Crash Course on E-Discovery for CIOs and CDOs

Here’s a quick tutorial on what e-discovery is, what one looks like when it lands on your organization, and how to handle it.

Pam Baker, Contributing Writer

September 8, 2022

10 Min Read
Judges gavel with glowing computer screen monitor background
Paul Hill via Alamy Stock

E-discovery can be a big deal if you find yourself or your company in a legal hot mess. And if you know anything about the ever-evolving changes in the rules of law, then you have a good idea how easy it can be to find oneself stuck in a legal snafu.

“E-discovery, short for electronic discovery, is the process by which parties involved in a legal case preserve, collect, review, and exchange information in electronic formats for the purpose of using it as evidence,” says Tim Rollins, e-discovery market analyst at Exterro, a provider of legal governance, risk, and compliance products.

You’ve seen your share of TV legal dramas so you think you’ve got a pretty good handle on what to expect should a legal beagle bark at you about the need for such a discovery event. But there’s more to know. Important stuff like just anticipating legal action may be legal cause to preserve every scrap and pixel of information.

“Organizations are required to preserve information that might be relevant to a legal matter once it reasonably anticipates litigation, certainly as soon as it receives notice of a lawsuit being filed,” warns Rollins.

Here are nine things you need to know about e-discovery – from what it looks like (and it’s not just about saving email) legal preparations, how to cut costs, how to preserve evidence, and when or why to get advice from legal pros – in case your organization finds itself in a legal trouble:

1. What e-discovery looks like

Lawyers know that e-discovery is first implemented upon receipt of a court notice that a lawsuit has been filed. Or the legal team becomes aware of a situation that is likely to result in litigation and instigates the first steps in e-discovery internally in anticipation of receiving such a notice.

The thing most people outside of the legal and records department in your organization will see is a legal hold notice. That’s a notice from your company’s lawyers or legal department instructing employees to secure (and certainly not destroy) any electronically stored information, also known as EIS (which anyone else would call data or digital information) or any other documentation such as paper documents or voice recordings that may be relevant to an impending legal issue.

A legal hold notice is not a suggestion. It is an order by which everyone who receives it must abide. In most cases, the legal team will be watching closely, tracking responses and actions to the notices, asking for audit trails and data management records, and other things to ensure compliance.

In the current environment, legal action against your company is more likely to occur than not, even if the company tries its best to keep everything on the up and up.

Rollins provided this checklist to help you make sure you’re prepared before your company is served any legal notice.

  • Take inventory of your data so you can understand what data you hold, where the data is stored and the technology used to store it, and who should be informed when data must be preserved.

  • Double check that information governance policies are implemented, up to date, and that they account for industry-specific regulations and jurisdictional privacy regulations.

  • Dispose of data no longer needed by your organization, apart from what is required to preserve.

  • Define processes that you may need later to issue legal holds to custodians, document their acknowledgements, and periodically remind them of any ongoing obligations to preserve data.

  • If your organization frequently faces litigation due to your size or industry, consider investing in technology to help manage multiple, overlapping legal holds, as well as other aspects of the e-discovery process.

3. How to control costs before you need to produce digital documentation

“While the standard for producing electronic information is based on reasonableness, the cost and burden to review and produce responsive, non-privileged information to the opposing party is great, due to the volume and complexity of the data from disparate sources,” warns Mollie Nichols, CEO of Redgrave Data.

One way to control some of this cost is to use lawyers who have and competently use technologies to “reduce the cost and burden of discovery enabling them to find the most relevant information quickly to develop legal strategy,” Nichols says.

Most likely that means use a law firm that routinely and expertly uses artificial intelligence, analytics, search, and e-discovery tools. If you use an internal legal team, you’ll need to provide them with such tools and probably the training on how to use them as well.

However, the effectiveness of lawyers wielding such tools is substantially affected by the integrity and accuracy of your data. Make sure all data is properly labeled (for search and AI use primarily), the information is kept current, is synced across processes and apps, and complete (not missing important data points required by various regulations).

All this effort ahead of time can cut your expenses significantly in terms of time, effort, legal fees, and potential penalties.

4. Why you’ll have to produce more than email -- way more

It isn’t just company files and email that is scrutinized in e-discovery. But all communications of any form, transactional data, relationship data, and interactions on a growing number of platforms. So yes, this exercise can be a major headache for everyone concerned.

“In the past, organizations would rely on email tools to assist in their efforts to identify and collect data for e-discovery purposes,” says Brian Mannion, chief legal and data protection officer at Aware, an e-discovery platform provider. “However, the adoption of some modern technologies, collaboration platforms like Slack and Teams for example, complicate this, as they allow users to create different types of messages in different formats,” Mannion adds.

“In the event of litigation and required e-discovery, seemingly casual conversations in a business communications channel will need to be reproduced. As plaintiffs’ counsel and regulators become more familiar with these tools, it is important to note that companies will see an increase of such requests related to litigation or regulatory processes,” Mannion says.

5. What preserving the evidence entails

Preserving communications and documents means collecting and securing more than just the central message. Ditto for any paper or digital files.

“You need the original message in addition to any edits or deletions, images, files, or other attachments. You also need the ability to find the needle in the haystack quickly, by leveraging advanced filters or other proprietary ML/NLP that surfaces relevant information,” says Mannion.

He notes that it is critical to have the context associated with the varied conversations that can take place in modern collaboration tools. “Knowing who participated in the conversation, knowing if it occurred in a channel or direct message, as well as access to the documents discussed, is paramount. But, even more important, is the ability to see several messages above and below your search results so you can better understand what was being discussed. An individual response taken out of context can be very dangerous in litigation or an internal investigation. The ability to see this full conversation context -- and to access it quickly and easily -- is vital to e-discovery,” Mannion adds.

6. Why to use templates and models

You can make notes each time you experience an e-discovery to make the next time easier. You can also consult available models and templates from reliable sources like attorneys and standards bodies like the Electronic Discovery Reference Model, or EDRM, a global advisory council.

“Right around the time that the Federal Rules of Civil Procedure were amended, the Electronic Discovery Reference Model was created in an attempt to showcase the lifecycle or workflow of e-discovery. The process starts with information governance, which means the organization must have policies, procedures, playbooks, and workflows in place that dictate the company’s understanding of data from an overall risk perspective. From there, the EDRM looks at the ‘identification’ of which employees or custodians have potentially relevant documents for a given matter,” explains Daniel Gold, managing director of BDO’s e-discovery managed services practice group.

Oddly, the legal hold phase and notice is not mentioned in the EDRM. But it is a legal requirement, nonetheless.

“The review phase of the EDRM is akin to the ‘meat and potatoes’ for every lawyer. This is where the lawyer is reviewing the content within the documents from the individuals who were thought to possess and maintain relevant information. They’re looking for relevance, confidentiality, attorney-work product, privilege, and what should be redacted,” says Gold.

SEO and keyword search is great for a lot of tasks but not for this one.

“Because of the sheer volume of documents that must be reviewed, it is more important than ever to ensure that organizations are using the proper searching technology to get to the truth faster. This means no longer relying on keyword searching alone,” says Gold.

“Leveraging the right technology can drastically reduce the time to finding the right sentences within a document that keyword searching alone would never find. This could potentially mean the difference between ensuring all of the appropriate documents are correctly marked as privileged versus inadvertently giving privileged documents to opposing counsel,” Gold adds.

8. Why and when to think about hiring an e-discovery services company

E-discovery has given rise to an entire industry of skilled services that legal departments and affected organizations can find helpful -- or harmful if employed by the other side.

According to Chris Wall, special counsel for global privacy and forensics, and data protection officer at HaystackID, an e-discovery services company can offer:

  • Forensic collection of electronic data

  • Data processing (specifically, rendering collected data into a common searchable and sortable format)

  • Data hosting for access by lawyers and experts

  • Data analysis (including searching, application of artificial intelligence and applying other technologies)

  • Data review for relevance and privilege

  • Production of the data to another party, and use of the data at trial or otherwise us the data as a legal evidentiary exhibit

How much of that you may need depends on the nature of the legal issue.

“Some situations call for use of all of those components of e-discovery. Civil and criminal litigation, for instance, will often involve the full spectrum of e-discovery services. Similarly, a regulatory investigation opened in the US by the SEC, DOJ, or FTC, or in other parts of the world by analogous regulatory authorities will often involve an e-discovery effort that begins with data collection and ends with production of relevant data to the regulator,” Wall says.

Other situations call for use of one or two of those e-discovery components, Wall adds.

9. What the final steps to the e-discovery process entail

After you’ve done all that, there are two more steps left to complete the e-discovery process.

The last phases of EDRM are produce and present, according to Gold. “The production of data to the other side is governed by several rules. The forms of production, the documents that ultimately get produced, and how data is transmitted should have all been agreed to by and between the parties in an ESI protocol, or electronically stored information document. These productions are also governed by court ordered discovery orders with very specific dates because ultimately, these documents within this ‘production set’ are going to be presented as evidence at trials, hearings, depositions, and other court related events,” says Gold.

What to Read Next:

What the FTC’s Scrutiny of Data Collection and Security May Mean

California Data Privacy Law Nabs Sephora, Sets Stage for Future

August 2022 Global Tech Policy Bulletin: From Trouble in Taiwan to Intrigue at the FTC

About the Author

Pam Baker

Contributing Writer

A prolific writer and analyst, Pam Baker's published work appears in many leading publications. She's also the author of several books, the most recent of which are "Decision Intelligence for Dummies" and "ChatGPT For Dummies." Baker is also a popular speaker at technology conferences and a member of the National Press Club, Society of Professional Journalists, and the Internet Press Guild.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights