Migrated from eDJGroupInc.com. Author: Barry Murphy. Published: 2010-05-12 04:30:48Format, images and links may no longer function correctly. Conducting defensible eDiscovery collections can be challenging, but will pay off in both the near- and long-terms. What any organization does depends upon their specific maturity level and requirements. In general, though, organizations that want to take control of eDiscovery collection should:
- Take an infrastructure approach. Think of eDiscovery collection tools as part of the plumbing of the organization. While it’s not necessary to deploy some kind of uber-repository to house all information, it is necessary to be able to connect to all sources of information – that’s what a collection program should ensure. Ideally, the right collection tool will provide a single interface to search across all information sources, connectors to the most important information sources (and the ability to easily connect to more as needed), and the scalability to parse through a large volume of information. An infrastructure point-of-view, however, does not initially mean spending huge dollars. Each organization needs to decide how many information sources are in-scope for collection – laying down the plumbing for collection does not mean deploying pipes to each information source on day one.
- Give IT final decision-making authority. Anytime an organizations needs to put infrastructure in place, IT should be making the final decisions and have budget authority. This does not mean that the legal department is not an important influencer in the decision-making process; rather, legal should be acting as the business user of any kind of collection, legal hold, and/or ECA tool, defining requirements like user interface needs, search and analytics capabilities, and review formats that need to be supported. Ultimately, though, IT should be pulling the trigger on the purchase of tools. Figure 4 below depicts the features and functions that Legal and IT should care most about, respectively.
Figure 4 – Evolution of Buying Criteria for eDiscovery Tools
- Make reporting and auditing a priority. Remember, defensibility is the name of the game in collection. Without good reporting and auditing capabilities, an organization will have a hard time proving how a collection was executing and showing how the chain of custody was maintained. Given the potential for sanctions due to spoliation, reporting and auditing should be one of the priority requirements of any collection purchase. The last thing anyone wants is to be called to the stand in court to defend a collection without any audit trail to help them recall how the collection went down.
- Use disk imaging on an as-needed basis. While full disk imaging may be overkill in a lot of civil litigation, it can be necessary in some cases. When custodians are non-cooperative, it can make sense to take a full disk image of their machines to ensure that all information is captured – the superfluous information can be filtered out downstream. Also, for any organization that is not confident it can capture all the necessary information via other means, disk imaging may be the only reasonable and good faith effort for collection.
- Do not be afraid to bring in expert consulting help when necessary. It’s possible to have properly trained and experienced experts working internally at an organization, but the reality is that many work for forensic consulting companies or as independent consultants. It often makes more economic sense for them to do so. Why rely on experienced experts? First, they understand that there is so much more to think about than the traditional information sources in collection – external USB devices, webmail accounts, social networking sites, cameras, phone, other periphery devices, etc. Not only do they understand this, but they have proven methodologies for documenting these sources and collecting from them. Second, they are experienced working with litigators on a daily basis and can give expert testimony and expert reports, which can properly document and ensure the admissibility of electronic evidence and help defend against spoliation claims (and happens to be activity that most organizations don’t want to leave to internal resources). And finally, they are knowledgeable about both legal rules and precedents as well as computer science and collection methodologies.