Migrated from eDJGroupInc.com. Author: Barry Murphy. Published: 2011-02-25 11:38:17 One of the challenges in the eDiscovery market is the need for organizations to keep best practices to themselves. There are few organizations willing to publicly share the details of eDiscovery programs. True, one of the reasons for this is the fact that most eDiscovery programs are very immature. But, the primary reason is risk control – there is very little benefit to going public with eDiscovery practices and a lot of downside (e.g. losing the ability to argue undue burden because the whole world knows about your search capabilities). Thus, I was very happy when I found someone from a top telecomm company willing to share some lessons learned (while I can’t share name or company name, I can share some very interesting knowledge nuggets).At this large company, eDiscovery is run in the organization responsible for information security (both from a customer information perspective and an internal network perspective) and digital forensics. This organization reports into the head of IT for the company. It’s safe to say that eDiscovery is an IT function in many ways, and final decision-making and budget authority for technology and service solutions lies with IT.Of course, legal is not out of the picture at this company. We all know that eDiscovery cannot be conducted in either a legal or IT vacuum, and this company is proof again that a cross-functional approach is necessary to make programs successful. In the case of this telecom company, there is an eDiscovery steering committee comprised of the info security and forensics team, the General Counsel, the company’s privacy and employment attorneys. This steering committee meets weekly (not just periodically) to check on progress, discuss how various technologies are working, and map out next steps. The committee was created in 2006 in response to the Amendments to the FRCPs.The early formation of such a steering committee and the fact that the committee has the ear of the CEO speaks to why this company has had success with its eDiscovery initiatives. How is that success defined? Certainly, the company looks at the ROI of specific projects, but there is a concern that too many metrics will be discoverable and hurt undue burden arguments down the road. Given the high costs of eDiscovery when using third parties for processing and review, the company is able to justify investments that bring more of the eDiscovery process in-house. However, this company does know its limits – it’s prepared to use third parties as necessary. In fact, the approach has been to have all in-house capabilities across the full spectrum of the EDRM, with the ability to swap out any component (e.g. collection, processing, review, production) as needed on a case-by-case basis. This approach has allowed the company to save costs while also being flexible enough to handle each case in the manner necessary.Bringing the full spectrum of EDRM capabilities in-house was not as simple as just buying a single, off-the-shelf solution. The company realized early on that it would need to source multiple, best-of-breed tools and do a substantial amount of internal integration work. It chose a small number of strategic vendors from which to source most of its tools. The hardest part of choosing these vendors, according to the info security group, was finding those that were willing to truly partner. This meant that the vendor’s development team had to be willing to alter product roadmaps based on the company’s requirements and lessons learned. For many software companies, that is not a model that works. But, for the vendors this telecom chose, it was a model they embraced – and it’s paid off because this is a giant customer at the forefront of eDiscovery maturity. Now, the vendors’ solutions are part of a strategic platform for this telecom.Another challenge in bring eDiscovery technology in-house was the need to choose between a search-based approach and a forensics-based approach. The reality was that forensic tools were created to maintain chain-of-custody in a way that search tools were not. Many vendors, when asked about how they manage chain-of-custody, simply say, “we hash the content.” For this telecom, that argument was not enough. The company had to be sure that the preservation efforts met extremely high standards. The company chose a forensics tool as one of the critical components of its platform, knowing that the tool could evolve into a broader processing and ECA application.One of the interesting things from my perspective is how this company views eDiscovery. It’s still a reactive process, but with the infrastructure that’s been put in place, the company can react quickly and efficiently (and in the way that best suits the case). Going forward, the company wants to take a more strategic approach to cases so that lead-time challenges are abated. Too often, there is just so little time to execute on collection and preservation – the company would like to minimize situations that lead to a time crunch. Part of this will be using more ECA type functions. For example, the company would like to get away from what it calls the “key custodians” approach to eDiscovery, where all data is collected from key custodians. Instead, it would like to use functions that allow for the prioritization of collection (e.g. a custodian’s email only) as a way to better manage projects.It was a very informative conversation to say the least. Here’s a summary of the key takeaways for me:
- Clear ownership of eDiscovery budget – in this company’s case, IT has the budget, which seems to make sense in a majority of the corporations I speak with. Without clear ownership, projects will either get bogged down or there will be duplicative work that will cause headaches down the road.
- Cross-functional input – this company shows the importance of a steering committee that represents both IT and Legal and that actually meets frequently.
- Pragmatic approach to solutions – this company recognized that there was no silver bullet in the market, but that it could get real benefits from sourcing best-of-breed tools and doing a lot of internal customization and integration.
- There is just as much process work as technology work – one of the challenges the info security team mentioned as the ability to “digitize custodians.” What this means is knowing the impact of a custodian on the digital footprint. What data sources does this custodian have? Are there other custodians with the same name and how will that impact collection and processing? It’s impossible to discount the importance of data mapping up front to make the collection and interview process go much more smoothly.