E-Discovery Process: The Transformation into Continuous Governance

As a natural result of the corporate transition from paper documents to electronic documents, e-discovery has been an important topic for several years. Nighty-eight percent (98%) of all documents now originate electronically and most exist in unstructured and unmanaged repositories, not managed enterprise content management (ECM) systems. IDC has estimated that electronic document volume will grow to more than 35 zettabytes (35 x 10²¹) worldwide by 2020. All of this important electronically stored information (ESI) has made the requirements of e-discovery far-reaching, affecting legal, compliance, business and IT professionals alike. In this new world, legal discovery, information management and corporate governance policies and processes must evolve to manage, govern and preserve or dispose of our new volumes of unmanaged electronic records.

An unexpected e-discovery request is often the compelling event that triggers a larger information management conversation, as the technical complexity of searching corporate data centers, desktops, laptops, mobile devices and enterprise applications is fully realized. In this e-discovery "fire drill," the primary focus is on responding to the legal request, solving the litigation issues and mitigating the risk of sanctions, often forcing an ad hoc process that is frequently unrepeatable and expensive. The postmortem leaves the organization with a number of questions about how to reduce the disruptive impact and costs associated with future litigation.

To be successful in this task, general counsels have made new friends. The most innovative general counsels have reached out to the in-house compliance, records, governance and IT professionals who are responsible for information management, compliance and governance policies and processes. The internal cross-functional teams find that there are numerous commonalities between the e-discovery process and traditional information management and governance best practices. Formalizing the e-discovery process within existing governance processes and best practices is transforming information management, governance and e-discovery.

Pervasive Governance

In electronic discovery matters, the judiciary is demanding increased cooperation and transparency. Business managers are insisting on reduced risk and better e-discovery cost management. The "aware" general counsels are in the middle, still scrambling to understand the real impact of the changes to the FRCP by gaining a better understanding of the scope, diversity and information volumes within their organizations. On the legal side, as case law continues to develop and standards solidify, the legal impact will emerge in time. However, the technical side of the process is proactively manageable today. Integrating e-discovery into existing governance practice is an accelerating trend within the innovative organizations.

Four Key Requirements

Within the functional framework, functions can be divided into four key capabilities: understand and secure; automate and enforce; protect and control; and discover and produce. These capabilities can be leveraged and applied to any document at any time, whether on premise, in the cloud or on a remote device, as the need arises. This overarching management capability can be termed "pervasive governance." This pervasive approach to governance offers a new insight into both business operations and information management and delivers the ability to manage the growing complexity of the continuous information management process.

The first functional capability of pervasive governance is to understand and secure the existing information. This is very challenging, as organizations adopt new applications, devices and cloud services, and information becomes more distributed. With the growth in e-discovery for litigation, internal investigations and compliance audits, organizations are forced to proactively identify, categorize and secure documents that are distributed globally and are largely unmanaged. With global distribution, variable document types and new devices, it is a significant challenge to find, correctly identify and secure information at the granularity needed to meet requirements in the growing volumes organizations are generating.

The second capability is the ability to automate and enforce policies and procedures. The current manual or semi-manual processes in managing policies and procedures are no longer viable with growing information volume and changing compliance and regulatory rules. Most organizations have written retention and disposition policies and can enforce them on information with their ECM systems; however, most lack the ability to systematically enforce policies on unmanaged information. For risky documents, e.g. price lists, design documents and contracts which are stored "in the wild," organizations need the ability to extend policies and procedures to documents within unmanaged repositories, such as file shares and SharePoint and to automate processes in a transparent manner to manage and control documents to meet today's complex requirements.

The third capability within pervasive governance is the need to protect and control documents. Now more than ever, organizations must manage how documents are accessed and used wherever they reside—in a secure repository, in the cloud, on a mobile device or when shared externally. Creating documents with access and security controls upon creation is critically important in our digital environment where documents are so easily shared globally. Protecting privileged information, intellectual property, confidential information and trade secrets by controlling not only who can access these documents but also how can they use them is necessary in maintaining sound governance controls.

The fourth capability of pervasive governance is the ability to discover and produce. Organizations need an in-house e-discovery solution to meet the demands of today's compelling events. Gaining accelerated insight into a compelling event to determine risk and exposure is critical in making an early and informed decision and then managing one's options on the best course of action. Delivering targeted, relevant documents upon demand is simply a mandatory requirement for organizations.

The demand for transparency, cost control, risk mitigation and business efficiency drives the governance, compliance and e-discovery convergence. Subsequently, this convergence is integrating, transforming and optimizing processes and policies. As new information is created, regulations are updated and precedents established, pervasive governance is a continuous cycle of information management and governance, which delivers to an organization the strategy and capabilities to gain control of exponential growth of electronically stored information in today's transformational environment while adhering to governance and compliance mandates.