The past decade has seen increasing demands on enterprises of all sizes, and in all industries, to be prepared to produce specific business records in defending themselves against prosecution. Data from many systems under IT control may be required to satisfy regulators and the courts charged with enforcing privacy, security, governance, environmental and trade/tariff rules and regulations.
Most of the attention to e-discovery in the popular press is focused on emails -- the proverbial "smoking guns" in regulatory cases. But data stemming from various areas of an organization may be requested in a legal proceeding. As the demands for better archiving solutions have grown alongside the overall growth of enterprise data, it’s not surprising that e-discovery software is growing as a market.
To make sense of the requirements, the Electronic Discovery Reference Model (EDRM) has become the de facto reference used by vendors, consultants and buyers of e-discovery software products and services. EDRM is organized by projects, each of which is comprised of working groups. Their v2 reference model includes:
- Identification: Identification and certification of electronically stored information (ESI) sources that may be relevant to discovery requests.
- Preservation and collection: Decide what to preserve and for how long. Litigation hold is a stipulation to preserve records -- paper and ESI -- that may be required in a legal action. Knowing what may be required by rule and practice is essential to a preservation policy and to subsequent collection efforts (which may involve people or an automated system to find and produce records).
- Processing, review and analysis: These are the heart of e-discovery software, and the steps where specific legal functionality and knowledge/rules must be applied. The defending enterprise must determine, according to laws, rules, guidelines and precedents, which data (including metadata) must be produced for opposing counsel. Core search technologies of today may soon be augmented by smarter processing in the future, as recently noted in a piece that suggested a Watson-like assistant for GRC requirements.
- Production: Extraction and preparation of relevant data.
- Presentation: The display of ESI in formats suitable for review by people charged with their evaluation: courts, counsel, juries, etc.
As noted, the processing/review/analysis steps require more legal knowledge than the rest. Therefore, it is natural that specialized vendors have emerged to address those steps, and just as natural that more traditional database archiving vendors have adapted their wares -- or at least their marketing -- to address the ancillary steps.
When asked about the plethora of vendors approaching e-discovery from a database and archiving standpoint, Parity Research founder Gary MacFadden notes that “the e-discovery space is immature…you see a lot of hammers looking for nails.”
One product manager noted that the technology his firm developed for database archiving has found favor as an e-discovery aid because there is a big push from risk and compliance managers for live archiving. As a result, they are able to apply the same type of data retention strategy to records management and compliance.
IT has traditionally focused on price and performance of database archiving solutions when making buying decisions, based on criteria such as frequency of retrieval and storage costs. The new emphasis on collection, search and review can complicate purchasing, but it can also help free up the budget. When the transaction system is the system of record that may be subject to review under the Sarbanes-Oxley Act, those faced with the possibility of fines and incarceration are more inclined to fund appropriate expenditures for adequate improvements and controls.
As the demands for better archiving solutions have grown alongside the overall growth of enterprise data, it is not surprising e-discovery software is growing as a market.
Vendors with strengths in the key processes, such as Autonomy Corp., Clearwell Systems Inc., Recommind Inc. and ZyLAB North America LLC, now face giants such as EMC Corp. (Kazeon Systems Inc.), IBM Corp. (OpenPages Inc., PSS Systems Inc.), Informatica Corp., Oracle Corp., SAP AG and Symantec Corp. as formidable competitors in the e-discovery space.
While the market shakes out, it is common for IT managers to look first to their traditional suppliers (enterprise software and hardware vendors), while legal, compliance and risk managers are being wooed by the new breed of e-discovery solution providers. IT often has direct responsibility for software acquisition and operations, while the other stakeholders have more visible liability for compliance and legal actions.
This may set up a somewhat uneasy relationship and budget conflict. We are seeing new mandates from risk management and compliance managers, but funding still comes primarily through IT. One vendor suggested that this makes the buying cycle shorter, but the implementation cycle may actually take longer due to increased scrutiny and participation from new stakeholders.
For now, risk management and compliance professionals should be prepared to look beyond immediate regulatory concerns to include e-discovery policy choices when evaluating all enterprise software purchases. IT executives, meanwhile, should familiarize themselves with the new players at the heart of e-discovery, either as possible solutions or to challenge their incumbent enterprise solution providers to provide comparable functionality. There will no doubt be further consolidation in this space, but the courts won’t wait, and neither should IT.
Adrian Bowles has more than 25 years of experience as an analyst, practitioner and academic in IT with a focus on IT strategy and management. He is the founder of SIG411 LLC, an advisory services firm in Westport, Conn., and director of the Sustainability Leadership Council.