E-discovery refers to the disclosure of information in electronic or digital formats as part of litigation, government investigations or requests that relate to the freedom of information act. The National Law Review notes that, in recent years, issues related to electronic discovery have been the biggest and most costly challenges for parties involved in litigation. The report cites definition of scope, BYOD vs. company-owned devices and data preservation as the primary problems. These costly challenges are driving a growing e-discovery market. According to IDC, a global market intelligence provider, the global electronic discovery market surpassed $10 billion in 2015 and is predicted to grow at a rate of almost 10 percent per year, with related software and services expected to reach nearly $15 billion by 2019.
BDO reports that almost half of companies with more than $1 billion dollars in revenue have adopted technology-assisted review to help them save time. Hooray for them! But what about companies that lack the budget to implement a system that captures data in its myriad forms (docs, images, videos, texts, chats, emails, voicemails, social media activity, websites, etc.) across all devices (both company- and employee-owned, if a BYOD policy is in place)? Is it even possible for legal and IT to work together to prepare a company for possible future litigation?
Legal and IT: Worlds Apart
Only the larger companies have their electronic discovery team on staff, with legal and IT divisions both focused on defending ongoing litigation. The rest are forced to hire expensive consultants and law firms as needed. It's impossible to predict when companies will need such expertise, so it's best to follow standard guidelines, just in case. Even an email can lead to embarrassment during the discovery process, as Scott Adams illustrated in a brilliant 2012 Dilbert strip.
So, how can we prepare for an attack by a disgruntled employee, client or supplier? Unfortunately, as IT pros, we are unfamiliar with the e-discovery process from a legal perspective. As a result, we need to work with those who claim to be experts. We can only hope that they will understand our IT terms because we definitely don't understand legalese, finding it even more annoying than management speak. Who among us can fully understand device warranties, service agreements and other legal artifacts without a translator?
Still, it is gratifying to see that the legal industry continues to thrive in a sluggish economy, with BYOD and now e-discovery creating entirely fresh avenues for future revenue generation. But I digress. All sarcasm aside, let's assume that we will work with legal to benefit the company. What then?
What We Need From Legal
The electronic discovery process looks easy enough, but in practice it is costly and time consuming. As all data within the scope of litigation must be "human-readable," we cannot simply clone a server and produce it in court, running database queries as needed. Nope, that would be too easy. The company will need experts, typically in data forensics, to trawl databases, drives, devices and even metadata to extract all the pertinent information.
From an IT perspective, we need to know the best way to manage our data in terms of storage, preservation and scope so that it can be easily extracted when necessary. We also need to be aware of possible pitfalls based on prior court cases. For example, where BYOD is concerned, we need to know who owns the data and what happens if the employee in question lost the phone requested under discovery or has left the company or sold the phone, etc.
I would recommend testing your potential electronic discovery expert by asking them to respond to a few hypothetical scenarios. Here's one you can use:
During a support call with a customer, your loyal support engineer "accidentally" disclosed via text chat on social media that the company is using known defective components to meet production demand, being fully prepared to deal with the expected 5 percent failure rate in the field. The customer has lost several lucrative contracts due to equipment failure and can now blame the company for this loss. Litigation begins and the entire company is under scrutiny. The responsible support engineer is no longer with the company and has deliberately smashed his mobile device containing the relevant data. However, the offending chat has spread throughout the company and beyond via email and internal documents. What happens next?
It is for every company to decide whether they need an e-discovery solution as they may never wind up in litigation. Nonetheless, it is worth considering how secure your data actually is and where it resides. It may well be worth taking back the control that you lost with the advent of BYOD and allowing remote access with permissions to all company services and documents. The decision is yours.