All Posts By

Ted O'Neil

Finding Key Players in Legal Hold Notification, Preservation and Collection Processes

By | Blogs | No Comments

Keyboard-Legal3

I have had many conversations and discussions recently on leading practices and trends related to litigation hold notifications and preservation orders. Organizations routinely have the need to effectively manage preservation for litigation, internal investigations and for varying regulatory purposes.

Since the 2006 amendments to the Federal Rules of Civil Procedure and with the changes to Rule 37 in 2016, there has been much discussion on this topic, but limited practical solutions to the problem. The Pension Committee decision has made notifying and managing custodians and “key players” effectively a core requirement for most legal departments.

The challenge with the legal hold notification, preservation & collection processes for most organizations is the “ad hoc” nature of defining systems of record, ESI & custodians & executing preservation in a defensible manner. Notifying custodians a timely manner and keeping an audit trail to defend the process consumes significant time and resources and is inherently risky…if the organization relies on the custodian for preservation.

The Preservation Order

The ability to issue a “Preservation Order” or, more commonly known, a legal hold notification to all custodians and key players has become an essential component in any defensible legal preservation process. This usually includes a mix of end-users (creators) and IT and records custodians and possibly 3rd parties.

Managing Your Key Players

In the post-Pension Committee environment the standards have been raised and defensibility can hinge on how well the organization executed in two key areas:

  • Ability to manage the legal hold notification process
  • Ability to mitigate risks of spoliation

The first process is intended to prevent the second… but one of the lessons learned in the age of Big Data, Social Media and Hybrid Clouds is that there is too much risk to the organization to rely on custodians and key players to preserve. Most custodians are not IT experts, and although they may have good intentions, they don’t know their “systems of records,” retention and disposition policies, back-up procedures, etc.

The leading practice is to notify all relevant custodians and “key players” of the duty to preserve all potentially responsive information, whether in electronic form or paper form as quickly as possible, request and obtain an acknowledgment from each custodian, retain the acknowledgment and send periodic reminders.

In most cases it may not be reasonable to rely on the custodian involved to preserve responsive information, making defending the process more challenging. The more pragmatic action is to instruct the recipient to take no action until notified otherwise and rely on business processes and technology to identify, preserve and collect in a defensible manner.

Managing Preservation & Collection as a Business Process

Relying on manual processes, spreadsheets and “old school” methods is problematic and cumbersome for managing and tracking legal hold notices. The “one off” nature of using spreadsheets and other outdated tools makes the process harder to defend. The risk of spoliation, fines and sanctions makes relying on the custodian to preserve and disclose all sources of responsive information risky and may not protect the organization’s interests.

A good process includes a defensible hold notification process and a collection plan that is not controlled and managed by the custodian. The successful execution requires process & technology. An audit trail of events throughout the case has become an essential element of defending not only what is being produced, but also what has not been produced and why… Privilege, Confidentiality, Classification, etc. There is also the continued need to demonstrate the authenticity of the information being offered into evidence and that effective chain of custody procedures were in place since actual or constructive notice of the duty to preserve.

Preservation and collection should be managed & controlled by “legal”… not the custodian. Collections must be done in a forensically sound manner and require people, process and technology that go far beyond desktop tools.

Leverage tools in the data center to identify systems of record, ESI and custodians — work with and leverage custodians… but don’t rely on them!!

The growing trend is to understand the custodian’s behavior for creating, managing, storing and retaining information — from their perspective… Where do they put it? What applications, devices, and service providers do they use? Identify portable devices, home computers, Cloud, etc. Look for spoliation risks to the organization outside of identified systems of record.

Understanding all these different elements of the People, Process and Technology in your eDiscovery process is the key to controlling costs & mitigating risks.

If you would like to discuss this topic further…please post a comment!

 

Photo Credit – Ripster

The Hidden ROI in eDiscovery . . . The Legal Profile

By | Blogs | No Comments

The-Court-of-the-Brick1200x707

Part III: The Legal Profile

An often overlooked link between the IT footprint and the FRCP is the notion of “source mapping” or “mapping of sources” for the Rule 26f “Meet & Confer Conference” where the parties need to discuss and disclose potentially responsive ESI by “category or type.” If the organization understands what systems and repositories contain potentially responsive information, that ESI can be managed appropriately for the matter at hand and used as a source for future eDiscovery. Most organizations have certain types of legal and regulatory challenges, like employment, Intellectual property or other types of litigation and key regulatory issues which form a pattern of a “Profile.”

If these systems and applications are identified or “mapped,” a categorization and classification of systems, data and ESI can be developed and used as an early assessment tool and a strategic tool to ensure proper preservation of ESI and notification of potential custodians.

hammer-lawPut another way, employment cases and Intellectual Property cases may share some common sources of ESI (email, file shares, collaborative spaces) but typically also have systems and repositories for business information related to the particular business function that is subject of the legal inquiry. It is rare that all systems or applications would contain responsive ESI.

Here is an opportunity to move away from the “Hold All” order by developing a defensible response protocol for legal and regulatory matters, targeting responsive ESI and managing the non-responsive ESI according to standard business practices. If you can’t find the handful of relevant ESI in the terabytes of data, then “retain all” may look like the “best option” in a bad situation.

Here is some hidden ROI:

Once Responsive ESI is identified, preserved and collected, it is a reasonable assumption that the non-responsive ESI is not subject to legal hold. Instead it is subject to ordinary lifecycle management (RM) or part of the organization’s GRC efforts within a sound Information Governance Program and would only be retained based on categorization and classification of information.

Leverage the opportunity to do some “house cleaning”… gain file visibility and perform file remediation… dispose of ESI that has outlived its useful life in a defensible, scalable manner.

Understanding all these different elements of the People, Process and Technology in your eDiscovery process is the key to controlling costs and mitigating risks.

 

The Hidden ROI in eDiscovery . . . People, Process & Technology

By | Blogs | No Comments

Hard-Drive-Repair

Part II:  Benchmarking—People, Process & Technology

Identify all the key players in the legal and regulatory processes who request ESI (in other words, identify the consumers) and determine why they need it. Then find all the key players and stakeholders who identify, preserve and collect ESI. Next, identify the tools currently in use to help to understand the processes and the level of effort associated with eDiscovery, from an internal resource perspective as well as from the third party cost perspective. This will help you understand risk.

Each organization is unique… understanding who touches the process is critical… knowing this early on saves resources in the long run!!

Most organizations face a mix of needs for ESI:

  • Internal Audits and Board driven actions
    • Regulatory Investigations
    • State and Federal Litigation

Consumers of ESI may include:

  • Human Resources
    • Litigation Counsel
    • Regulatory Affairs
    • General Counsel
    • Internal Audit

Personnel involved in Preservation and Collection of ESI may include:

  • Securitybinding-contract-500
    • IT
    • 3rd Parties / Service Providers
    • Custodians
    • Legal Service Providers
    • Outside Counsel
    • Internal Counsel
    • Human Resources

Understanding all these different elements of the People, Process and Technology in your eDiscovery process is the key to controlling costs and mitigating risks.

 

The Hidden ROI in eDiscovery . . . Faster, Better, Cheaper!

By | Blogs | No Comments

Illegal-Merchandise

Part I: Understand the Business Problem

Faster, better, cheaper was the mantra at NASA as it set goals to improve quality and efficiency and better manage costs after several setbacks. It was a way to set goals and measure success from a “top down” approach of looking at it from all perspectives and seeking to better quantify risks and rewards in various programs . . . expect quality, but demand efficiency!!!

Faster, better, cheaper was the clear theme at LegalTech 2015 . . . good Information Governance makes good business sense!

The term “Information Governance” may be refreshed or a new name may evolve, but the desire to better manage unstructured data and business information will be as strong as ever.

As pressure mounts to control legal spends, better governance is the opportunity to defensibly delete ROT (redundant, outdated or trivial data) once it has outlived its useful life.

The hidden Return on Investment in eDiscovery lies in understanding the entire spend—not just the obvious third party costs—and understanding and quantifying risks in the current process.

I have been working with several clients in developing business cases and ROI models to frame their various challenges and drive strategic initiatives. The key to success is having developed a “base-line” understanding of the current process and identifying all key players. The nature of eDiscovery tends to affect IT, RM, the Business and of course, Legal.

As “beauty is in the eye of the beholder,” all parts of the organization affected by the process see this from a different perspective and should be included in the dialogue.

Key drivers in these initiatives are cost take-out and optimization of eDiscovery and regulatory compliance processes. Understanding the current state of the process, people involved, key processes and technology in order to get visibility and control of the process . . . this is typically an evolution over time and requires a continued commitment to total quality management.

Best Practices that cut across the broad theme of Faster, Better, Cheaper:
  • Identify all the “stakeholders” and process ownerDigital-Man-300
  • Identify all “Consumers” of ESI
  • Define cost of current process
  • Understand the organization’s “Legal Profile”
  • Form cross-functional team to drive change

Understanding all the different elements of the People, Process and Technology in your eDiscovery process is the key to controlling costs and mitigating risks.