3 Things You Don't Want to Do in eDiscovery

Guest post by Shannon Smith

I'd like to start by thanking Simon Taylor for the invitation to contribute to his blog. I am thrilled to have a place to share my thoughts on the latest developments in eDiscovery and to address real-world information management challenges. My name is Shannon Smith and I'm the eDiscovery and Archiving Specialist for CommVault here in the West. I'm an attorney and have been active in the eDiscovery and compliance space for six years, two of those with CommVault.

In this posting, I'd like to switch things up a bit and identify some of the "don'ts" of eDiscovery. I think the industry has done a good job providing a catalog of best practices on the topic but I'd like to take a moment to call out some of the gotchas and landmines that can derail even the most straight forward eDiscovery effort.

1. Don't assume that your IT department can quickly locate, sift through, and deliver data based on the simplest of criteria.

Most IT departments are structured to support the day-to-day operations of an organization and activities might include application and desktop management, data protection, network security, infrastructure maintenance, and a whole host of other responsibilities. When Legal issues a request for data, the effort involved in obtaining the emails or documents may be manual and arduous, depending on the technology and processes in place. Unless you've engaged your IT resources and identified what tools are necessary to locate and process large volumes of data for eDiscovery, it would be unwise to assume that IT has the technology and resources to execute a simple discovery request.

A simple meeting of the minds will go a long way to help both Legal and IT understand each other's expectations. Sit down with your IT staff and make an effort to understand the basics of your organization's IT infrastructure and various data repositories. Have each department explain the workflow that occurs within their unit when a discovery request is received and identify ways to improve that work flow. IT may very well have tools at their disposal to improve legal workflow and vice versa. By understanding each department's processes and identifying places for improvement, you not only help to develop the efficiency of an eDiscovery exercise, you will be better prepared to challenge an unreasonable request from opposing counsel.

2. Don't expect that internal policies are being followed.

I cannot tell you the number of times that I've asked a clear-cut question about policy and received different answers from the same organization.

Take the simple matter of mailbox quotas – does your organization employ mailbox quotas? It appears to be a yes/no question but many times I get a "yes, but no" response, as in "Yes, we employ mailbox quotas but we have a lot of exceptions to the rule."

Even if your information management policies are clearly documented, it would be wise to know whether they are truly being followed and, more commonly, if there are exceptions to those policies. For example, does your company permit the use of text messaging from corporate phones? Who pays for the text service – the company or the employee? Are these communications deemed property of the employer or employee? Is the service available to some and not to others? Does your IT department log and retain these communications and, most importantly, is any of this documented? It's important to note that you don't necessarily have to adopt a one-size-fits-all policy. In fact, for many organizations it makes sense to have different policies for different business units.

The takeaway is that it is important to develop and document not only the policy, but also any exceptions. At a minimum this is a CYA-type effort but, more importantly, it may help your organization avoid costly monetary sanctions and negative inferences during the course of litigation.

3. Don't agree to search parameters without understanding their impact.

I have witnessed more than one instance where counsel has agreed to a list of search terms without truly understanding the resulting volume of data and the time and cost associated with its retrieval. The consequences of such an action might appear innocuous at first but consider the facts of In re: Fannie Mae, 553 F.3d 814 (D.C. Cir. 2009), where the Office of Federal Housing Enterprise Oversight (OFHEO) entered into a stipulated order which included a list of search terms prepared by defendants. The list contained 400 search terms and resulted in a whopping 660,000 documents which OFHEO was unprepared to handle. After missing multiple deadlines, the court held OFHEO in contempt and ordered sanctions. OFHEO's lack of understanding of their IT environment and the effort required to produce the data resulting from the search terms ultimately cost the agency $6 million. That's a tough nut to swallow by a relatively small governmental organization.

The takeaway is that you cannot wait until you are embroiled in a lawsuit to make efforts to understand where your data is and the costs associated with producing the data. In this case, OFHEO's counsel did not have a firm grasp of where their data lived or the volume of data that would be generated as a result of agreeing to the 400 search terms. In the end, it ended up costing nearly 10% of OFHEO's total annual budget. Ouch.

Most attorneys agree that eDiscovery is not a topic that can be ignored. However, many just don't know how to begin tackling the beast. I hope to use this forum as a way of sharing ideas and experience to improve the eDiscovery process for CommVault customers and, so, I welcome your thoughts and feedback.

Are there other "don'ts" that you would add to this list? Please let me know in the comments.

Raising the SS Mimosa

After countless industry rumors, the capsizing "Mimosa" looks set to finally be rescued by the battleship "Iron Mountain". Despite the fanfare, there is a question. Does this make sense?

Obviously for Mimosa, it's good news as Iron Mountain can bring much needed resources and stability. For Iron Mountain and their customers, this acquisition could be considered a step in the wrong direction. Iron Mountain already has spent considerable effort establishing an interface for a variety of industry leading archiving vendors to pass data into its digital service. CommVault, in particular, has leveraged this interface to help customers protect and retain their information by integrating our unified data management software Simpana (with its FIPS certified security and encryption capabilities) with Iron Mountain's cloud storage services.

What this means is that CommVault Simpana can provide full on-premise data management that can enable its customers to seamlessly move data to the Iron Mountain cloud as well as to a number of other cloud and MSP providers. Use cases include data tiering, backup, archiving, eDiscovery preservation and compliance that address both unstructured and structured sources including email, files, documents, databases and, of course, SharePoint. All of this is as simple as a mouse click (see illustration below).

Are we just doing the "Information" time warp?

For those that have seen "The Rocky Horror Picture Show", you'll know what I mean when I say "time warp". Predicting trends, however, in information management is hardly just a "jump to the left" or "a step to the right". Where will we be in 2010 with information governance, eDiscovery, Compliance and archiving? For some, worrying about the right strategy isn't something to think about since the world is going to end in December 2012 (according to the Mayan Calendar and of course Hollywood). Right?

Well, despite my personal interest in all things controversially ancient, be assured my mind is very firmly planted in dealing with the present and information alignment is again at the forefront of our minds. Predicting what will happen in the way we access information is a bit like finding the elixir to life: we sense that it might exist, we follow our instincts to move us in the right direction, but we're not sure where the journey will take us.

Consider this question on information access: Will people in 2010 switch from being reactive to proactive in ESI data discovery to deliver a better and more "ready" approach to structured and unstructured information management? I think so. After attending the 8th Annual eDiscovery event in NYC at the beginning of December and the eDiscovey pharma event in Philadelphia in September, it is clear to me that inside counsel in many organizations are faced with litigation costs that are spiraling out of control due to repetitive information discovery tasks. Consequently they are totally turned on to making electronic discovery more efficient and reducing the consequential litigation cost of outside counsel. Their question is more about how to do it, not whether they should. Consequently, I predict that 2010 WILL be a defining year for US organizations seeking proactive information management solutions. For the rest of the world now coming to terms with the underworld effects of discovery, 2010 will be the year of enlightenment.

Let's also consider information lifecycle management (ILM), which is rapidly being enveloped by the topic of Information Governance. For many, this is more of a restatement of intentions around ILM and compliance made 5-7 years ago but there is a difference. Information governance is about a broader strategy focused on minimizing risk through improved access, retention and organization of information.

In Search of the Holy Grail to Information Governance

I'd like to propose a question given the latest 2009 eDiscovery market & vendor positioning from a leading industry analyst. Are Compliance and eDiscovery separate IT challenges or are they inextricably connected?

Current analyst thinking looks at both the eDiscovery and Compliance markets as being fulfilled by forms of archiving solutions. The rationale for this is simple: to discover electronic evidence and preserve its integrity, the preference of traditional solutions is to move or take a copy of data and store it in an "archive" silo. This is perfect until you need to discover data from diverse structured and unstructured data sources and then the amount of copied data that has to be consumed to fit this strategy is colossal. There is also the potential for significant legal costs for the processing of this data.

To make sense of this, analysts have conveniently segmented the eDiscovery market into lower end and upper end solutions depending on eDiscovery capability and onsite or hosted (cloud) focus. Specifically, lower end solutions are about identification, collection and preservation while upper end solutions are focused on processing, review, analysis and production.

The compliance market on the other hand, is about retention and supervision. If we use archiving solutions for compliance, we end up storing data in yet another silo so it can be indexed, searched and sampled. Are these really separate use cases that ultimately drive the need for separate silos of data or is it more of a business-driven perspective? The answer to this really depends on how businesses view information risk and more importantly how data is accessed across the enterprise.

Structured, Unstructured, Semi-structured data archiving - who cares?

Well, we do.

By "we", I mean CommVault & Informatica. Today, we unveiled a partnership that redefines what's truly possible with information lifecycle management. To put this into context (and in case you have not heard), database archiving is one of the fastest growing requirements in the data management world. This is fueled by the pressure of managing transaction data growth, application scalability and now the legal discovery of database information.

The trouble is that very few solutions have been able to properly address this. You could probably count on one hand all the structured (database) archiving solutions that have come and gone over the last few years largely because they don't archive, but rather sub-divide. Doesn't subdivision create even more complexity, duplication, and cost though? I'll let you decide.

On the other hand, Informatica has something different through a newly acquired solution from Applimation. They call it "Data Archive" for databases and associated enterprise resource management (ERM) applications that archives and moves data from databases. What's was missing, however, was a long-term archiving repository that complements its ILM solution set and a search and workflow discovery capability that addresses the need for business information access. Of course all this needs to be done at the most optimal cost given the current economic climate. Well, the waiting is over.

The content of this blog reflects the thoughts and opinions of the author, and does not represent the thoughts, opinions, plans or strategies of CommVault Systems, Inc. ("CommVault") and CommVault undertakes no obligation to update, correct or modify any statements made by the author of this blog. Any and all third party links provided by this blog are not affiliated with, nor endorsed by, CommVault.