are no longer accepting ignorance as a defense.

Another alternative maybe to investigate Cloud Computing as a cost effective way of moving eDiscovery / GRC in-house without having to invest in all of the IT infrastructure.  Obviously, archiving data (e.g. email) “in the Cloud” has matured to the point where it is almost a “no brainer” for most enterprises to consider (no hate mail from the anti Cloud contingency please as your security concerns are beginning to wear a bit thin).  And, most if not all of the applications that it takes to support eDiscovery / GRC processing such as Early Case Assessment (ECA), Legal Holds, Search and Analytics and Document Review are now available as Infrastructure-as-a-Service (IaaS), Platform-as-a-Service (PaaS) and Software-as-a-Service (SaaS).  Moving large amounts of data around and maintaining an appropriate chain-of-custody are still issues that need to be watched closely in this environment.

Enterprises worldwide, whether in or outside the Global 2000, are having to deal with the paradigm shift and subsequent realities of eDiscovery and Governance, Risk and Compliance (GRC) reporting.   And, the pressures of the worldwide financial crisis along with the accelerating increase in government intervention and oversight have unfortunately added another layer of complexity.

However, Cloud Computing is now a very viable alternative when considering moving your eDiscovery and GRC operations in-house.

Labels: , , , , , , , , , ,

Wednesday, May 19, 2010

Government Intervention and Oversight Driving the Convergence of eDiscovery with Governance, Risk and Compliance (GRC)

With the accelerating increase in the volume of Electronically Stored Information (ESI) along with increased government intervention and oversight, enterprises worldwide are experiencing an unprecedented increase in investigations and reporting  for eDiscovery and Governance, Risk  and Compliance (GRC).   With the financial pressures from today’s economic realities to reduce costs, you would have guessed that most enterprises would be investigating internalizing and centralizing the common activities of eDiscovery and GRC. 

However, as humorous, unbelievable or sad (or some combination of all three) as it may seem, this has just not been the case.

Historically, eDiscovery has been a reactive and outsourced process with little or no involvement from the Information Technology (IT) departments and Governance, Risk and Compliance (GRC) has been something that the “bean counters” will worry about.

However, in 2010 and beyond with increased government intervention and oversight in just about every aspect of the corporate world,  enterprises worldwide are beginning to realize that eDiscovery and all of its associated practices and requirements and Governance, Risk and Compliance (GRC) and all of its associated practices and requirements, may actually be “one- in-the-same” from many respects.  In other words, these previously disparate and most times redundant practices of eDiscovery and Governance, Risk and Compliance (GRC) are converging.

After all, how “forward thinking” do you need to be to “step back” from the daily complications of Global 2000 Information Technology (IT) and realize that, at some level and with a few paragraphs of caveats, it would be a “good thing” to retain all of this Electronically Stored Information (ESI) in some centralized repository, hook up one of today’s analytic platforms and then enable anyone within the enterprise, including eDiscovery and Governance, Risk and Compliance (GRC) practitioners to extract the ESI that they need to full their requirements.

Well, if you throw Data Retention Policy along with enterprise intra and inter divisional politics and inability of legacy systems to talk to one another into the mix, it may be a bit more complicated that I have portrayed. And, if you consider the legal requirements and associated ramifications incumbent in collecting and process ESI for a legal matter, eDiscovery does have its fair share of subtle nuiaces to consider.

However, the fact remains that from a pure financial standpoint. most enterprises world wide will have no viable options short of “continuing to drop the ball” but to integrate and converge eDiscovery and Governance, Risk and Compliance (GRC). 

Looking at this issue from an “investigative” standpoint, Albert Barsocchini, Guidance Software, wrote an excellent article that appeared on May 14, 2010 on the Wall Street and Technology Website titled, “Financial Institutions Now Taking a Holistic Approach to eDiscovery, Internal Investigations and Compliance”.

In this article, Mr. Barsocchini states that, “The 2009 financial meltdown has resulted in new lawsuits and the possibility of increased regulation for many financial firms. Pending legislation that will boost regulation of big banks and hedge funds are two recent examples of this trend. Similarly, legal action against Wall Street firms such as Goldman Sachs, Lehman Brothers and others illustrate the increasing need to be able to respond to an increase in both civil and criminal legal inquiries.”

He goes on to contend that, “These trends are driving a trend toward the corporate legal departments at financial institutions taking a unified approach on the mission critical functions of internal investigations, eDiscovery, audit and compliance. This has now become a boardroom-level issue. “

The “perfect storm is” is here and therefore it is time to stop debating about whether or not it is coming.  It is now time to debate how to deal with it.  Therefore, over the next 90 days, I am planning to evaluate and report on the “best-in-class” technologies and best practices that will provide the foundation for this convergence to occur.  I am also going to be reporting on several successful case studies.  So, I invite technology vendors, consultants and enterprises worldwide to contribute input and comments.  I look forward to hearing from you.

The full text of Mr. Barsocchini’s article is as follows:
The 2009 financial meltdown has resulted in new lawsuits and the possibility of increased regulation for many financial firms. Pending legislation that will boost regulation of big banks and hedge funds are two recent examples of this trend. Similarly, legal action against Wall Street firms such as Goldman Sachs, Lehman Brothers and others illustrate the increasing need to be able to respond to an increase in both civil and criminal legal inquiries.
These trends are driving a trend toward the corporate legal departments at financial institutions taking a unified approach on the mission critical functions of internal investigations, eDiscovery, audit and compliance. This has now become a boardroom-level issue.

Internal investigations can include issues involving human resource, fraud, unauthorized network access and intellectual property theft. eDiscovery can include both civil and criminal evidence collections as well as regulatory inquiries. Compliance covers data audit (personal identifiable information, record management enforcement, etc.), data security, HIPAA, Sarbanes-Oxley (SOX) fraud investigations, to name a few.
Traditionally, these types of investigations have been conducted by separate corporate departments and rarely have they been brought under one roof from a technology or departmental resource point of view.
Challenges Driving Convergence But recently, there has been a clear shift to consolidate these areas for efficiency, cost-effectiveness and other internal reasons. Companies are realizing that these departments can no longer operate in isolation and still meet today’s challenges.

There are a variety of challenges driving convergence, including increased litigation and internal investigations, the pressures of evolving case law, increasing volumes of data, reliance on smaller staffs and complex data privacy laws.

There’s also the possible need to defend the technology used in the investigation to prove that the computer program used to discover the computer evidence (ESI) generated authentic evidence. In these cases, the proponent of the evidence must testify to the validity of the program or programs utilized in the process. Daubert v. Merrell Dow Pharmaceuticals, Inc, 509 U.S. 579, 113 S.Ct. 2786, 125 L.Ed.2d 469 (1993) is a landmark U.S. Supreme Court decision that sets forth a legal test to determine the validity of scientific evidence and its relevance to the case at issue. On the other hand, in state courts we see the Frye v. United States, 293 F. 1013 (D.C. Cir. 1923) test employed which is used to determine whether a scientific technique for obtaining, enhancing or analyzing evidence is generally accepted within the relevant scientific community as a valid process.

Judges are also behind this convergence trend, advocating that companies bring eDiscovery in house. For example in Phillip M. Adams & Assocs., L.L.C. v. Dell, Inc., 2009 U.S. Dist. LEXIS 26964 (D. Utah Mar. 27, 2009) the court scolded the producing party, Phillip Adams, for not having appropriate technology to reasonable access potentially relevant electronically stored information (ESI). The court found it unacceptable for a party to hide behind inadequate information management systems as the reason why it could not produce relevant documents.

In Spieker v. Quest Cherokee, LLC, 2009 WL 2168892 (D. Kan. July 21, 2009) the court admonished the defendant for claiming they did not have the ability to generate the requested ESI materials in-house. "This court is aware of no case where a party has been excused from producing discovery because its employees ‘have not previously been asked to search for and/or produce discovery materials.”

Investigations are Similar in Nature

The typical investigation, no matter what practice area, tends to be reactive. Because every investigation is triggered by misconduct or legal proceedings, it is tempting to conduct every investigation in an ad hoc manner without any consistency. The more effective model is to conduct the investigation in a consistent manner under one roof using a single technology, if possible.

The ties that bind these internal inquiries are: they all have legal consequences and they all require similar investigation processes and techniques with similar consequences if not performed correctly. For example, the normal information security response to a network intrusion is to determine the scope of the breach, identify what data was compromised and patch the vulnerability. However, if these are not investigated properly, the company will not have the necessary evidence to properly prosecute a perpetrator either civilly or criminally. The information security department now needs to collect evidence properly according to forensic protocols and procedures for court validity, while at the same time doing their job to fix the breach.

Additionally, the typical triggering events (criminal misconduct, security breach, litigation, employee complaints, ethics hotlines, receipt of a subpoena, whistleblowers, competitors and customers, shareholder demands, regulatory audits and inquiries, responding to governmental investigations) for eDiscovery, compliance, security and audit requires immediate involvement from the legal department before any type of investigation can be initiated.

Legal-Centric Approach

Depending on the type of event trigger, the legal department should always be the first to be notified. They need to decide whether to investigate, who should be involved (human resources, the board of directors, outside counsel, security, etc.), the scope of the investigation, how it should be conducted and what will be done with the results of the investigation. This legal-centric approach provides companies with the best opportunity to get on top of the case early for early evaluation of the best “go forward” strategy.
This need for a unified approach is obvious when you see more cases involving network security issues, data privacy and the improper handling of electronically stored information. Because security, data privacy and collecting evidence can have significant legal consequences, corporate legal departments concerned about litigation and compliance are better equipped to coordinate and drive technology purchases than IT departments who are mainly concerned about data security and general computer network issues.
Overcoming institutional barriers within corporations is the biggest challenge to having a unified approach to eDiscovery, compliance and internal investigations. However, we are starting to see information security departments, IT and the legal departments work together to break down communication barriers and realize the benefits of cooperation and coordination.

The investigation risks are similar too - failure to find all relevant evidence, failure to properly preserve and authenticate relevant ESI, failure to meet deadlines, failure to document the process, failure to have a consistent workflow, unintentionally altering the evidence and evidence spoliation. Flawed investigations can seriously damage a corporation’s reputation, depress stock prices and hurt employee morale as well.

In all of these cases, the enterprises need to search, identify, preserve, collect and process evidence quickly for attorney or law enforcement or regulatory compliance review. Getting to the evidence over the network early is critical to the success or failure of an investigation.

For cost, efficiency, consistency and to mitigate risk, it makes sense to have a standardized, repeatable and defensible process for all types of corporate investigations. More companies today are creating a single team and using a single enterprise-class technology to perform these types of investigations. Companies without a coordinated policy and strategy will spend more on e-discovery, compliance and internal investigations than those taking a holistic approach.

Effective Response Plan
The need to become "investigation ready" is driving companies to assess, analyze and plan, and unify their investigation response practice. An effective response plan requires an organization to anticipate proactively the type of investigations that could be initiated and develop an offensive response strategy.

Technology is the linchpin to the overall implementation of a proactive response plan. When looking for enterprise technology to handle multiple types of computer investigations, look for technology that can search for evidence over the network from a central location, collect the evidence in a forensically sound manner and properly preserve all metadata. Additionally, having technology that can also do a network-based forensic examination is important for IP theft, SOX investigations and HR cases.

Recommended best practices include having a comphrensive corporate investigation and document retention policy, developing a repeatable process to properly identify and retain evidence for both civil and criminal matters, developing a response strategy for both inside and outside counsel, properly identifying event triggers and creating a decision tree, determining who in the enterprise should control and conduct the investigation, determining how the investigation should be conducted, what should the scope of the investigation be, and what will be done with the results of the investigation.

The rewards of becoming investigation ready and centralizing the process will help a company have a strategic advantage by quickly and efficiently identifying potential liability and effectively limiting risk while allowing the company to control the process before governmental or other third party intervention. It also gives the corporation more time to develop a response or defense strategy, which may ultimately minimize overall criminal and civil exposure and reduce the likelihood of lawsuits. Finally, it can make a corporation look more responsible to the courts, government regulators, shareholders, and auditors, thus minimizing the effect of any negative publicity that has arisen from allegations of wrongdoing while also satisfying the board’s fiduciary obligations to the stockholders.

Ultimately, the goal is to establish a legally-defensible response plan that builds upon prior experience, provides a common language and establishes an effective evidence lifecycle management framework to minimize risk and increase the effectiveness of an investigation. It is a critical piece of overall corporate policy. Combining these investigation areas will provide an organized business workflow that efficiently combines people, processes and technology.

Labels: , , , , ,