More than 90 percent of today’s records are created in electronic format.[1] The continuing evolution of legal and regulatory requirements place a great responsibility — as well as a great burden — on organizations to preserve, collect, and produce this information. Complying with these laws and regulations is challenging in light of the avalanche of electronic evidence, particularly as it is created in ever more diverse forms, whether in the cloud, on mobile devices, or in social media.

E-discovery is more than a litigation phenomenon; it has implications for activities well beyond the scope of the courtroom such as records retention, risk management, and the archiving of information. When these processes are poorly managed, it leads to serious ramifications for corporations such as sanctions for the loss of information.

Although most attorneys did not study metadata and cloud computing in law school, they are nonetheless responsible for guiding clients through the maze of issues that e-discovery raises, including navigating the phases of discovery and choosing the right service providers, service models, and tools.

Managing the Life Cycle of an E-Discovery Matter

Counsel must have a complete understanding of the life cycle of an e-discovery matter. According to the Electronic Discovery Reference Model (EDRM), a framework for the discovery of electronically stored information (ESI), the life cycle consists of nine stages: information management, identification, preservation, collection, processing, review, analysis, production, and presentation.[2] If an organization has litigation on a regular basis, ideally it should have processes in place for handling each of these phases.

Information Management

Information management is an ongoing program that actually precedes litigation, but it is included in the EDRM because a client’s ability to successfully navigate the e-discovery process relies in part on its information management practices. The more information a client has, the greater the risk that information poses, particularly when the client does not understand why it creates, uses, and saves that information.

Ideally an organization’s information policy is developed with the input of representatives from various departments, including legal, records, compliance, human resources, and key business units that will share insight into the potential risks and give input on retention guidelines for each category of data. The goal is to preserve data only as long as it is needed for operational or legal reasons.

One important caveat: Establishing an information management program and/or disposing of records pursuant to the retention program are tasks that should be done in the ordinary course of business and not in connection with specific litigation. Disposing of data in anticipation of or at the onset of litigation is a red flag to courts and opposing counsel, increasing the risk of potential sanctions.

Identification

Once litigation (or an investigation) actually ensues, the first phase of e-discovery is identification of potentially relevant information. Part of this process is working with the client — particularly its legal team and IT personnel — to determine the scope and budget for the project and to learn about the client’s systems.

It is important to identify custodians who have potentially relevant information, narrow the range of dates applicable to the litigation, and determine where relevant information might be located. Once these pieces of information are assembled, counsel can more accurately estimate the volume of potentially relevant data, create an e-discovery budget, and assess any potential risks.

Organizations that have regular litigation may find it helpful to construct a map identifying types and locations of data that may be potentially relevant to litigation or an investigation. A comprehensive data map can serve as a starting point for cost-effective, defensible discovery responses and will avoid the time and expense of duplicative preliminary legwork in future litigation. The most useful data maps include the following information:

·       the subject matter and relevance of information;

·       the primary data sources, location, and accessibility of information;

·       the status of the system (e.g., when it was commissioned, decommissioned, retired, or upgraded);

·       the person or persons responsible for maintaining the systems and/or data; and

·       retention dates.

Preservation

Preservation of potentially relevant evidence is the next phase of the e-discovery process. The duty to preserve typically arises as soon as the party anticipates litigation or should reasonably anticipate it. During the preservation stage, clients must protect their data from intentional or inadvertent deletion, destruction, or modification.

Parties that fail to uphold the duty to preserve face the possibility of serious sanctions for the loss of evidence, which is called “spoliation.” The severity of sanctions depends on several factors, including the prejudice to the opposing party as well as the steps the producing party took to preserve the information. There is a continuum of sanctions a court may impose, ranging from requiring parties to redo discovery, imposing monetary sanctions, and issuing an adverse inference instruction, to making other dispositive rulings, which can include dismissal. Courts have also sanctioned counsel who fail to take affirmative steps to ensure their clients are preserving data.

Three steps are critical during the preservation stage:

1)     The first step is to issue a litigation hold to all custodians of potentially relevant documents. The hold should also be sent to personnel from IT and the records departments, notifying them to suspend any automatic deletion of data (which is common in email systems, for example). Sending a preservation notice is not enough to meet counsel’s duty, however; counsel must ensure that recipients understood the notice and plan to comply with it. Throughout the litigation, reminders of the ongoing duty to preserve should be sent to all custodians, and counsel should update the hold if necessary. Furthermore, lawyers should follow up with custodians as well as IT and records, and monitor their adherence to the hold.

2)     The second step is to protect the ESI either by collecting it or otherwise sequestering it to prevent its loss.

3)     The final step is to release the hold at the conclusion of the matter and reinstate the normal records retention schedule.

Collection

In the collection phase, all potentially responsive ESI from custodians and other client data sources are gathered. The failure to collect the data early can drive up the expense of discovery.

Data can come from a variety of sources, including but not limited to servers, individual computers, cloud storage, mobile devices, backup tapes, personal computers and devices, and social media. Tools are available to help manage the headaches associated with mobile data: For example, mobile device management software can help secure, monitor, and support company- or employee-owned mobile devices. Any technique or tool used to collect the data must be forensically sound to ensure the integrity of the data. Counsel should also ensure that the client has clear records demonstrating the chain of custody for collected information, including where the data originated, who handled it, what steps were taken to collect it and when, what tools were used, and where the data went after collection. If the data is not reasonably accessible, it may be appropriate to negotiate with the requesting party or seek relief from the court.

Meeting collection requirements often requires the expertise of a reputable discovery provider; relying on self-collection risks the omission of key data, the inadvertent loss or modification of metadata, or a claim of self-interest by the opposing party.

Processing

The processing stage converts collected data to a form that can be systematically analyzed and reviewed in a software platform. During this phase, an e-discovery provider can employ strategies to reduce the volume of data such as removing duplicate documents (a process called “deduplication”), system files, and other irrelevant noise from the collection, ultimately lowering the cost of the priciest stage of discovery: review.

Review

During this stage, the client’s data is reviewed and coded for responsiveness and privilege to prepare it for production. Studies have shown that review is the most expensive phase of the process, with some researchers maintaining that it accounts for up to 73 percent of discovery budgets.[3]

Clients have panoply of options at their disposal for reviewing data. Traditionally clients have relied on manual (or linear) review, wherein an army of lawyers pores over each document. Today many organizations employ tools to sort the data electronically, using search terms to isolate potentially relevant data, which then is sent to reviewers for responsiveness and privilege review and coding. Other analytic techniques, such as e-mail threading, can eliminate the need to review multiple chains of the same e-mail. Advanced technology-assisted review solutions, including predictive coding, can speed the process of review by applying computer logic to the data population, enhancing and in some cases replacing the first levels of human review. A knowledgeable discovery provider can discuss the best options for the particular matter based on scope, cost, and the nature of the data.

Analysis

The analysis of information plays an essential role in the early assessment of cases. Evaluating ESI for content and context can highlight critical fact patterns such as timelines, revisions to documents, and the roles of various players in the litigation. Data analysis can also help determine potential exposure that can drive decisions such as whether it makes economic sense to settle early or proceed to trial.

Production

Production is the phase in which the responsive data is made available to the other parties. In some jurisdictions, local rules may specify the appropriate form of production for data; otherwise, the parties should address the format for production during the Fed. R. Civ. P. 26(f) conference to avoid costly disputes that may arise after data is produced, which could require a second production of data in a different form.

Typically, parties will elect to produce data as single-page, Bates-stamped TIFF images along with their metadata, accompanied by a standard database load file. However, some documents, such as spreadsheets, databases, and presentations, do not lend themselves to that format. Those files are best produced in their native format.

Presentation

In the final stage of the discovery framework, parties display ESI at trials, hearings, depositions, and the like to gather additional information, validate existing facts, or persuade a judge or jury.

The “Meet and Confer”

Fed. R. Civ. P. 26(f) requires a pre-trial conference among the parties “as soon as practicable” to discuss a variety of issues, sometimes called a “meet and confer.” Some state courts have similar requirements. As the client’s representative, counsel should be prepared to discuss the discovery of ESI at the meet and confer. Ideally the conference will address a host of issues, including the following:

·       the scope of discovery, including the subject matter, time frame for relevant information, and potential custodians; 


·       the accessibility of data, including legacy data and backup systems, as well as any legal restrictions on access such as data privacy laws; 


·       the scope of the preservation of data, including metadata, and the preservation efforts that are underway; 


·       the form of production of the data; 


·       the use of search terms and other selection criteria to filter the data; 


·       the use of technology such as predictive coding to expedite review; 


·       the timing of data production, including whether production should occur in phases; 


·       the need to protect proprietary or privileged data, including provisions such as a “clawback” agreement to prevent the waiver of the attorney-client privilege or work-product protection; and 


·       the shifting of costs to the requesting party if discovery will be unduly burdensome or expensive. 


            Given the breadth of issues that must be addressed, counsel must arrive at the conference well versed in the client’s data and systems. In many cases, this may require the expertise of an e-discovery consultant who can advise on any potential problems. Having a knowledgeable third party available for the conference can also satisfy the lawyer’s duty of competence under a comment recently added to ABA Model Rule 1.1, which requires counsel to be aware of “the benefits and risks associated with relevant technology.”[4] 


            The result of the conference should be a comprehensive discovery plan, which can control discovery costs and avoid excessive motion practice. It can also serve as evidence of good faith efforts to cooperate should a dispute arise. The court should enter an order memorializing agreements on key issues, particularly clawback agreements; Fed. R. Evid. 502(d) orders prevent the waiver of the privilege in the pending matter as well as in all other federal or state proceedings.

Choosing the Appropriate Service Model

In many cases clients can realize significant savings by sharing the responsibility for e-discovery with outside counsel and third-party service providers. In recent years, the e-discovery service industry has developed three service models to choose from:

1.     a firm-hosted model; 


2.     a fully outsourced mode; and 


3.     a hybrid model.

The right choice will depend on a variety of factors. In many instances, depending on the client’s e-discovery capabilities, an approach that blends internal and external resources is most effective. It may make sense to divide the responsibilities according to the discovery phase, depending on the client’s sophistication and budget.

Some factors to consider in choosing a model include the following:

·       the client’s volume and type of litigation; 


·       the client’s volume and types of data; 


·       the skill sets of lawyers and other legal professionals on the client’s team of outside counsel;

·       the skills and resources of the client’s in-house legal and IT teams; and 


·        the costs and risks associated with the client’s information. 


Outsourcing all or part of the discovery process to third-party service providers benefits clients and their counsel in many ways. First, discovery providers often have superior expertise, including knowledge of best practices and cost-saving strategies. Second, service providers have access to scalable resources, including trained legal reviewers; this means they can mobilize their teams quickly and jump-start projects to meet tough deadlines. Third, service providers typically have access to the latest e-discovery technology and tools. Finally, using a service provider can often be more cost-effective than using outside counsel or in-house resources.

Establishing a relationship with a preferred provider of e-discovery services can lead to even more lucrative benefits: Costs will become predictable, and more favorable rates can be negotiated if discovery work is consolidated with a single provider. Moreover, sharing the load of discovery with a trusted specialist allows external and internal counsel to focus on their core responsibilities: handling substantive issues and developing legal strategy.

Finding the Right Strategic Partner

With the right investment of time and resources, counsel can find a strategic partner that will complement its services and delivery model. The Sedona Conference®’s publication, “Navigating the Vendor Proposal Process: Best Practices for the Selection of Electronic Discovery Vendors,”[5] is a useful reference for engaging in this process.

Keep in mind that retaining an e-discovery provider implicates ethical responsibilities such as the duty to protect a client’s data, so counsel should spend a sufficient amount of time evaluating potential providers. In general, at a minimum, the following topics should be addressed during the screening process:

1)     Experience: Make sure the provider has handled similar e-discovery matters in the past. Discuss the types of data involved in the project, and make sure the provider is equipped to handle it. Evaluate the provider’s strategy for handling each stage of e-discovery.

2)     Cost: What is the provider’s pricing plan? Determine whether prices will differ depending on the task. For example, some providers offer different rates for processing and hosting data. Ask whether the provider charges any fees for setting up the project or project management services.

3)     Location: First, consider where the data resides. If it is located in a foreign country, it will likely be necessary to retain an e-discovery provider well versed in data privacy laws. The next step is to figure out where the data will be processed and hosted. If the provider offers managed review services, what is the provider’s capacity to provide a staffed review in the location of the client’s choice?

4)     Security: What security features does the provider offer? At a minimum, the provider should offer physical measures as well as technological defenses. Find out whether the provider has had any security breaches. In addition, make sure the provider offers redundancy to protect client data in the event of a disaster. Furthermore, the need for security extends to the people working for the provider; background checks are a necessity.

5)     Support: Look for a provider that offers 24/7 customer service. An inquiry into support should also involve a discussion of uptime; some providers guarantee a level of uptime for their data. Find out how many interruptions have occurred in the past and what the effect of those interruptions is on the cost of their service. If you are not well versed in the e-discovery process, consider a provider who has the skillset to consult with you on particular issues or options with respect to the various decision points in the process to ensure that your e-discovery plan is cost effective and defensible.

6)     Technology: Does the provider offer its own review platform? If not, what platforms does it support? Make sure the provider has experience with cost-saving tools such as predictive coding, which can expedite review, and other volume-reduction tools.

Conclusion

Success in e-discovery discovery is largely determined well before a complaint is filed or before an investigation begins. Counsel who work proactively with their clients to design information governance protocols, to craft workflows for managing the stages of e-discovery, and to choose third-party providers and delivery models will be best prepared to take a comprehensive, consistent, and defensible approach that curtails risk, avoids peril, protects their client, and upholds their ethical responsibilities.