The ESI Race Heats Up

It's probably not a stretch to say that e-mail has been the single biggest factor in the creation of the electronic discovery industry as we know it today.

e-Mail, as a relatively new type of information medium, has always been incredibly valuable in a discovery context. It has a number of relatively unique attributes that make it almost singularly useful in establishing timelines and the mission-critical important litigation concept of “who knew what, when?”. This is because e-mail is laden with tons of useful metadata (data about data) such as “to/from” information, sent/received times, cc/bcc information, read receipts, forwarding information, etc. All of this metadata is then organized in a structured database of sorts (Outlook, most commonly) that easily permits custodian-level analysis, which is often the cornerstone of modern e-discovery efforts. In response to this treasure trove of information, numerous companies have created software applications to better harness the power of e-mail by reconstructing e-mail threads, adding in ways to detect duplicates/near duplicates and identifying missing participants to e-mail conversations and the like.

Files Are Biggest Source

Because of this historically unassailable pole position, e-mail has been seen as almost synonymous with e-discovery, in many ways to the detriment of other valuable forms of electronically stored information (ESI). But, that race has tightened up with several types of ESI overtaking e-mail (in terms of data types needed for litigation). In fact, e-mail actually ranked third in the recent 2011 Information Retention and e-Discovery Survey, conducted by Symantec. In this survey of legal and IT personnel at 2,000 enterprises, e-mail was no longer the primary source of ESI companies produced in response to e-discovery requests and governmental inquiries. When asked what types of documents were most commonly part of an e-discovery request, respondents selected both files/documents (67%) and database/application data (61%) ahead of e-mail (58%). Unlike a decade ago, the survey reveals that e-mail does not axiomatically equal e-discovery any longer. And, while it's easy to quibble with the underlying data or note that certain types of litigation favor/disfavor e-mail over others, the important thing to note isn't the decline of e-mail per se, but rather the ascendency of other data types, which now have an unquestioned position in the rapidly escalating e-discovery race.

To understand the ramifications of the increasingly heterogeneous nature of e-discovery requests, it is useful to contrast e-mail with discovery of both loose files and databases. From a practitioner's perspective, the key is to look at this increasingly broader palate of ESI to make sure that no one particular flavor of ESI is left out of the mix. Tactically, the first challenge is to ensure that the relevant (non-e-mail) types of ESI are properly identified, as that step is defined pursuant to the Electronic Discovery Reference Model (EDRM). This identification process is ideally conducted proactively, prior to any “hair on fire” reactive investigation or litigation event. Here, data mapping (while sometimes a Sisyphean exercise) is still useful to chart out big tranches of data stores, particularly for newer sources of ESI like cloud repositories of unstructured data, social media content and relational database systems. Having at least a semi-accurate data map in place can help to ensure that affected parties won't take an overly e-mail-centric approach to e-discovery.

Preservation Challenges

While awareness is an excellent first step, there are a number of tactical challenges as e-discovery moves beyond the traditional e-mail sweet spot. After identification, the next major e-discovery task is often to preserve potentially relevant ESI so that it isn't intentionally or unintentionally lost, altered or deleted. Database ESI is particularly vexing because relational databases are in constant motion, meaning that an application like a CRM system will have ESI elements that are updated, viewed, modified and exported ' conceivably by thousands of users on a nearly simultaneous basis. While it's often possible to take snapshots of these relational databases, any attempts to literally preserve this information would prevent users from making full business use of the applications and likely result in rioting in the streets.

Loose files are in some ways a much easier preservation quandary since those ESI elements, like Word documents stored on a network share drive, aren't as often in flux or linked to other content in a relational sense. The challenge here involves associating content with key custodians that are under a legal hold, since the unstructured nature of the information makes it harder (if not impossible, in some instances) to discern ownership information. For instances where ESI needs to be preserved strictly due to content topics, like in patent or product related litigation, the challenge is that this unstructured information is not often indexed, meaning that keyword searches aren't possible.

Collection

Collection, which is the next major step in the EDRM process, poses unique challenges as well, particularly for database ESI such as financial, transactional and operational systems. Here, the inherent power of database information is generated by its relational positioning/linking between other elements in the database. If a piece of information is taken out of the database (like a singular “opportunity” in a CRM system), much of the really useful context is lost, as this standalone piece of ESI often appears more like a fish out of water. As an example, all of the reporting functionality relating to this lone opportunity would be lost once extracted.

Be Proactive

Despite this rapidly changing ESI landscape, some organizations prefer to stay well behind the technology curve when it comes to new media types and information governance. Unfortunately for the laggards, it's becoming increasingly clear that companies can achieve positive ROI when displaying good information governance hygiene. The previously referenced survey found that companies that employ best practices, such as implementing information retention plans, automating the enforcement of legal holds and leveraging archiving tools instead of relying on backups, fare dramatically better when it comes to responding to e-discovery requests. In fact, proactive companies utilizing best practices were:

• 81% more likely to have a formal retention plan in place;
• 63% more likely to automate legal holds; and
• 50% more likely to use a formal archiving tool.

Not surprisingly, these top-tier companies were able to respond much faster and more successfully to e-discovery requests, often suffering fewer negative consequences with:

• 78% less likely to be sanctioned;
• 47% less likely to lead to a compromised legal position; and
• 45% less likely to disclose too much information.

This last bullet has a number of negative ramifications beyond just giving the opposition more ammo than was strictly necessary. Since much of the e-discovery process is volume based, particularly the eyes-on review component, every extra gigabyte of produced information costs the organization in both seen and unseen ways. Some have estimated that it costs between $3-$5 a document for manual attorney review, and at 50,000 pages to a gigabyte, these data-related expenses can really add up quickly.

On the other side of the coin, there were those companies in the survey with bad information governance hygiene. While this isn't terribly surprising, it is shocking to see how many entities fail to connect the dots between information governance and risk reduction. Despite the numerous risks, the survey found nearly half of the respondents did not have an information retention plan in place and, of this group, only 30% were discussing how to do so. Most shockingly, 14% appear to be ostriches with their heads in the sand and have no intentions of implementing any retention plan. When asked why they weren't taking action, respondents indicated lack of need (41%), too costly (38%), nobody has been chartered with that responsibility (27%), don't have time (26%) and lack of expertise (21%) as top reasons.

Conclusion

While it's hyperbole to say that e-mail isn't a relevant source of ESI any longer, it is important to note that the landscape of potentially relevant data sources has multiplied dramatically ' and threatens to do so for the foreseeable future. The primary ramification is that organizations need to prepare for e-discovery and governmental inquires by casting a wider ESI net that includes social media, cloud data, instant messaging and structured data systems. Forward-thinking companies should map out where all ESI resides company-wide so that these important sources do not go unrecognized. Once these sources of potentially responsive ESI are accounted for, the right e-discovery tools need to be deployed so that these disparate types of ESI can be defensibly collected and processed for review in a singular, efficient and auditable environment.

It's probably not a stretch to say that e-mail has been the single biggest factor in the creation of the electronic discovery industry as we know it today.

e-Mail, as a relatively new type of information medium, has always been incredibly valuable in a discovery context. It has a number of relatively unique attributes that make it almost singularly useful in establishing timelines and the mission-critical important litigation concept of “who knew what, when?”. This is because e-mail is laden with tons of useful metadata (data about data) such as “to/from” information, sent/received times, cc/bcc information, read receipts, forwarding information, etc. All of this metadata is then organized in a structured database of sorts (Outlook, most commonly) that easily permits custodian-level analysis, which is often the cornerstone of modern e-discovery efforts. In response to this treasure trove of information, numerous companies have created software applications to better harness the power of e-mail by reconstructing e-mail threads, adding in ways to detect duplicates/near duplicates and identifying missing participants to e-mail conversations and the like.

Files Are Biggest Source

Because of this historically unassailable pole position, e-mail has been seen as almost synonymous with e-discovery, in many ways to the detriment of other valuable forms of electronically stored information (ESI). But, that race has tightened up with several types of ESI overtaking e-mail (in terms of data types needed for litigation). In fact, e-mail actually ranked third in the recent 2011 Information Retention and e-Discovery Survey, conducted by Symantec. In this survey of legal and IT personnel at 2,000 enterprises, e-mail was no longer the primary source of ESI companies produced in response to e-discovery requests and governmental inquiries. When asked what types of documents were most commonly part of an e-discovery request, respondents selected both files/documents (67%) and database/application data (61%) ahead of e-mail (58%). Unlike a decade ago, the survey reveals that e-mail does not axiomatically equal e-discovery any longer. And, while it's easy to quibble with the underlying data or note that certain types of litigation favor/disfavor e-mail over others, the important thing to note isn't the decline of e-mail per se, but rather the ascendency of other data types, which now have an unquestioned position in the rapidly escalating e-discovery race.

To understand the ramifications of the increasingly heterogeneous nature of e-discovery requests, it is useful to contrast e-mail with discovery of both loose files and databases. From a practitioner's perspective, the key is to look at this increasingly broader palate of ESI to make sure that no one particular flavor of ESI is left out of the mix. Tactically, the first challenge is to ensure that the relevant (non-e-mail) types of ESI are properly identified, as that step is defined pursuant to the Electronic Discovery Reference Model (EDRM). This identification process is ideally conducted proactively, prior to any “hair on fire” reactive investigation or litigation event. Here, data mapping (while sometimes a Sisyphean exercise) is still useful to chart out big tranches of data stores, particularly for newer sources of ESI like cloud repositories of unstructured data, social media content and relational database systems. Having at least a semi-accurate data map in place can help to ensure that affected parties won't take an overly e-mail-centric approach to e-discovery.

Preservation Challenges

While awareness is an excellent first step, there are a number of tactical challenges as e-discovery moves beyond the traditional e-mail sweet spot. After identification, the next major e-discovery task is often to preserve potentially relevant ESI so that it isn't intentionally or unintentionally lost, altered or deleted. Database ESI is particularly vexing because relational databases are in constant motion, meaning that an application like a CRM system will have ESI elements that are updated, viewed, modified and exported ' conceivably by thousands of users on a nearly simultaneous basis. While it's often possible to take snapshots of these relational databases, any attempts to literally preserve this information would prevent users from making full business use of the applications and likely result in rioting in the streets.

Loose files are in some ways a much easier preservation quandary since those ESI elements, like Word documents stored on a network share drive, aren't as often in flux or linked to other content in a relational sense. The challenge here involves associating content with key custodians that are under a legal hold, since the unstructured nature of the information makes it harder (if not impossible, in some instances) to discern ownership information. For instances where ESI needs to be preserved strictly due to content topics, like in patent or product related litigation, the challenge is that this unstructured information is not often indexed, meaning that keyword searches aren't possible.

Collection

Collection, which is the next major step in the EDRM process, poses unique challenges as well, particularly for database ESI such as financial, transactional and operational systems. Here, the inherent power of database information is generated by its relational positioning/linking between other elements in the database. If a piece of information is taken out of the database (like a singular “opportunity” in a CRM system), much of the really useful context is lost, as this standalone piece of ESI often appears more like a fish out of water. As an example, all of the reporting functionality relating to this lone opportunity would be lost once extracted.

Be Proactive

Despite this rapidly changing ESI landscape, some organizations prefer to stay well behind the technology curve when it comes to new media types and information governance. Unfortunately for the laggards, it's becoming increasingly clear that companies can achieve positive ROI when displaying good information governance hygiene. The previously referenced survey found that companies that employ best practices, such as implementing information retention plans, automating the enforcement of legal holds and leveraging archiving tools instead of relying on backups, fare dramatically better when it comes to responding to e-discovery requests. In fact, proactive companies utilizing best practices were:

• 81% more likely to have a formal retention plan in place;
• 63% more likely to automate legal holds; and
• 50% more likely to use a formal archiving tool.

Not surprisingly, these top-tier companies were able to respond much faster and more successfully to e-discovery requests, often suffering fewer negative consequences with:

• 78% less likely to be sanctioned;
• 47% less likely to lead to a compromised legal position; and
• 45% less likely to disclose too much information.

This last bullet has a number of negative ramifications beyond just giving the opposition more ammo than was strictly necessary. Since much of the e-discovery process is volume based, particularly the eyes-on review component, every extra gigabyte of produced information costs the organization in both seen and unseen ways. Some have estimated that it costs between $3-$5 a document for manual attorney review, and at 50,000 pages to a gigabyte, these data-related expenses can really add up quickly.

On the other side of the coin, there were those companies in the survey with bad information governance hygiene. While this isn't terribly surprising, it is shocking to see how many entities fail to connect the dots between information governance and risk reduction. Despite the numerous risks, the survey found nearly half of the respondents did not have an information retention plan in place and, of this group, only 30% were discussing how to do so. Most shockingly, 14% appear to be ostriches with their heads in the sand and have no intentions of implementing any retention plan. When asked why they weren't taking action, respondents indicated lack of need (41%), too costly (38%), nobody has been chartered with that responsibility (27%), don't have time (26%) and lack of expertise (21%) as top reasons.

Conclusion

While it's hyperbole to say that e-mail isn't a relevant source of ESI any longer, it is important to note that the landscape of potentially relevant data sources has multiplied dramatically ' and threatens to do so for the foreseeable future. The primary ramification is that organizations need to prepare for e-discovery and governmental inquires by casting a wider ESI net that includes social media, cloud data, instant messaging and structured data systems. Forward-thinking companies should map out where all ESI resides company-wide so that these important sources do not go unrecognized. Once these sources of potentially responsive ESI are accounted for, the right e-discovery tools need to be deployed so that these disparate types of ESI can be defensibly collected and processed for review in a singular, efficient and auditable environment.