Cutting the Cost Of e-Discovery

“Save everything!” That's the new corporate mantra in response to tougher regulatory requirements and the growing importance of electronic data discovery in litigation. But is “Save Everything!” the right response? CEOs and CFOs may think they'll sleep better knowing that every bit and byte is being saved ' but wait until the bills come in! That'll be an eye-opener!

So, let's take a look at how we can cut those costs down to size, while still saving everything that needs to be saved. For starters, here are four key steps for taking control over the cost of preserving and processing electronic data for litigation.

• Weed out the trash. There may be a vast amount of e-data in the company's backup system, but most of it is unnecessary or redundant. A thoughtful approach can relegate backup data to its intended purpose, disaster recovery, not ad hoc data preservation and retention. For existing backup sets where no alternative source exists for data related to a specific litigation, analysis, sampling and testing, can weed out most, if not all, of that unwanted data, with the company paying only to process what's potentially relevant. In a large case, excluding irrelevant and redundant data can result in millions of dollars in savings.
• Adopt smarter data recovery methods. Companies are storing vast amounts of data ' 100 or more gigabytes of data on a single hard drive, the equivalent of millions and millions of pages of printed data! But just as data storage is getting cheaper and easier, so is data recovery. For example, you can now extract data from a backup tape without going through the time consuming and costly process of recreating the exact environment or system from which it was backed up. What's more, the discovery process keeps improving. The newest search tools and techniques enable legal teams to cull out irrelevant data quickly, leaving more time for in-depth review of data that is pertinent to the case. Cost savings are significant because there is less need to pay high-priced reviewers to waste hours and hours looking at irrelevant or duplicative data.
• Tailor the method to the case. Some vendors tell corporate counsel that there is only one right way to process e-data (and it costs a lot!). The truth is that companies can adapt their methods to the value, size and timeline of the case, the type of data, and most importantly the size of a reasonable discovery budget. Tailoring the method to the case may require calling upon expert advice, but the savings gained by eliminating unnecessary processing and attorney review time make the investment well worthwhile.
• Do what is reasonable. Too many companies accept as valid the claim that the cost of electronic discovery should be based simply on the amount of data and the cost of processing that data. In fact, according to basic discovery principles, such as those found in the Federal Rules of Civil Procedure, a party is obligated to do what is “reasonable” for the case, not everything “possible.” Many litigants and electronic discovery vendors approach the problem as a question of “how much will it cost to process my data?” Under the rules and the case law, a more appropriate question would be, “Based on the value of the case and the deadlines, what is a reasonable budget and approach for electronic discovery?”

Why Preserve Electronic Data?

When you boil it down, there are really just three reasons for corporations to preserve any data: operations, litigation and regulation. Let's take a look at all three and see where companies can realize significant savings and avoid the risk of being caught unprepared.

Legal requirements

Meeting the legal requirements of discovery in litigation is a key reason for preserving electronic data. True “smoking gun” communications such as e-mails acknowledging wrongdoing are relatively rare. The greater risk facing corporations is being caught unprepared for discovery of electronic data. Opposing counsel will make sweeping demands for data preservation, knowing that the high cost of compliance can pressure the corporation and its insurance carriers to accept an unfavorable settlement. Or they'll seek (and often obtain!) an ex parte preservation order, asserting that the corporation is planning to or is actually in the process of destroying evidence. An unprepared company may be doing just that and not even realize it.

The best way to frustrate such attacks is pre-emption. At the first sign of litigation, the company should be ready to act. Such readiness means establishing a litigation response plan in advance. The legal staff should understand the plan and be ready to implement it at the first whiff of litigation. Once litigation is underway, the lawyers should develop a preservation plan specific to that particular case, and the plan should be in place ' not hypothetical. They should also undertake the limited acquisition and review of a targeted data sample. Again, this action should be underway, not hypothetical, before going in front of a judge to argue that your approach is better than your opponent's.

Then, if the other side rushes to court with an ex parte preservation demand, the corporation can show the judge that it already has a preservation plan underway and that the plan will ensure the retention of all relevant data. Typically, judges will favor sensible plans already in place over vague demands that the corporation preserve everything, relevant or not. But if it's a choice between two vastly different proposed plans, it is anybody's guess which one a judge will pick. An unfavorable decision can pressure the company to settle the case regardless of its merits.

Keeping the data you need

From the company's perspective, the most important reason to preserve data is operations; that is, keeping the data that the company needs to do its business. Companies employ a variety of methods to do this ' from individuals' saving data on their hard drives, to company-wide enterprise software, to disaster-recovery backup systems. Modern backup systems can be amazingly complex. The days of manually loading tapes into a drive and backing up the data on a server are fading fast. Some of the newest systems store hundreds, even thousands, of tapes in silos that are manipulated with robotic arms, with data spread across the tapes for optimal storage. So, an order to “preserve all tapes” or retrieve specific data from backups could be extremely expensive and physically all but impossible.

Such backup systems are not really meant for the preservation of evidence or routine daily use. Their purpose is disaster recovery. So even if it is possible to use them to hunt down missing documents, using them for such purposes fundamentally alters their function from disaster recovery to regular business use. And it can be very hard to argue against a sophisticated opponent that your company should not be required to search its “disaster recovery” tapes for litigation if it is already using them in the ordinary course of its day-to-day operations. So the decision is simple: either use backup systems for true disaster recovery or treat them as ad hoc document retention systems and risk having to spend a lot of time and money accessing them in litigation.

Regulatory requirements

The third major reason to keep electronic data is to meet regulatory requirements. The problem is that a typical company faces hundreds if not thousands of different regulations, many of which overlap, are inconsistent, are constantly changing, or were written without any of the other regulatory requirements in mind. So what do you say if someone asks, “How do you set up an electronic data management program for a given regulation such as Sarbanes Oxley?” The answer is simple: You Don't.

What a company really needs is a single program that manages all of its electronic data on a company-wide level for all its regulatory needs. Given the complexity and inconsistency of the requirements, trying to create a separate compliance program for each regulation would almost certainly be impossible. Most companies would likely fail miserably trying to set up, operate, monitor and update such a multiplicity of programs.

In light of the daunting regulatory requirements that companies face, the practical solution is to implement an enterprise level approach combining both human resources and technology that can be adapted and updated in real time to meet the retention and accessibility requirements of the increasingly complex regulatory matrix. Software applications already exist for this purpose and are rapidly improving as technology recognizes and attacks the problem.

Finally, it's not enough to have a good document retention program that addresses regulatory and other requirements. Arthur Andersen developed one of the most expensive, detailed and thorough record retention policies in corporate America. Their subsequent demise tells us that a policy is only as good as the system in place for implementing it. Besides a clear and concise policy, a company needs a training program, ongoing monitoring, auditing, frequent updating, defined responsibilities and individual accountability for success or failure. A policy that is not implemented and enforced may be worse than no policy at all.

Summary

When it comes to preserving data, the greatest risk is being caught unprepared. The result is an indefensible process that can lead to disproportionate costs or worse, civil or criminal liability, even the demise of the organization. The good news is that being prepared is relatively inexpensive ' compared to the high costs of dealing with electronic data in litigation or a regulatory action at the 11th hour. The savings gained from being prepared and having a system in place to deal with the demands of litigation, operations, and regulation should make any savvy CEO or CFO smile in approval. And now, under Sarbanes Oxley and other regulatory regimes, being prepared is required by law.

“Save everything!” That's the new corporate mantra in response to tougher regulatory requirements and the growing importance of electronic data discovery in litigation. But is “Save Everything!” the right response? CEOs and CFOs may think they'll sleep better knowing that every bit and byte is being saved ' but wait until the bills come in! That'll be an eye-opener!

So, let's take a look at how we can cut those costs down to size, while still saving everything that needs to be saved. For starters, here are four key steps for taking control over the cost of preserving and processing electronic data for litigation.

• Weed out the trash. There may be a vast amount of e-data in the company's backup system, but most of it is unnecessary or redundant. A thoughtful approach can relegate backup data to its intended purpose, disaster recovery, not ad hoc data preservation and retention. For existing backup sets where no alternative source exists for data related to a specific litigation, analysis, sampling and testing, can weed out most, if not all, of that unwanted data, with the company paying only to process what's potentially relevant. In a large case, excluding irrelevant and redundant data can result in millions of dollars in savings.
• Adopt smarter data recovery methods. Companies are storing vast amounts of data ' 100 or more gigabytes of data on a single hard drive, the equivalent of millions and millions of pages of printed data! But just as data storage is getting cheaper and easier, so is data recovery. For example, you can now extract data from a backup tape without going through the time consuming and costly process of recreating the exact environment or system from which it was backed up. What's more, the discovery process keeps improving. The newest search tools and techniques enable legal teams to cull out irrelevant data quickly, leaving more time for in-depth review of data that is pertinent to the case. Cost savings are significant because there is less need to pay high-priced reviewers to waste hours and hours looking at irrelevant or duplicative data.
• Tailor the method to the case. Some vendors tell corporate counsel that there is only one right way to process e-data (and it costs a lot!). The truth is that companies can adapt their methods to the value, size and timeline of the case, the type of data, and most importantly the size of a reasonable discovery budget. Tailoring the method to the case may require calling upon expert advice, but the savings gained by eliminating unnecessary processing and attorney review time make the investment well worthwhile.
• Do what is reasonable. Too many companies accept as valid the claim that the cost of electronic discovery should be based simply on the amount of data and the cost of processing that data. In fact, according to basic discovery principles, such as those found in the Federal Rules of Civil Procedure, a party is obligated to do what is “reasonable” for the case, not everything “possible.” Many litigants and electronic discovery vendors approach the problem as a question of “how much will it cost to process my data?” Under the rules and the case law, a more appropriate question would be, “Based on the value of the case and the deadlines, what is a reasonable budget and approach for electronic discovery?”

Why Preserve Electronic Data?

When you boil it down, there are really just three reasons for corporations to preserve any data: operations, litigation and regulation. Let's take a look at all three and see where companies can realize significant savings and avoid the risk of being caught unprepared.

Legal requirements

Meeting the legal requirements of discovery in litigation is a key reason for preserving electronic data. True “smoking gun” communications such as e-mails acknowledging wrongdoing are relatively rare. The greater risk facing corporations is being caught unprepared for discovery of electronic data. Opposing counsel will make sweeping demands for data preservation, knowing that the high cost of compliance can pressure the corporation and its insurance carriers to accept an unfavorable settlement. Or they'll seek (and often obtain!) an ex parte preservation order, asserting that the corporation is planning to or is actually in the process of destroying evidence. An unprepared company may be doing just that and not even realize it.

The best way to frustrate such attacks is pre-emption. At the first sign of litigation, the company should be ready to act. Such readiness means establishing a litigation response plan in advance. The legal staff should understand the plan and be ready to implement it at the first whiff of litigation. Once litigation is underway, the lawyers should develop a preservation plan specific to that particular case, and the plan should be in place ' not hypothetical. They should also undertake the limited acquisition and review of a targeted data sample. Again, this action should be underway, not hypothetical, before going in front of a judge to argue that your approach is better than your opponent's.

Then, if the other side rushes to court with an ex parte preservation demand, the corporation can show the judge that it already has a preservation plan underway and that the plan will ensure the retention of all relevant data. Typically, judges will favor sensible plans already in place over vague demands that the corporation preserve everything, relevant or not. But if it's a choice between two vastly different proposed plans, it is anybody's guess which one a judge will pick. An unfavorable decision can pressure the company to settle the case regardless of its merits.

Keeping the data you need

From the company's perspective, the most important reason to preserve data is operations; that is, keeping the data that the company needs to do its business. Companies employ a variety of methods to do this ' from individuals' saving data on their hard drives, to company-wide enterprise software, to disaster-recovery backup systems. Modern backup systems can be amazingly complex. The days of manually loading tapes into a drive and backing up the data on a server are fading fast. Some of the newest systems store hundreds, even thousands, of tapes in silos that are manipulated with robotic arms, with data spread across the tapes for optimal storage. So, an order to “preserve all tapes” or retrieve specific data from backups could be extremely expensive and physically all but impossible.

Such backup systems are not really meant for the preservation of evidence or routine daily use. Their purpose is disaster recovery. So even if it is possible to use them to hunt down missing documents, using them for such purposes fundamentally alters their function from disaster recovery to regular business use. And it can be very hard to argue against a sophisticated opponent that your company should not be required to search its “disaster recovery” tapes for litigation if it is already using them in the ordinary course of its day-to-day operations. So the decision is simple: either use backup systems for true disaster recovery or treat them as ad hoc document retention systems and risk having to spend a lot of time and money accessing them in litigation.

Regulatory requirements

The third major reason to keep electronic data is to meet regulatory requirements. The problem is that a typical company faces hundreds if not thousands of different regulations, many of which overlap, are inconsistent, are constantly changing, or were written without any of the other regulatory requirements in mind. So what do you say if someone asks, “How do you set up an electronic data management program for a given regulation such as Sarbanes Oxley?” The answer is simple: You Don't.

What a company really needs is a single program that manages all of its electronic data on a company-wide level for all its regulatory needs. Given the complexity and inconsistency of the requirements, trying to create a separate compliance program for each regulation would almost certainly be impossible. Most companies would likely fail miserably trying to set up, operate, monitor and update such a multiplicity of programs.

In light of the daunting regulatory requirements that companies face, the practical solution is to implement an enterprise level approach combining both human resources and technology that can be adapted and updated in real time to meet the retention and accessibility requirements of the increasingly complex regulatory matrix. Software applications already exist for this purpose and are rapidly improving as technology recognizes and attacks the problem.

Finally, it's not enough to have a good document retention program that addresses regulatory and other requirements. Arthur Andersen developed one of the most expensive, detailed and thorough record retention policies in corporate America. Their subsequent demise tells us that a policy is only as good as the system in place for implementing it. Besides a clear and concise policy, a company needs a training program, ongoing monitoring, auditing, frequent updating, defined responsibilities and individual accountability for success or failure. A policy that is not implemented and enforced may be worse than no policy at all.

Summary

When it comes to preserving data, the greatest risk is being caught unprepared. The result is an indefensible process that can lead to disproportionate costs or worse, civil or criminal liability, even the demise of the organization. The good news is that being prepared is relatively inexpensive ' compared to the high costs of dealing with electronic data in litigation or a regulatory action at the 11th hour. The savings gained from being prepared and having a system in place to deal with the demands of litigation, operations, and regulation should make any savvy CEO or CFO smile in approval. And now, under Sarbanes Oxley and other regulatory regimes, being prepared is required by law.