Balancing People and Processes with Technology in e-Discovery

In many instances and in many sectors, technology is looked to as the savior, since it's easy to simply focus on the “bright, shiny object” that will quickly and painlessly fix the problem at hand. The same is true in the legal industry when it comes to litigation and e-discovery. Unfortunately, technology is only part of the equation, unable to deliver the promised value without the inclusion of the equally important pillars of people and processes. While many recognize this as a truism, they nevertheless forget (or underemphasize) the importance of the other factors ' much to their detriment.

Defensibility

Initially, as we evaluate the sometimes-competing roles of people, processes and technology, we should look at each separately to determine (if possible) the impact of each on the overall defensibility equation ' since that's ultimately the litmus test hanging in the balance. Defensibility is core to a wide range of processes that may ultimately come under some semblance of judicial scrutiny within the e-discovery spectrum. Those that are not able to defend their e-discovery processes face the threat of sanctions, the loss of attorney client privilege, and/or the loss of work product protection.

As we first examine defensibility in the context of electronic discovery, we must accept, and perhaps embrace, that there is no singular answer, safe harbor or best practice. Similarly, no singular technology, process or person can single-handedly ensure defensibility. However, by understanding the standards defined by the case law and best practices, it is possible to hone in on the interplay between the three pillars.

Nobody's Perfect

As noted e-discovery jurist, Judge Shira Scheindlin, recently stated: “Courts cannot and do not expect that any party can meet a standard of perfection.” Given that there is no recipe for the mythical perfection, the best approach is one of balance ' meaning a relatively equal weighting across people, processes and technology. Illustrating the wisdom in this approach is relatively easy with hypotheticals such as the following:

• Industry-leading technology is used for the review of electronically stored information (“ESI”), where the process fails to call for the testing and iteration of search terms, resulting in terms without the requisite precision and recall. This scenario is almost guaranteed to omit critical elements for production and will likely not hold up under judicial scrutiny, meaning (potentially) the loss of work product protection.
• An industry veteran (with impeccable credentials) uses a subpar e-discovery application that overlooks certain relevant file types during processing, mistakenly categorizing them as system files and excluding them from downstream eyes-on review. Upon a likely challenge by the receiving party, this faulty combination too would most certainly fail to meet defensibility standards.
• A battle-tested, repeatable process is misused by a novice attorney or IT person who skips a critical metadata preservation step in the haste to meet impending production deadlines. This scenario as well would probably fail the reasonable test.

And so, while balance is important generally, as each electronic discovery reference model (“EDRM”) phase is examined in closer detail, it's easy to see how one pillar or another has particular priority. For each phase then, let's examine the relative importance of each pillar: people, processes and technology. It should be noted that in this regard, I have leveraged and modified the pioneering analysis of Ron Best, Director, Legal Information Systems at Munger, Tolles and Olson, LLP (http://www.mto.com/), which is focused on the importance of technology, workflow, people and project management across the EDRM phases. I have combined workflow and project management into a singular “processes” pillar for purposes of this article.

Identification

Generally speaking, this EDRM phase begins once a litigation hold is triggered. It involves the mapping out of active/inactive data sources, typically triangulating them with key players in the litigation/investigation. Technology plays a particularly strong role here because (fortunately) technical applications are useful in understanding where data may exist throughout an organization. People (generally in IT) are also helpful in locating relevant data silos, especially for offline or legacy systems. Last, but not least, it is often very useful to have a series of repeatable business processes surrounding the identification task so that there is sufficient project management and coordination, as a way to ensure that the requisite quality control checks are in place.

Preservation

Once ESI has been identified, preservation is the next EDRM task. Here, it's critical to minimize the risk of data spoliation by adequately preserving ESI, with a dedicated effort to ensure that ESI isn't accidentally lost, overwritten or destroyed. While certain technologies are important to ensure that ESI (and associated metadata) are properly preserved, the people and processes are relatively more important in this phase, since the tools need to be used properly by trained individuals who may have to testify about chain of custody or authentication.

Collection

Similar to the preservation phase above, forensically sound data collection tools are “table stakes” at this EDRM phase ' meaning that using anything substandard is an invitation for disaster. But, assuming those tools are used, the rubber really meets the road with the people (trained IT or information security practitioners) and good processes. Here again, there may be a need to have someone testify about workflow and methods; thus documentation surrounding a tried and true collection process will go a long way to establishing defensibility.

Processing

At this stage, where ESI is indexed, hashed, de-duplicated and prepared for review, technology leads the way. Next-generation processing tools can handle many of the project management tasks, since audit trails and status reports are often built in. Similarly, many of the tools are very user-friendly, so the personnel using the applications don't need significant e-discovery expertise to successfully navigate the process. Nevertheless, exception handling (for files that cannot be easily processed) is still a step that requires a good external process loop and hands-on expertise. Failing to resolve exceptions successfully is a trap for the unwary and can certainly result in spoliation sanctions.

Analysis

This step probably is one of the most balanced, since the analysis of ESI requires a pretty equal measure of good early-case assessment tools, trained practitioners with a sense of case strategy and a process framework regarding how and what to look for during the phase. The good news is that failures here likely won't result in any type of sanctions. Instead, there will be ramifications, likely taking the form of a sub-optimized review processes ' resulting in higher attorney review costs.

Review

Workflow, during the eyes-on review process, is key. Yes, the reviewers certainly need state-of-the-art technology, but as in the collection phase, those important tools are entry-level requirements for the review phase. The key to success lays in establishing a smooth and metrics-oriented workflow, as well as having the reviewers well trained in the methodology. Managing a review process by examining associated metrics (average review rates, rates by category, deviations from norms, etc.) is mandatory for any review process running at scale. Certainly, smaller review tasks can be accomplished on a more ad hoc basis, but review teams today are facing tsunamis of ESI, more often measured in terabytes than megabytes.

Production

During the (nearly) final EDRM phase of production, workflow often is the key pillar that will make or break a defensible process. Assuming again the presence of advanced technology, the need to conduct quality control processes is vital in order to tease out items that have inadvertently slipped through the review phase. Since inadvertent production of privileged content will often result in a privilege wavier, this step in many ways has the highest potential for disaster. And, with Federal Rules of Evidence 502 (and other common law doctrines) requiring a reasonableness inquiry in order to claw black inadvertently produced ESI, it's critical to have an acceptable quality control process and a meticulously documented audit trail. Anything short of those process steps imperils the ability to shore up the production phase, should anything unintentional occur. For the people pillar, it again may be conceivable that the process leader may have to testify about the methodology, particularly if there's a challenge. So, training and domain-oriented education here will help establish reasonableness.

Conclusion

In sum, the old adage about the importance of people, processes and technology couldn't be more critical in the e-discovery world. Yes, the tools are critical, but without the right operators, workflows and project management, there won't be the kind of defensibility that will stand up in court and allow litigators to sleep well at night.

In many instances and in many sectors, technology is looked to as the savior, since it's easy to simply focus on the “bright, shiny object” that will quickly and painlessly fix the problem at hand. The same is true in the legal industry when it comes to litigation and e-discovery. Unfortunately, technology is only part of the equation, unable to deliver the promised value without the inclusion of the equally important pillars of people and processes. While many recognize this as a truism, they nevertheless forget (or underemphasize) the importance of the other factors ' much to their detriment.

Defensibility

Initially, as we evaluate the sometimes-competing roles of people, processes and technology, we should look at each separately to determine (if possible) the impact of each on the overall defensibility equation ' since that's ultimately the litmus test hanging in the balance. Defensibility is core to a wide range of processes that may ultimately come under some semblance of judicial scrutiny within the e-discovery spectrum. Those that are not able to defend their e-discovery processes face the threat of sanctions, the loss of attorney client privilege, and/or the loss of work product protection.

As we first examine defensibility in the context of electronic discovery, we must accept, and perhaps embrace, that there is no singular answer, safe harbor or best practice. Similarly, no singular technology, process or person can single-handedly ensure defensibility. However, by understanding the standards defined by the case law and best practices, it is possible to hone in on the interplay between the three pillars.

Nobody's Perfect

As noted e-discovery jurist, Judge Shira Scheindlin, recently stated: “Courts cannot and do not expect that any party can meet a standard of perfection.” Given that there is no recipe for the mythical perfection, the best approach is one of balance ' meaning a relatively equal weighting across people, processes and technology. Illustrating the wisdom in this approach is relatively easy with hypotheticals such as the following:

• Industry-leading technology is used for the review of electronically stored information (“ESI”), where the process fails to call for the testing and iteration of search terms, resulting in terms without the requisite precision and recall. This scenario is almost guaranteed to omit critical elements for production and will likely not hold up under judicial scrutiny, meaning (potentially) the loss of work product protection.
• An industry veteran (with impeccable credentials) uses a subpar e-discovery application that overlooks certain relevant file types during processing, mistakenly categorizing them as system files and excluding them from downstream eyes-on review. Upon a likely challenge by the receiving party, this faulty combination too would most certainly fail to meet defensibility standards.
• A battle-tested, repeatable process is misused by a novice attorney or IT person who skips a critical metadata preservation step in the haste to meet impending production deadlines. This scenario as well would probably fail the reasonable test.

And so, while balance is important generally, as each electronic discovery reference model (“EDRM”) phase is examined in closer detail, it's easy to see how one pillar or another has particular priority. For each phase then, let's examine the relative importance of each pillar: people, processes and technology. It should be noted that in this regard, I have leveraged and modified the pioneering analysis of Ron Best, Director, Legal Information Systems at Munger, Tolles and Olson, LLP (http://www.mto.com/), which is focused on the importance of technology, workflow, people and project management across the EDRM phases. I have combined workflow and project management into a singular “processes” pillar for purposes of this article.

Identification

Generally speaking, this EDRM phase begins once a litigation hold is triggered. It involves the mapping out of active/inactive data sources, typically triangulating them with key players in the litigation/investigation. Technology plays a particularly strong role here because (fortunately) technical applications are useful in understanding where data may exist throughout an organization. People (generally in IT) are also helpful in locating relevant data silos, especially for offline or legacy systems. Last, but not least, it is often very useful to have a series of repeatable business processes surrounding the identification task so that there is sufficient project management and coordination, as a way to ensure that the requisite quality control checks are in place.

Preservation

Once ESI has been identified, preservation is the next EDRM task. Here, it's critical to minimize the risk of data spoliation by adequately preserving ESI, with a dedicated effort to ensure that ESI isn't accidentally lost, overwritten or destroyed. While certain technologies are important to ensure that ESI (and associated metadata) are properly preserved, the people and processes are relatively more important in this phase, since the tools need to be used properly by trained individuals who may have to testify about chain of custody or authentication.

Collection

Similar to the preservation phase above, forensically sound data collection tools are “table stakes” at this EDRM phase ' meaning that using anything substandard is an invitation for disaster. But, assuming those tools are used, the rubber really meets the road with the people (trained IT or information security practitioners) and good processes. Here again, there may be a need to have someone testify about workflow and methods; thus documentation surrounding a tried and true collection process will go a long way to establishing defensibility.

Processing

At this stage, where ESI is indexed, hashed, de-duplicated and prepared for review, technology leads the way. Next-generation processing tools can handle many of the project management tasks, since audit trails and status reports are often built in. Similarly, many of the tools are very user-friendly, so the personnel using the applications don't need significant e-discovery expertise to successfully navigate the process. Nevertheless, exception handling (for files that cannot be easily processed) is still a step that requires a good external process loop and hands-on expertise. Failing to resolve exceptions successfully is a trap for the unwary and can certainly result in spoliation sanctions.

Analysis

This step probably is one of the most balanced, since the analysis of ESI requires a pretty equal measure of good early-case assessment tools, trained practitioners with a sense of case strategy and a process framework regarding how and what to look for during the phase. The good news is that failures here likely won't result in any type of sanctions. Instead, there will be ramifications, likely taking the form of a sub-optimized review processes ' resulting in higher attorney review costs.

Review

Workflow, during the eyes-on review process, is key. Yes, the reviewers certainly need state-of-the-art technology, but as in the collection phase, those important tools are entry-level requirements for the review phase. The key to success lays in establishing a smooth and metrics-oriented workflow, as well as having the reviewers well trained in the methodology. Managing a review process by examining associated metrics (average review rates, rates by category, deviations from norms, etc.) is mandatory for any review process running at scale. Certainly, smaller review tasks can be accomplished on a more ad hoc basis, but review teams today are facing tsunamis of ESI, more often measured in terabytes than megabytes.

Production

During the (nearly) final EDRM phase of production, workflow often is the key pillar that will make or break a defensible process. Assuming again the presence of advanced technology, the need to conduct quality control processes is vital in order to tease out items that have inadvertently slipped through the review phase. Since inadvertent production of privileged content will often result in a privilege wavier, this step in many ways has the highest potential for disaster. And, with Federal Rules of Evidence 502 (and other common law doctrines) requiring a reasonableness inquiry in order to claw black inadvertently produced ESI, it's critical to have an acceptable quality control process and a meticulously documented audit trail. Anything short of those process steps imperils the ability to shore up the production phase, should anything unintentional occur. For the people pillar, it again may be conceivable that the process leader may have to testify about the methodology, particularly if there's a challenge. So, training and domain-oriented education here will help establish reasonableness.

Conclusion

In sum, the old adage about the importance of people, processes and technology couldn't be more critical in the e-discovery world. Yes, the tools are critical, but without the right operators, workflows and project management, there won't be the kind of defensibility that will stand up in court and allow litigators to sleep well at night.