Rule E-Discovery Within Your Company
Let’s say you are CIO/head of legal technology/technical staff. You’ve just finished getting your company’s electronically stored information (ESI) ready for discovery, and are reviewing the costs of the project. One thing’s certain: the bill from the e-discovery vendor you chose is an eye-opener. As a technologist, you just don’t understand why such a simple process can’t be done for a lot cheaper in-house. After all, this is a litigious society, and you know this isn’t the last time you’re going to have to do this. Next time you swear you’re going to be ready.
Now you are general counsel/director of litigation/legal staff. As visions of the impact of the new Federal Rules dance in your head, and you consider the endless stream of seminars and advertisements focused on products devoted to e-discovery, you feel the need to gain control over the process. Costs of litigation are spiraling out of control, and it burns you to write the checks paying for the full freight of processing with every single lawsuit. You’ve convinced yourself that if your company can bring elements of discovery in-house, you’ll see major cost savings down the road. After all, there’s so much software out there, each promising reduced review costs and increased control over your company’s data. Bringing e-discovery in-house cannot be a bad thing, can it?
Cool, let’s get started… before the next budget meeting. It all sounds so simple. Bring the processing of ESI in-house, where your internal IT staff can add it to their list of chores, and hit the cost-savings jackpot. After all, it’s just a simple matter of programming (SMOP), isn’t it? It’s about time IT starts helping the legal department, after all, it’s IT technology that started these problems. Remember how easy things were before email, when we only dealt with paper? In reality, the technology involved in the actual processing of the data is pretty simple. That doesn’t mean, however, that the job is a simple one. SMOP is not the answer here. It takes a disciplined system-design approach. The process is fraught with pitfalls if you don’t enter with your eyes wide open and stay aware of the dangers. The price of screwing up can go well beyond the cost of any hardware, software or implementation project. It has the real potential to endanger your company’s legal standing. So what do you need to watch out for? There are several characteristics of the process upon which you have to have a firm grasp.
Know What You Are Getting Into
There’s a LOT of moving parts in this process. You’ll be dealing with a number of steps, including:
Inventory. Step one of any process. Make a record of all of the ESI you’re processing. Mark the easy stuff to ignore, such as system files and other known program and non-relevant files. Start the audit trail.
Metadata extraction. This is the big step. This is where data about the ESI objects are extracted from the objects themselves. Data includes date and time stamps, email address information, text and other data about the data. This information needs to be extracted carefully to maintain the original information intact.
Imaging. If you’re doing everything in native format, including producing, this step is skipped. However, converting ESI to image files will eventually be needed if you’re reviewing in image format, performing redactions or will be producing in images. Sounds simple, but this is by far the step that causes the most problems. For example, converting a spreadsheet involves lots of decisions about the formatting of the spreadsheet. Most spreadsheets these days are never meant to be printed, but are passed around and reviewed directly in Excel. Printing such a spreadsheet in a legible format becomes pretty complex… try printing a complex spreadsheet and get all of the information out without playing around with the formatting… then do it five million times. Don’t forget about hidden cells and imbedded graphics.
Filtering, de-duplication, advanced metadata and more. This is where a lot of the newer data culling technologies can come into play. Using either keyword-based technology (old but understood) or newer conceptualization technologies, your ESI is marked as subject for review. In addition, duplicates or near duplicates are identified so that identical records only need to be reviewed one time. You may also be performing automated Bates numbering or doing further processing for email thread identification.
Moving the data-to-review. Having processed all of the data, you now have to make it available for review. This typically means exporting the data to a review/production system, either in-house or with a vendor.
Now compound this overall process by having millions of discrete pieces of information moving through your system. To make things more fun, you may have a "rolling" collection, where you’re processing documents after review has started, sometimes for years at a time. And remember, there’s a distinct possibility that months down the road, you’ll be asked to explain exactly how document number 3452304 came into being, and certify that the image you created and produced is an accurate representation of the document, and the list of recipients of the email to which the document was attached is complete.
CYA…Build a Solid Foundation
So how will you sleep at night? After all, the last time you installed a system capable of tracking this much information was that ERP system (and, boy, was that install a breeze!). Here are some guiding concepts:
Track, track, track. As you see from above, there are a number of steps. The inventory step should establish a data record for each object to be processed. Every step along the way should update that record to document what was done to each object. This means this is a rather complex database project, and is where the complexity of the process overrides the simplicity of its steps. At the end of the process, you need to be able to pull up the history about any given object, and easily see what happened to it and when. Yes, you’re developing meta metadata (that is, data about the data about the record) but that’s the price of doing this job correctly. If a part of the process involves an outside vendor, then the export and import of the data to and from the vendor need to be minutely tracked. And insist on the same level of tracking on the part of your vendor.
Audit, audit, audit. Auditing has to be a full-time responsibility. The entire process needs to be periodically reviewed and evaluated. Each step needs to be audited separately against a set of standards that are developed as part of the system design. The entire system needs to be audited to make sure that the handoff of data between the steps is accurate, and that all the data is making it through the system.