The e-Discovery Balancing Act

There are two unstoppable trends in e-discovery. First, corporate executives are becoming acutely aware that they are ultimately responsible for their organization's e-discovery results, which in some instances is a rude awakening since they can no longer claim ignorance or try to put the blame for any missteps on their law firms or litigation-support providers. Second, to lower costs and gain more control of the e-discovery process, enterprises are bringing certain steps of e-discovery in-house. As a result of these two trends, progressive corporations are starting to treat e-discovery as any other standard corporate business process: repeatable, defensible and measurable.

This new dynamic raises an obvious question: What portions of the e-discovery process are best suited to be “in-sourced,” and how do IT professionals within an enterprise work with their partners to ensure effective collaboration/communication?

Finding the Right Mix

This article discusses the best practices to achieve the right mix of in-house and outsourced expertise. We begin by listing a set of criteria that can be used to determine whether an in-house, outsourced or hybrid model is the right approach for a particular situation (i.e., is “in-sourcing” right for you?). From there, we analyze the various e-discovery phases as referenced in the Electronic Discovery Reference Model (“EDRM”) and provide guidelines on the right approaches for each phase.

While certainly not an exhaustive list, the following details a number of factors that should be analyzed to determine whether an in-house, outsourced or hybrid model is the right approach for your enterprise:

• Company Profile. While this inquiry certainly isn't black and white, it's important to understand the litigation profile of the organization, specifically with reference to whether the entity is in a heavily regulated vertical (energy, financial services, pharmaceutical, etc.). In sum, this analysis (which ideally spans at least several quarters) will shed light on the nature and complexity of the company's litigation and regulatory posture.
• Litigation Volume/Type. Similar to the above analysis, the goal here is to map out the frequency and type of litigation (“bet the company” or otherwise) while also examining cyclicality ( i.e., what's the normal flow and are there any peak periods that can be anticipated?).
• Cost vs. Budget. Does the company have an e-discovery budget? Is it in the form of capital expenditures to proactively manage the process (ideal) or does it react to matters using operating budgets (less ideal)? The goal would be to start a trending analysis to determine how much each e-discovery phase costs per engagement in order to develop a picture of the potential return on investment (“ROI”) for proposed changes.
• Varying Requirements. This factor evaluates how routine e-discovery use cases are within an organization. For example, a non-regulated entity may have most of its litigation centered around HR issues. In that case, the scope of the e-discovery tasks may be fairly “vanilla.” Other, more complex or diverse companies might find themselves in situations where every e-discovery matter looks different due to legacy/proprietary systems, differing outside counsel (and approaches to e-discovery) and the need for expert testimony and/or auditing.

Once an accurate picture of the litigation/investigation profile can be compiled, it's important to take an inventory of existing e-discovery processes, tools and personnel who may work on a given task. In many instances, there will be very hard and fast distinctions between legal, IT, records management and the business units. In other (more progressive) situations, the company may have crafted a cross-functional e-discovery team that bridges the gap between all the interconnected groups.

General guidelines can be used to establish logical separations of duties while taking into account the two most important aspects of e-discovery: defensibility and cost. For example, certain tasks might be outsourced to external service providers (e.g., forensic collections and large scale, distributed review) and other critical tasks might be likely in-house candidates (e.g., early case assessment, file type culling, processing, analysis) in order to ensure the highest level of defensibility at the lowest cost. The process should be done collectively between both parties to facilitate a sense of shared cooperation while mitigating duplication efforts between teams.

Breaking Down e-Discovery

To avoid “boil the ocean” type paralysis, the best way to tease apart the various processes, people and tools is to focus on each step of the EDRM one step at a time. While the reality is that e-discovery isn't so neat or linear, there is value in isolating the discrete phases for initial simplification.

The first EDRM step (following upstream data/records management) is Identification, which is defined as “the process of learning the location of all data which you or your client may have a duty to preserve and potentially disclose in a pending or prospective legal proceeding.” Practically speaking, the main tasks here revolve around the identification of “key players” in the litigation. Once this task is complete, the next step is to map those custodians to electronically stored information (“ESI”) sources, data types, date ranges, etc., which helps facilitate meet and confer obligations as well as “inaccessibility” arguments (per Federal Rules of Civil Procedure (“FRCP”) 26(b)2(B)).

• In-source if ' Internal IT has the capability to help legal create a map of all relevant data sources and there's a desire to minimize costs by staffing internally. But, it's important to evaluate both the capabilities of the internal staff and its availability to spend time on the tasks at hand.
• Outsource when ' Internal staff has limited availability or there's a desire to make “inaccessibility” arguments to show that harvesting data would present an undue burden.

The next EDRM step is Preservation, which is defined as “ensuring that ESI is protected against inappropriate alteration or destruction.” The triggering event for preservation is often a trap for the unwary since it begins when litigation is “reasonably likely,” not necessarily at a later date when the litigation is actually filed. In order to defensibly manage this process, many organizations deploy systems to track receipt and acknowledgement of “hold” notices.

• In-source if ' Legal and IT can coordinate to successfully place and enforce the “hold” notices. But, even in this scenario it's advisable to work with outside counsel to define the contours/language of notices and to reinforce reminders over time so that data custodians don't forget about their obligations.
• Outsource when ' In certain instances ( i.e., highly contentious or “bet the company” litigation), it may be desirable to have a neutral third party oversee the preservation process since their neutrality may positively impact their ability to testify about the defensibility of the process.

Preservation is followed by the Collection phase, which is defined as “gathering ESI for further use in the electronic discovery process (processing, review, etc.).” The key here is that the collection must be done in a manner that ensures admissibility, meaning that data authentication and chain of custody protocols must be adhered to if the process is to pass judicial muster. The challenge is that the collecting party may have to interface with disparate and difficult data sources, including legacy systems, proprietary applications and the like. There may even be a need to create forensic (bit-for-bit) images of individual systems.

• In-source if ' Select file types are easily harvested by capable IT personnel using proven tools that don't change metadata. This area is the most likely to require testimony so it's important to consider how a given individual would appear on the stand or in a deposition.
• Outsource when ' The litigation is contentious and requires testimony or if there are difficult file types requiring external expertise.

Processing is defined as “reducing the volume of ESI and converting it, if necessary, to forms more suitable for review and analysis.” This stage is typically the most expensive in the e-discovery workflow and thus typically the first target for bringing in-house because the ROI can be so impactful. The main goal here is to reduce data volumes for downstream attorney review (see below), since attorney evaluation (for relevancy and privilege) of information is often quoted as running between $3.00 and $5.00 per document. Any steps to limit the data volume by defensibly de-duplicating data, file type culling, indexing, e-mail threading, etc., will more than offset the processing costs.

• In-source if ' Seeking cost savings and case control across multiple matters.
• Outsource when ' Litigation isn't predictable or volume is a handful of small cases.

Analysis often works hand-in-hand with processing and is defined as “the process of evaluating a collection of electronic discovery materials to determine relevant summary information, such as key topics of the case, important people, specific vocabulary and jargon, and important individual documents.” This type of analysis can be extremely valuable as it permits early case assessment that objectively analyzes the data to get a sense of the case (key players, data volumes, date ranges, smoking guns, etc.). This type of information helps with the development of case strategies, preparation for meet and confer conferences and planning out the longer term e-discovery processes. It can be particularly useful if the case contains bad facts that may precipitate an early settlement.

• In-source if ' The enterprise has investigations, wants to do iterative searches to identify relevant keywords, rapidly cull down data or perform early case assessments. These tasks are best handled internally, so that individuals with first-hand knowledge of the matter can quickly act on the data.
• Outsource when ' Data is going to be put through a page-by-page review since there is not much need for analysis. This linear, brute force review process is diminishing in frequency.

In a way, all of the proceeding steps have been performed to permit a fast and accurate attorney Review process, which is defined as a way to “sort out responsive documents to produce and privileged documents to withhold.” In the days before e-discovery, this task was a purely manual exercise with attorneys reading physical pages one after another. Now, with the advent of next generation review tools it's possible to conduct the review process in vastly more efficient stages. For example, many companies will use paralegals and contract attorneys to conduct a “first pass” review that removes irrelevant chaff from relevant “hot” documents that will be perused by attorneys intimately familiar with the case. This prioritization process is dramatically more efficient that traditional linear, brute force review processes because it saves time and money.

• In-source if ' There are efficiencies achieved by doing a first pass review or data culling before sending off to outside counsel. Smaller matters and internal investigations are often well suited to an internal review process.
• Outsource when ' The requirements call for a hosted review, massive attorney review teams (100+) or when specific review applications are dictated by counsel.

Production is the last significant stage in the e-discovery process, and is defined as “delivering ESI to others in appropriate forms and using appropriate delivery mechanisms.” The challenge with this stage is that specific requirements from the requesting party may be hard to accommodate if all the upstream steps haven't been conducted with a particular end in mind. For example, if the requesting party wants a native file production with metadata, then this will be extremely difficult if the producing party has turned native files into .tiff images during the processing stage. One of the more important areas to consider here is the handling of metadata since it may or may not be needed in the production. Fortunately, there are emerging XML standards that have been promulgated by the EDRM group as a way to minimize the hundreds of disparate production options.

• In-source if ' Production formats can be pre-negotiated to native or XML standards.
• Outsource when ' Meeting complex load specifications.

Conclusion

The decision to bring components of the e-discovery process in-house can be complex, but this complexity shouldn't deter enterprises from undertaking this evaluation since the savings and process improvements can be dramatic. The process should be done collectively between all involved internal constituents to get maximum buy in, while mitigating duplication efforts between teams. Keep in mind that prioritization is key. Therefore, it's important to avoid attempts to fix the entire process at once. Instead, focus on the most costly and integral parts of e-discovery, such as processing, analysis and review. Finally, don't lose sight of the goal: to simultaneously reduce cost while increasing the overall defensibility of the process.

There are two unstoppable trends in e-discovery. First, corporate executives are becoming acutely aware that they are ultimately responsible for their organization's e-discovery results, which in some instances is a rude awakening since they can no longer claim ignorance or try to put the blame for any missteps on their law firms or litigation-support providers. Second, to lower costs and gain more control of the e-discovery process, enterprises are bringing certain steps of e-discovery in-house. As a result of these two trends, progressive corporations are starting to treat e-discovery as any other standard corporate business process: repeatable, defensible and measurable.

This new dynamic raises an obvious question: What portions of the e-discovery process are best suited to be “in-sourced,” and how do IT professionals within an enterprise work with their partners to ensure effective collaboration/communication?

Finding the Right Mix

This article discusses the best practices to achieve the right mix of in-house and outsourced expertise. We begin by listing a set of criteria that can be used to determine whether an in-house, outsourced or hybrid model is the right approach for a particular situation (i.e., is “in-sourcing” right for you?). From there, we analyze the various e-discovery phases as referenced in the Electronic Discovery Reference Model (“EDRM”) and provide guidelines on the right approaches for each phase.

While certainly not an exhaustive list, the following details a number of factors that should be analyzed to determine whether an in-house, outsourced or hybrid model is the right approach for your enterprise:

• Company Profile. While this inquiry certainly isn't black and white, it's important to understand the litigation profile of the organization, specifically with reference to whether the entity is in a heavily regulated vertical (energy, financial services, pharmaceutical, etc.). In sum, this analysis (which ideally spans at least several quarters) will shed light on the nature and complexity of the company's litigation and regulatory posture.
• Litigation Volume/Type. Similar to the above analysis, the goal here is to map out the frequency and type of litigation (“bet the company” or otherwise) while also examining cyclicality ( i.e., what's the normal flow and are there any peak periods that can be anticipated?).
• Cost vs. Budget. Does the company have an e-discovery budget? Is it in the form of capital expenditures to proactively manage the process (ideal) or does it react to matters using operating budgets (less ideal)? The goal would be to start a trending analysis to determine how much each e-discovery phase costs per engagement in order to develop a picture of the potential return on investment (“ROI”) for proposed changes.
• Varying Requirements. This factor evaluates how routine e-discovery use cases are within an organization. For example, a non-regulated entity may have most of its litigation centered around HR issues. In that case, the scope of the e-discovery tasks may be fairly “vanilla.” Other, more complex or diverse companies might find themselves in situations where every e-discovery matter looks different due to legacy/proprietary systems, differing outside counsel (and approaches to e-discovery) and the need for expert testimony and/or auditing.

Once an accurate picture of the litigation/investigation profile can be compiled, it's important to take an inventory of existing e-discovery processes, tools and personnel who may work on a given task. In many instances, there will be very hard and fast distinctions between legal, IT, records management and the business units. In other (more progressive) situations, the company may have crafted a cross-functional e-discovery team that bridges the gap between all the interconnected groups.

General guidelines can be used to establish logical separations of duties while taking into account the two most important aspects of e-discovery: defensibility and cost. For example, certain tasks might be outsourced to external service providers (e.g., forensic collections and large scale, distributed review) and other critical tasks might be likely in-house candidates (e.g., early case assessment, file type culling, processing, analysis) in order to ensure the highest level of defensibility at the lowest cost. The process should be done collectively between both parties to facilitate a sense of shared cooperation while mitigating duplication efforts between teams.

Breaking Down e-Discovery

To avoid “boil the ocean” type paralysis, the best way to tease apart the various processes, people and tools is to focus on each step of the EDRM one step at a time. While the reality is that e-discovery isn't so neat or linear, there is value in isolating the discrete phases for initial simplification.

The first EDRM step (following upstream data/records management) is Identification, which is defined as “the process of learning the location of all data which you or your client may have a duty to preserve and potentially disclose in a pending or prospective legal proceeding.” Practically speaking, the main tasks here revolve around the identification of “key players” in the litigation. Once this task is complete, the next step is to map those custodians to electronically stored information (“ESI”) sources, data types, date ranges, etc., which helps facilitate meet and confer obligations as well as “inaccessibility” arguments (per Federal Rules of Civil Procedure (“FRCP”) 26(b)2(B)).

• In-source if ' Internal IT has the capability to help legal create a map of all relevant data sources and there's a desire to minimize costs by staffing internally. But, it's important to evaluate both the capabilities of the internal staff and its availability to spend time on the tasks at hand.
• Outsource when ' Internal staff has limited availability or there's a desire to make “inaccessibility” arguments to show that harvesting data would present an undue burden.

The next EDRM step is Preservation, which is defined as “ensuring that ESI is protected against inappropriate alteration or destruction.” The triggering event for preservation is often a trap for the unwary since it begins when litigation is “reasonably likely,” not necessarily at a later date when the litigation is actually filed. In order to defensibly manage this process, many organizations deploy systems to track receipt and acknowledgement of “hold” notices.

• In-source if ' Legal and IT can coordinate to successfully place and enforce the “hold” notices. But, even in this scenario it's advisable to work with outside counsel to define the contours/language of notices and to reinforce reminders over time so that data custodians don't forget about their obligations.
• Outsource when ' In certain instances ( i.e., highly contentious or “bet the company” litigation), it may be desirable to have a neutral third party oversee the preservation process since their neutrality may positively impact their ability to testify about the defensibility of the process.

Preservation is followed by the Collection phase, which is defined as “gathering ESI for further use in the electronic discovery process (processing, review, etc.).” The key here is that the collection must be done in a manner that ensures admissibility, meaning that data authentication and chain of custody protocols must be adhered to if the process is to pass judicial muster. The challenge is that the collecting party may have to interface with disparate and difficult data sources, including legacy systems, proprietary applications and the like. There may even be a need to create forensic (bit-for-bit) images of individual systems.

• In-source if ' Select file types are easily harvested by capable IT personnel using proven tools that don't change metadata. This area is the most likely to require testimony so it's important to consider how a given individual would appear on the stand or in a deposition.
• Outsource when ' The litigation is contentious and requires testimony or if there are difficult file types requiring external expertise.

Processing is defined as “reducing the volume of ESI and converting it, if necessary, to forms more suitable for review and analysis.” This stage is typically the most expensive in the e-discovery workflow and thus typically the first target for bringing in-house because the ROI can be so impactful. The main goal here is to reduce data volumes for downstream attorney review (see below), since attorney evaluation (for relevancy and privilege) of information is often quoted as running between $3.00 and $5.00 per document. Any steps to limit the data volume by defensibly de-duplicating data, file type culling, indexing, e-mail threading, etc., will more than offset the processing costs.

• In-source if ' Seeking cost savings and case control across multiple matters.
• Outsource when ' Litigation isn't predictable or volume is a handful of small cases.

Analysis often works hand-in-hand with processing and is defined as “the process of evaluating a collection of electronic discovery materials to determine relevant summary information, such as key topics of the case, important people, specific vocabulary and jargon, and important individual documents.” This type of analysis can be extremely valuable as it permits early case assessment that objectively analyzes the data to get a sense of the case (key players, data volumes, date ranges, smoking guns, etc.). This type of information helps with the development of case strategies, preparation for meet and confer conferences and planning out the longer term e-discovery processes. It can be particularly useful if the case contains bad facts that may precipitate an early settlement.

• In-source if ' The enterprise has investigations, wants to do iterative searches to identify relevant keywords, rapidly cull down data or perform early case assessments. These tasks are best handled internally, so that individuals with first-hand knowledge of the matter can quickly act on the data.
• Outsource when ' Data is going to be put through a page-by-page review since there is not much need for analysis. This linear, brute force review process is diminishing in frequency.

In a way, all of the proceeding steps have been performed to permit a fast and accurate attorney Review process, which is defined as a way to “sort out responsive documents to produce and privileged documents to withhold.” In the days before e-discovery, this task was a purely manual exercise with attorneys reading physical pages one after another. Now, with the advent of next generation review tools it's possible to conduct the review process in vastly more efficient stages. For example, many companies will use paralegals and contract attorneys to conduct a “first pass” review that removes irrelevant chaff from relevant “hot” documents that will be perused by attorneys intimately familiar with the case. This prioritization process is dramatically more efficient that traditional linear, brute force review processes because it saves time and money.

• In-source if ' There are efficiencies achieved by doing a first pass review or data culling before sending off to outside counsel. Smaller matters and internal investigations are often well suited to an internal review process.
• Outsource when ' The requirements call for a hosted review, massive attorney review teams (100+) or when specific review applications are dictated by counsel.

Production is the last significant stage in the e-discovery process, and is defined as “delivering ESI to others in appropriate forms and using appropriate delivery mechanisms.” The challenge with this stage is that specific requirements from the requesting party may be hard to accommodate if all the upstream steps haven't been conducted with a particular end in mind. For example, if the requesting party wants a native file production with metadata, then this will be extremely difficult if the producing party has turned native files into .tiff images during the processing stage. One of the more important areas to consider here is the handling of metadata since it may or may not be needed in the production. Fortunately, there are emerging XML standards that have been promulgated by the EDRM group as a way to minimize the hundreds of disparate production options.

• In-source if ' Production formats can be pre-negotiated to native or XML standards.
• Outsource when ' Meeting complex load specifications.

Conclusion

The decision to bring components of the e-discovery process in-house can be complex, but this complexity shouldn't deter enterprises from undertaking this evaluation since the savings and process improvements can be dramatic. The process should be done collectively between all involved internal constituents to get maximum buy in, while mitigating duplication efforts between teams. Keep in mind that prioritization is key. Therefore, it's important to avoid attempts to fix the entire process at once. Instead, focus on the most costly and integral parts of e-discovery, such as processing, analysis and review. Finally, don't lose sight of the goal: to simultaneously reduce cost while increasing the overall defensibility of the process.