The amount of electronically stored information (ESI) modern organizations are responsible for has led to a sea change in how that data is managed. While new ESI management strategies are necessary to handle the growing amount of proprietary data, they create often unforeseen e-discovery costs, according to information governance expert Jeffrey Ritter.
In this four-part SearchCompliance webcast, Ritter provides data governance and ESI management strategies to reduce enterprise e-discovery expenses. Here in part two, he identifies six areas where ESI management processes are contributing to what he calls out-of-control e-discovery costs.
There are six areas of spending I want to briefly highlight as areas where e-discovery costs are out of control.
The first is recovering and processing internationally stored electronic information. Many companies have jumped at the possibility of storing their extensive data at a lower cost by using Internet-based cloud services. Companies may need to recover the data from those locations, and the locations may have privacy regulations or data protection standards that limit the accessibility and use of that personal information. What we are finding is that when companies are trying to determine their e-discovery cost projections, they often overlook the support costs required to find and process internationally stored ESI, and the expense required to establish the rules and processes for accessing and using personal information that may be outside their jurisdiction and subject to international standards. Work councils for international companies, EU data protection authorities -- all of them have to be negotiated with. Unless those arrangements are in place, it's being done ad hoc, on a case-by-case basis, and the only people who are really benefiting are the experts that are trying to figure it out during a crisis.
The second expensive e-discovery cost area is in the continued over-collection of ESI, particularly from distributed devices and locations. When the duty to preserve data is triggered by litigation, one of the first concerns is to avoid the potential sanctions and adverse outcomes of electronically stored information being destroyed, whether it's during the ordinary course of routine records management practices or intentional action by inside actors that do not want the evidence to be located. As a result, companies quickly try to collect anything that may or may not necessarily be relevant, but just to preserve it for preservation sake. That collection cuts across an increasingly diverse range of locations: from cloud services and mobile devices to custodian desktops. This distributed network of devices and physical locations is complicated to navigate, because often companies have not installed archiving practices to collect and secure that data from those distributed devices. Or, there's accelerated destruction -- or overwriting -- that they could have implemented, but they've not yet done so. There are vast quantities of noncritical business content. When that is in a distributed network of storage locations, it becomes very expensive when we go looking for it.
Social media, electronic mail -- all of these are unstructured ESI which has to be evaluated to determine its possible responsiveness or relevancy. That is getting expensive.
The third is navigating the collection and preservation of complex, or unstructured, electronically stored information. This is huge. This is due to poor investment in records and information management. Big data involves relational databases and distributed data services. Social media, electronic mail, all of these are unstructured ESI which has to be evaluated to determine its possible responsiveness or relevancy. That is getting expensive. The volumes of unstructured data are growing, and because they lack metadata layers and other analytical tools installed within the content to determine its relevancy, a lot of effort is required to search that content. It's expensive.
The fourth is supporting technology-assisted reviews, recognized by the acronym TAR. Software only does what people tell it to do. Software is intelligent, but it's only as intelligent as the users. Technology-assisted review is actually a good term, because it's only assisting the review process. What we've discovered is that the software may do what it needs to, but there is a large amount of time and effort required to develop the building blocks for allowing TAR technologies to work effectively. You need to develop a case vocabulary, you need to test and validate the search analytics, and you need to work with all of the stakeholders -- law firms, e-discovery vendors, internal custodians and internal support staff -- to build the process reforms that enable, connect to and leverage TAR technologies in order to reduce the costs of the service vendors and the cost of internal staff.
The problem is that the service vendors aren't necessarily motivated to use technology to lower their billings. It has become challenging, particularly because companies and law firms are going out and acquiring the technologies and realizing that, like a Porsche or a Ferrari, they need an expert drivers' course. They end up having to hire support staff or outside expertise to help with information analytics, information search patterns, validation of analytic process, etc.
Fifth is the cost of securing ESI. The only reason I've relisted it here is because it's one of the real buckets where e-discovery spending is going up. The challenge is that these expenses of building security around e-discovery are often being billed out and evaluated on a case-by-case basis, rather than part of infrastructure development, either in the corporate side, the vendor side or by the law firms. It's often complicated by the surprise that information may be stored internationally, and that has all sorts of implications. We've got to build a security envelope around e-discovery processes and storage, and the availability of data. I'd love to have somebody's search term email string to figure out what they really believe is relevant, although that's usually only going to be acquired by malicious and inappropriate means.
More on e-discovery strategy
Finally: conducting privilege reviews. For whatever reason, we continue to struggle with making the privilege process efficient. The law allows companies to withhold communications and records produced in contemplation, or in furtherance, of the litigation. To find that data has been challenging, and it's frequently because attorney communications and attorney-client content is out in an unexpected place, including some of these big data, social media and electronic mail ... places where privilege communications simply don't belong. One of the prime sources of this is forwarded emails, where the e-mail has actually been received from the attorney and is forwarded to Tom, Dick and Sue because they're about to be sued and Bob wants them to know about it. Suddenly, that attorney-client communication may be compromised. It requires a lot of linear review.
The root cause, which information security teaches us to look for, is that the privileged content is in the wrong places to begin with. It doesn't belong in electronic mail next to advertisements from Amazon, eBay, ESPN sports reports and contract negotiations. Because it's often in the wrong place and because we're talking about protecting privileged communications, it heavily relies on attorney-level review and supervision to make sure the information is being properly identified. Costs are going up; it's one area where an in-house council finds it very hard to say no to an outside council that is advocating for a linear review of all of the ESI to make sure that no privileged communications are present.
If that's what our spending has been about, where is our money being spent that's often not being documented by the studies and the reports? Where is our spending going up?
Please visit SearchCompliance to view the next segment in this webcast, where Jeffrey Ritter will continue his discussion on strategies to lower e-discovery costs.