Wednesday, November 24, 2010

Electronic Discovery Reference Model - Processing, Review and Analysis

Next Phases: Processing, Review and Analysis

Well we’ve made it half way through the Electronic Discovery Reference Model and are now at the stack of blue processes: Processing, Review, and Analysis. The triggering event has occurred, and it is now time to execute your eDiscovery plan as cost effectively as is possible.

What distinguishes this point in the eDiscovery process is its cost. Even though you’re half way through the model and nearly at the point where you’ve culled the content down to the point of increasing relevancy, this is the ouch point. Luckily you’ve culled the collection somewhat, because this review is labor intensive, considering relevance, privilege, confidentiality, and then tagging what you’ve found. According to Attorney Ralph Losey at the recent EMC Writer’s summit, the cost to process and review each digital file averages $5. With 16,000 files on average per gigabyte, that’s $80,000. Suppose there are 10 custodians (those responsible for controlling and granting access to enterprise electronic files and protecting them) and each is responsible for 50,000 emails with attachments. That’s a half million pieces of electronically stored information (ESI). You can see how costs can mount up.

Yet the processing phase is where lots of problems can occur and the money meter is spinning. IT (custodian for enterprise information) and attorneys speak very different languages. Information –in the gigabytes—are all over the place. Moreover, general purpose ECM systems in general do not manage email well – and email could provide a modern-day paraphrase of Willie Sutton: “because that’s where the evidence is,” the treasure trove for litigation.

Not to harp too much on the Information Management part of the model, but it is critical to prepare for triggering events by having a litigation response plan or LRP. Without a well managed Information Management plan, you will have too much information to deal with. You do not want to produce information that is outside the discovery timeframe (more time to process and potential legal exposure). You also want a credible, effective way to comply with the request for information in the triggering event. If you have been proactive regarding eDiscovery events, you already have a litigation response plan or LRP. Among other things, this plan includes a data gathering strategy for ALL your Electronically Stored Information. In essence, the LRP includes creating a map of all your information systems. Among other things, this includes network drives, content management systems, PDAs, cell phones, personal computers, email, even instant messages and text messages. You also need an efficient backup strategy that is more than just backing up email PST files once a week to tape. And of course, document all your LRP work and keep it up to date, saving each version so you can refer to the scope of the plan for the timeframe relevant to the triggering event. If it isn’t documented, opposing counsel may rightly assert that it doesn’t exist.

I believe that, among other things, you need the right kind of tools to manage email. You also should have enterprise policies for using email that reduce legal exposure as part of an overall litigation response plan. You can’t overestimate the importance of that very first step, Information Management – getting control over all information, including email, to reduce effort and cost throughout the cycle. Ursula Talley of StoredIQ told me that eDiscovery is a systemic concern, and that “. . . proactive information management will reduce costs and time of eDiscovery” while providing better long-term results. Analysis requires the use of search systems, but this goes way beyond a Google Appliance. She suggests full-text indexing for relatively static content and “thindexing” (an index of metadata) applied to content such as email belonging to the custodians.
Even assuming you have somehow transformed your Digital Landfill (unmanaged and unmapped content of all kinds) into a digital Greenfield (managed and mapped), you must still be sure that any underlying eDiscovery tools you have to work through all your content is scalable. Andrew Cohen, EMC’s VP for Compliance Solutions, said to me that the critical functions for your eDiscovery technical solution include: The ability to scale across 100’s of Terabytes of content within your enterprise; the ability to apply that tool to all content repositories (even laptops and desktops), and a consistent set of policies managed by Legal and IT.

How much does an eDiscovery system cost? Assuming you’re merely adding to your technology stack from a single ECM vendor, the costs go way beyond product costs. Again, Cohen said that the cost breakdown over an eDiscovery implementation is roughly as follows: product cost (35% of the total), implementation costs (10%), planning/policy making (50%), and annual maintenance 5%.

In Summary

Efficient, credible processing, reviewing and analyzing your electronically stored information requires a litigation response plan, developed collaboratively with your legal, records management, and IT organizations. The more conscientious you have been in the earlier stages, the less costly will these phases be and the more likely you will survive the eDiscovery challenge. It is expensive and time-consuming to clean up your digital landfill and step-by-step get it under control as a virtual Greenfield, those costs pale compared to the costs of ad hoc reaction to eDiscovery events.