Electronic Discovery Reference Model –Production and Presentation

Well we now in the final phases. You’ve identified, preserved, and collected all information relevant to the triggering event. You’ve winnowed it down to a potpourri of email, Office files, rich media, and highly complex things like CAD files . Now you’re in the final stretch, getting that Electronically Stored Information (ESI) that both sides in the lawsuit agree is relevant and must be handed over. If you’re lucky, both sides have agreed to have a settlement conference where the matter can end there. If you’re not lucky, you proceed with the two final steps.

How do you complete these last two steps, Production and Presentation? What unexpected hazards should you watch out for so you can be confident that you’ve done everything legally required and can step aside, letting the prosecuting and defense lawyers take over from here?

Production

 

Here is where opposing attorneys “meet and confer,” agreeing (among other things) on the format that the relevant material will be produced for presentation, how to preserve or select metadata, and redaction rules. Production of ESI is not as simple as you might think, for two reasons – one that is just emerging, and one that is obvious.  Let’s take the obvious one first: Format. And to keep things simpler than they are becoming, lets restrict this discussion to email, Office documents, and complex design files. You may not be so lucky to be able to exclude social and rich media. Rich media can be everything from recorded voicemail to video. Social media means everything from Text messages to blog entries, and often is produced collaboratively.
 
For simplicity’s sake, the EDRM standard presents four options:

• Paper (gasp!)
• Quasi-Paper
• Quasi-Native and
• Native.

Essentially these options range from the easiest to produce to the easiest to use.  Printing to paper may seem both archaic and easy. Paper is fragile but stable and usually easy to produce. However, volume can be an issue (think time and money), and paper is not easy to search with anything but eyeballs. Still, paper is easy to understand and often a favorite.  However, if the information is not in your country’s most common format –- 8 and 1/2 inches in the U.S.—you will have to decide whether to tile information (hard to use) or find and pay for services to print non-standard sizes like architectural drawings. And if your firm is international, you’ll have to deal with several dimensions of paper.  And of course if Computer-Aided-Design or other multi-layer artifacts are in the mix, “printing” the CAD file just got immeasurably harder. Tiling or printing on large format paper can make it hard to correlate the layers. And always remember: If the files can have attachments or links to other files, those other things are also in the collection you must produce.
 
Quasi-paper refers to a high-fidelity digital format that looks like the paper original but can offer the advantage of speedy production and full-text (or simple string) searching.  The two most common forms of quasi-paper are TIFF for images, and Adobe PDF.  TIFF can be slightly higher fidelity than PDF but does not allow for text searching. And TIFF –even when compressed—can be very large.  Yet once again, problems arise that are similar to those of paper.
 
Even more easy to produce, and possibly easier to use, is “Quasi-Native” digitization.  Quasi-native formats are often exports from databases to flat files, ASCII, CSV or similar formats. They have the advantage of not requiring the opposing attorney to scrounge up the application to match your particular database or other complex information. Yet clearly the export formats, while searchable, do not capture much structure and can be quite hard to use.
 
Lastly, the easiest format to produce and use, with limitations, is native format. This simply means the format –whatever it is—that applications containing the information normally use to create, edit and store the files. This is the most useful format of all, and may require the opposing side to acquire applications (of certain versions) that they do not have. Additionally, native formats may be impossible to redact or to select and extract “pages” from the native files for the case.
 
What else could go wrong? After all, you’ve covered the formats and earlier you secured those files. The biggest issues could be where those files are located.  If inside a content management system, access controls could slow down the process. If inside an email backup file, they could be very difficult to selectively find and manage.  Those examples are inside your firewall. Suppose, like many firms you’ve begun storing your files or using applications in a public or multi-tenant web cloud. Who cares? It’s the same data, right? Yes, but where is the cloud, are there many clouds, and what agreements with the cloud service providers do you have for eDiscovery?

If your firm is located in only one country, the job gets easier but can still be difficult. Let’s take the example of your cloud service being only in the U.S. There are many privacy laws that could be barriers to complete production. These could affect both you and your cloud provider. Examples include the Health Insurance Portability and Protection Act (HIPPA), the Gramm-Leach-Biley Act (GLBA) also known as the Financial Services Modernization Act. And if your information is kept internationally (or if your cloud vendors are), each country has its own privacy law counterparts, most different from the others.

Presentation

Finally, there is presentation, where the rubber meets the road.  The definition provided by EDRM.NET is “Displaying ESI before audiences (at depositions, hearings, trials, etc.), especially in native & near-native forms, to elicit further information, validate existing facts or positions, or persuade an audience.” EDRM.NET decomposes this final stage as a series of processes, from start to finish: “Develop Presentation Strategy / Plan, Select Exhibits / Format, Prepare and Test Exhibits, Present Exhibits, and finally Store / Maintain Exhibits.”
You can think of this as the lifecycle of a CSI show, running from the initial script and production planning through the actual courtroom drama. And since the presentation materials may be needed in an appeal, or at least must be treated as an official record, you must keep and maintain them in ways that meet recordkeeping and legal requirements.

No wonder some defendants simply throw in the towel and agree to pay at the very beginning.

In Summary

The final two steps in the EDRM model depend on the quality and quantity of ESI collected in the earlier steps. There are many dimensions of risk, some of which are legal, organizational, and IT subject matter experts.  Responding to an eDiscovery mandate requires many disparate resources and skill sets.  The proverbial proactive ounce of prevention applies here. Having an ongoing, documented, and understood information management process at the beginning is key. Part of that plan, an up-to-date file plan, is also required. Do these proactively and you’ve invested an ounce that can become worth a pound of after-the-fact cure.

Electronic Discovery Reference Model - Processing, Review and Analysis

Next Phases: Processing, Review and Analysis

Well we’ve made it half way through the Electronic Discovery Reference Model and are now at the stack of blue processes: Processing, Review, and Analysis. The triggering event has occurred, and it is now time to execute your eDiscovery plan as cost effectively as is possible.

What distinguishes this point in the eDiscovery process is its cost. Even though you’re half way through the model and nearly at the point where you’ve culled the content down to the point of increasing relevancy, this is the ouch point. Luckily you’ve culled the collection somewhat, because this review is labor intensive, considering relevance, privilege, confidentiality, and then tagging what you’ve found. According to Attorney Ralph Losey at the recent EMC Writer’s summit, the cost to process and review each digital file averages $5. With 16,000 files on average per gigabyte, that’s $80,000. Suppose there are 10 custodians (those responsible for controlling and granting access to enterprise electronic files and protecting them) and each is responsible for 50,000 emails with attachments. That’s a half million pieces of electronically stored information (ESI). You can see how costs can mount up.

Yet the processing phase is where lots of problems can occur and the money meter is spinning. IT (custodian for enterprise information) and attorneys speak very different languages. Information –in the gigabytes—are all over the place. Moreover, general purpose ECM systems in general do not manage email well – and email could provide a modern-day paraphrase of Willie Sutton: “because that’s where the evidence is,” the treasure trove for litigation.

Not to harp too much on the Information Management part of the model, but it is critical to prepare for triggering events by having a litigation response plan or LRP. Without a well managed Information Management plan, you will have too much information to deal with. You do not want to produce information that is outside the discovery timeframe (more time to process and potential legal exposure). You also want a credible, effective way to comply with the request for information in the triggering event. If you have been proactive regarding eDiscovery events, you already have a litigation response plan or LRP. Among other things, this plan includes a data gathering strategy for ALL your Electronically Stored Information. In essence, the LRP includes creating a map of all your information systems. Among other things, this includes network drives, content management systems, PDAs, cell phones, personal computers, email, even instant messages and text messages. You also need an efficient backup strategy that is more than just backing up email PST files once a week to tape. And of course, document all your LRP work and keep it up to date, saving each version so you can refer to the scope of the plan for the timeframe relevant to the triggering event. If it isn’t documented, opposing counsel may rightly assert that it doesn’t exist.

I believe that, among other things, you need the right kind of tools to manage email. You also should have enterprise policies for using email that reduce legal exposure as part of an overall litigation response plan. You can’t overestimate the importance of that very first step, Information Management – getting control over all information, including email, to reduce effort and cost throughout the cycle. Ursula Talley of StoredIQ told me that eDiscovery is a systemic concern, and that “. . . proactive information management will reduce costs and time of eDiscovery” while providing better long-term results. Analysis requires the use of search systems, but this goes way beyond a Google Appliance. She suggests full-text indexing for relatively static content and “thindexing” (an index of metadata) applied to content such as email belonging to the custodians.
Even assuming you have somehow transformed your Digital Landfill (unmanaged and unmapped content of all kinds) into a digital Greenfield (managed and mapped), you must still be sure that any underlying eDiscovery tools you have to work through all your content is scalable. Andrew Cohen, EMC’s VP for Compliance Solutions, said to me that the critical functions for your eDiscovery technical solution include: The ability to scale across 100’s of Terabytes of content within your enterprise; the ability to apply that tool to all content repositories (even laptops and desktops), and a consistent set of policies managed by Legal and IT.

How much does an eDiscovery system cost? Assuming you’re merely adding to your technology stack from a single ECM vendor, the costs go way beyond product costs. Again, Cohen said that the cost breakdown over an eDiscovery implementation is roughly as follows: product cost (35% of the total), implementation costs (10%), planning/policy making (50%), and annual maintenance 5%.

 In Summary

Efficient, credible processing, reviewing and analyzing your electronically stored information requires a litigation response plan, developed collaboratively with your legal, records management, and IT organizations. The more conscientious you have been in the earlier stages, the less costly will these phases be and the more likely you will survive the eDiscovery challenge. It is expensive and time-consuming to clean up your digital landfill and step-by-step get it under control as a virtual Greenfield, those costs pale compared to the costs of ad hoc reaction to eDiscovery events.

Electronic Discovery Reference Model – Identification through Preservation and Collection

Information Management – Essential Beginning for Identification, Preservation and Collection 

In my earlier post, I provided an overview of the eDiscovery process and emphasized the critical nature of the very first step: Information Management. Information management can leverage the value of IT processes and increase stakeholder satisfaction. Information management is also key to an effective records management program, which itself is fundamental to an effective eDiscovery program.

Information management is one of those concepts that every organization salutes, but the devil is always in the details. Do you have guidelines or governance for using email, including commonly overlooked items such as “Send links to content in your repository; do not send the content itself”? Do you have guidelines for using your information repository –hopefully a formal document management system—to assure that there is always one version of the truth, one single document or file that always represents the most current version of that file, and is easily found by all those with rights to view or modify it?

Most organizations do not manage content to that level, but are happy to be able to guarantee that they have a rational backup and restore strategy, assuring a credible, dependable strategy to routinely save and restore network, repository, and email files. However, complete information management goes way beyond that, including managing policies for information sharing and discovery.

Many organizations have a duty to share information, such as federal agencies responding to the Freedom of Information Act. However, the difference between disclosure and discovery is that there is no underlying dispute (or threat of one) with disclosure.  Both disclosure and discovery require effective information management policies, procedures and processes. And remember, a so-called “triggering event” requiring eDiscovery processes to be activated include not only a judicial order, a formal discovery request, but even knowledge of a pending or future legal proceeding likely to require information to be produced.

Let’s take a look again the EDRM Reference Model, with both it and the IMRM model repeated below courtesy of EDRM (edrm.net). I discussed Information Management in my previous posting, but it is still central to the next three steps in the EDRM model.

Notice the two sloping lines, “Volume” (yellow) that decreases as “Relevance” (green) increases through the model, left to right. Volume is greatest at the start of the model, while Relevance is greatest towards the end. When you get to the processing-review-analysis phase, you want as all relevant documents, but as few others, as possible, to reduce the costs of work in this step.

At EMC’s recent “Writer’s Circle” symposium in New York City, attorney Ralph Losey asserted that it costs from $3 to $10 just to review files as part of an eDiscovery effort, and that it can cost $500,000 to review relevant files, including emails. And that’s at the point in the EDRM model where volume is decreasing and relevance is increasing (i.e., you’ve already culled lots of the volume). Losey and his colleague have created an incredible You Tube video about the problem of information overload in general and eDiscovery efforts in particular spiraling out of control. You owe it to yourself to view this 7 minute video. You’d never guess (until you get to the end) that a lawyer crafted this gem. More about Review in an upcoming blog posting, but Losey’s insight makes it clear how important the early steps in eDiscovery are to the whole process.


It’s easy to see why an information management program to reduce redundant files benefits not only your backup and archive processes, your records management program, the legal and compliance departments, and other members of the enterprise business community. And of course it also facilitates action when your organization receives that inevitable triggering event to supply relevant information.   

EDRM and the Information Management Reference Model (IMRM)

EDRM.net shows Information Management as the first process in its separate EDRM model, when the volume of information is at its greatest.  However, EDRM (edrm.net) also refers to the IMRM Model for the next 3 steps in its EDRM Model: Identification, Preservation, and Collection.



“Information Management” seems like a no-brainer, yet its meaning depends on who is using the term. This prompted the EDRM group to sponsor a project to fill out the details in the IMRM model. In fact, much of the EDRM model simply refers to IMRM, for details concerning the first four steps in the EDRM model: Information Management, Identification, Preservation, and Collection.

Identification, Preservation, and Collection

The duty to preserve information, and thus first to Identify it, begins when there is a triggering event. This can be a judicial order, discovery request, or merely knowing that a pending future legal request is likely (think BP Oil Spill).

According to one vendor I spoke with, Craig Carpenter, VP and General Counsel of Recommind, the most important stages for reducing cost and risk are Preservation, Collection, and Review. “Increasingly, however, enterprises are realizing that the more they do to effectively manage information, the easier and cheaper eDiscovery is to handle further down the process.”


The scope of the data to be preserved or disclosed depends on the subject matter of the dispute and other legal issues. If data is at all likely to be relevant to the dispute, it is discoverable.

After you’ve identified the likely data (its location, those responsible for it), your organization has a duty to preserve it from change. You may not even be sure you have it all identified, and so you must identify a team to anticipate change and have procedures in place to capture any new information that may be deemed relevant.


You can’t preserve the information if you aren’t sure where it is. Thus a critical part of your litigation plan is accurate and current knowledge of the company’s information repositories, including network drives, content repositories, and –of course—email, both current and archived. And don’t forget rich media – even voice mail can be subject to the duty to preserve.

Having identified the data in all its forms and locations and preserved it, you must then collect it.  This means having (or developing) a data collection strategy, preparing the collection plan which includes the methods you’ll use to collect it, and then executing that plan.

Notice that to make all these steps work, the IMRM shows governance surrounding the entire organization.  The model shows a unified governance plan, highlighted with benefits to each (and not just for eDiscovery): Legal (reducing risk), Records Information Management or RIM (reducing risk), IT (achieving better efficiency), and other Business areas increasing profit for the enterprise.


But what is governance, just another fancy way of saying “managing your information”?
EMC Corporation, one of the 80+ participants in the EDRM effort, created and sponsors the Council for Information Advantage, with C-level members from large organizations. Click here for more information about this initiative. These members – in EMC’s words are —“an advisory group made up of global information leaders from ‘information-advantaged’ enterprises. In its first report, released in 2009, the group defines governance as “an enterprise-wide information … policy to control how information is kept, shared, and used.” Governance assures transparency in business processes, allowing everyone to work together, as information flows through the lifecycle –paused by legal holds—from its creation through its eventual disposition. Note that the process includes an appreciation for the asset-value of secured information, key to sharing and reuse.


When you apply the IMRM model to your enterprise, as a continuously improving business process, your organization positions itself to get midway through the eDiscovery model, starting with Information Management and extending through Preservation and Collection. With the right planning, you’ll be able to identify key documents, preserve and collect them in response to an eDiscovery trigger. Managing information will also promote both more effective response to litigation events but also better day-in/day-out use of corporate information assets.

In Summary

In summary, managing enterprise information throughout the information lifecycle has benefits going way beyond responding to eDiscovery events, although it is critical for eDiscovery. Every organizational group benefits from good governance and good information management: IT (which has to back up and archive fewer files), Legal, Records Management and everyone trying to find and use information wherever it resides. While eDiscovery is the stick, gaining an information advantage over corporate knowledge assets can be the carrot.

eDiscovery - Your Next Crisis?

Litigation has a long tradition in the US. Now, as firms and enterprises increasingly shift from paper to digital knowledge assets, that litigation trend is also moving into the digital arena. Ediscovery is a broad term applying to one of a series of responses to a "triggering event." That event starts begins an obligation to preserve and disclose data that may be due to a judicial order, or even the mere knowledge of a future legal proceeding that is likely to require preserving and finding relevant information stored in your electronic documents. In the Ediscovery world, these assets are now called Electronically Stored Information or ESI. Ediscovery is a relatively new concept. You could be excused if you are not familiar with the term. In the US, the Federal Rules of Civil Procedure or "FRCP" issued rule 26, and related rules, in December 2007. This update to the FRCP made all ESI "discoverable" just as non-electronic information, usually paper, is discoverable. ESI, eDiscovery, FRCP… these and related acronyms are enough to make your head swim. But keep your head above water and pay attention, because if you are not ready for eDiscovery, you could be in for some serious pain, both to your organization's bottom line and to its reputation.
In my view, eDiscovery is built on a series of tools and best practices that should be present in every enterprise and that everyone should proactively follow. Sadly, few actually are prepared, because these tools and practices are often seen as optional, a distraction from the main business activities. The tools I refer to are Enterprise Content Management (ECM), Records Management (RM) and Search. The best practices relate to the processes and procedures you follow to oversee all your ESI, records and non-records.
So how do you get started? Meet EDRM, the Electronic Discovery Reference Model, and its sibling, IMRM, the Information Management Reference Model. I told you this wouldn't be simple.

Reference Models

The EDRM group, responsible for both these reference models, is a consortium of vendors and other interested parties wanting to develop comprehensive guidelines, standards, and tools to reduce the incidence of eDiscovery nightmares, or provide ways to cope when they occur. The Electronic Discovery Reference Model (EDRM) provides guidelines, sets standards, and delivers resources to help those who purchase eDiscovery solutions and vendors who provide them,  improving the quality of the tools and reducing the costs associated with eDiscovery. IMRM, related to one part of EDRM, complements that model.

IMRM

IMRM, shown below and courtesy of EDRM.NET, aims to "provide a common, practical, flexible framework to help organizations develop and implement effective and actionable information management programs. The IMRM Project, also part of the EDRM industry working group, aims to offer guidance to Legal, IT, Records Management, line-of-business leaders and other business stakeholders within organizations." This project within the EDRM group suggests ways to facilitate a common way among these different groups to discuss and make decisions on the organization's information needs.

Although this diagram has the ring of endless numbers of PowerPoint slides you've seen on a variety of topics, it re-iterates some basic, commonsensical ideas that all should adopt but most ignore. I won't go into details about this, but the general themes are obvious. These various different business units, often at odds and seldom understanding each other's language and values, must work together to manage ESI, whether records or not. The result could be that eDiscovery nightmare. Some key takeaways: Decide and oversee the ways your organization creates and saves information. Throw away what isn't needed, keep what you must – all within the corporate requirements for both records and other ESI. IT will benefit (less to back up, archive, and index for search); Legal will be happy you are reducing risk; Records Management will appreciate getting all the help with ESI it can get; and business profits will be shielded somewhat from the risks of bad information management practices.

EDRM

Now what of the EDRM model itself? Again, this is not an easy concept but still critical to prepare for that inevitable crisis. To understand this model, courtesy EDRM (edrm.net), read left to right and notice how the process sifts through huge volumes of ESI and aims to focus on the important, most relevant pieces. EDRM has eight ongoing projects to fill out the details of their goals to "establish guidelines, set standards, and delivering resources."

IMRM is related to the left-most process, "Information Management," but don't view it as a picture of Information Management itself. Instead, think of IMRM as a way of promoting cross-organizational dialog– always important, critical if that eDiscovery request comes a knocking.

So those two models give you the grand overview. In upcoming posts I'll look at some of the elements of these models in greater detail. I also spoke to several leading eDiscovery vendors recently. I'll also tell you their views and my impressions about . In my next few posts, I'll tell you their views and my impressions about vendor involvement with EDRM in general. Sure, each vendor has an element of self-interest. That's understood. Are these guys just out to make a buck on the "next big thing," or are they up to something truly useful , for eDiscovery and maybe more in this collaborative effort? 


In my next post I'll look at the first element of the EDRM model, Information Management. You'll see what vendors had to say, and I'll give you my assessment about whether their participation in this is just vendor smoke or indeed a way for you to get started preparing for that next crisis.