By Tim Rollins
Attorneys, whether you’re in-house counsel or you’re working at a law firm servicing corporate clients, it’s time we talked about your document review process. Chances are your process is pretty close to what you’ve always been doing, maybe for a decade or longer… but that’s just not going to do anymore. Things have changed in a lot of ways over the last five to ten years—and if you haven’t adapted your document review process, you’re creating unnecessary risk and doing unnecessary work, either for your own company or your clients’.
First of all, there are more reasons than ever why it’s imperative to have a document review solution in place. Everyone understands that there’s more data than ever before, located in a more diverse set of locations. Large organizations have to reckon with computers, networks, off-network storage, cloud technology platforms, multiplying communications applications, personal devices like smartphones and tablets, and on and on the list goes. Not only that—there are more use cases than ever, as well. Of course, electronic discovery for civil litigation is near and dear to our heart, but we’re also talking about things like:
- Internal and regulatory investigations like those arising from HR matters, employment changes, potential wrongdoing or misuse of company resources, etc.
- Data breach response to understand what data has been compromised and who needs to be notified
- Data subject access requests (DSARs) to comply with privacy regulations like CPRA, CCPA, GDRP, and more
- Freedom of Information Act (FOIA) and public records requests (PRRs) for governmental agencies and other publicly regulated entities
Secondly, today’s threat environment is far more dangerous than even a few years ago. Data breaches and ransomware attacks are up considerably over past years. 2021 saw a record number of data breaches (over 1800!), up 68% year over year. There are over 4,000 ransomware attacks a day, up from 1,000 per day as recently as 2016. If you’re an in-house attorney, how do you feel about shipping sensitive client data out to a law firm or service provider for review? If you work for a law firm or service provider, do you really want to be responsible for the consequences of a data breach? Wouldn’t you rather be certain document review was happening in a certified secure environment? Simply put, unnecessary data transfers—between technology platforms or between organizations and platforms—create risk: human error, data loss, or data breach to name three obvious ones.
Whatever purpose you’re conducting document review for, you need to have defensible processes in place—or face the consequences of failure: losing a lawsuit in response to failing your e-discovery or investigatory obligations, civil litigation for failure to notify victims of a data breach, fines and penalties if you fall afoul of privacy regulatory obligations. Here are three tips you should consider and implement in your document review processes.
Document Review Tip #1: Adopt a consistent tagging system.
Train reviewers to use a consistent system for tagging documents across all cases. In addition to topic and relevance tags like responsive, non-responsive, and privileged, some teams also add descriptive tags, like favorable, neutral, and unfavorable. By adopting consistent tagging practices, you’ll make subsequent reviews easier, as you can draw on previous reviews—if you’re using a single-instance storage review solution with persistent tags.
Document Review Tip #2: Define and follow quality control practices.
Even the most experienced reviewers make mistakes. Use technology or a secondary review to verify reviewers’ accuracy, or sample one in 10 documents labeled non-responsive to validate that nothing is slipping through the cracks. Advanced analytics in a document review platform can help take quality control to the next level by tracking review teams’ accuracy and prioritizing more efficient or more accurate reviews are prioritized for more tasks.
Document Review Tip #3: Document everything.
With cases and investigations that can drag on for years, it’s normal for different attorneys or reviewers to pick up work from their predecessors. Recording key decisions and steps taken documents your reasoning for the court or regulators, and it goes a long way toward ensuring that they will judge your efforts in good faith. After all, in the Federal Rules of Civil Procedure, it’s clear that the most severe sanctions are reserved for those who demonstrate “intent to deprive” the other parties of key information.
Learn three more document review tips in the Exterro infographic The 6 Musts of Defensible Document Review.