By Tim Rollins
Legal holds are the foundation of the e-discovery process, so naturally, legal hold technology serves a similar role in many organizations’ e-discovery technology stack. Their initial investment is a legal hold technology, and then they add on to it--whether as part of an integrated technology solution (like Exterro) or with additional point tools that address specific needs, like data collection and processing, or document review.
But just because legal hold is the starting point of your e-discovery software solution, you can’t really afford to ignore and assume all is well. Your technology, and more importantly the process you power with your technology, must stay up-to-date, or you may be introducing risk where you thought you were mitigating it. In a recent Exterro webinar, Mastering Legal Holds: Sustaining Defensibility Amidst a Variety of Emerging Data Risk Considerations, Geoffrey Klingsporn, Esq., Sr. Assistant City Attorney City and County of Denver, and Matt McCartney, Senior Manager at Ernst and Young, dug into some of the trends that e-discovery professionals must account for in their technology and processes.
The proliferation of data and risk
The past several years have witnessed an explosion of data types and sources, as organizations adjusted to technology trends like BYOD and mobile devices, instant messaging, ephemeral messaging, and cloud computing. All of these trends were put into hyperdrive over the past two years, as remote work--and remote everything--broadly took hold across the country. E-discovery professionals found themselves on the front lines of these issues, as they needed to balance the demands between, as Geoff Klingsporn put it, “IT concern[s] like cybersecurity and data privacy, that need to lock down and get rid of data, with the obligation coming from the litigation and open records sides to preserve, locate, and save information.”
These IT and security concerns have become more important side by side with these technology trends. Data breach risks and potential privacy regulation violations arise from workers with less-than-secure remote work set-ups--and the proliferation of bad actors and the expensive financial costs of breaches apply pressure against conservative data retention and e-discovery policies.
“Every day we read about new data breaches that have been brought on by internal and external threat actors, and the financial penalties of those breaches are increased by this evolving privacy legislation, and I think if you look at it, we have new privacy legislation coming on almost daily,” McCarney explained. “When you ask, ‘where’s the data?’ In the past, they handed you a laptop, pointed you toward a file cabinet or a server. Today, we ask that same question and the data is spread across the globe, it's spread across infrastructure. And so these challenges and considerations are really top of mind for our clients.”
How then can e-discovery professionals perform their duties in a way that balances the demands of the legal system and those of our new, risk-laden data privacy and security environment? For organizations of any scale, whether mid-market or enterprise, technology is a must have. Here are four ways technology can help.
You need a data inventory
The nature of e-discovery requires legal teams to preserve data. Conducting a data inventory gives all stakeholders, not just legal teams key data sources, the business value they have, and the risks associated with data deletion. It can feed into technology solutions, like In-Place Preservation of material under legal holds, or accelerate the process of identifying and informing custodians of their obligations.
McCartney suggests a way to increase the value of your data inventory is to map its value to the organization in four quadrants. “On one axis we have the value of the data and the other access we have the cost and burden to preserve and produce it. That really helps us triage which data sources are most important [to the organization].”
Invest in technology for cost savings…
One of the reasons organizations invest in e-discovery technology is to save money. But the initial down payment is often quite substantial, so organizations have to identify ways that justify the budget. Legal departments have to convince leadership to invest resources there. Many organizations don’t focus on defensibility as a driver for technology purposes, but with e-discovery, it can be a key reason.
And to increase defensibility.
Geoff Klingsporn explains, “You need to convince the executive level to either make technology purchases or at least upgrades. Prioritizing the processes you need to put in place and automate, and [adverse case law rulings] are great for that purpose as well, to essentially put an emphasis on the risk of not doing anything or of not doing things as well as we could. [The cost of e-discovery sanctions] tends to make the cost of IT implementation seem cheap.”
Harmonize your data privacy obligations, compliance considerations and e-discovery requirements.
There’s a four-step process you can follow to quickly bring your e-discovery processes and data retention concerns into better alignment.
Automate legal hold notifications, so you can take quick action can to ensure the defensible preservation of custodian data.
Maintain an up-to-date data map. It’s more important than ever that Legal has a single place to evaluate data retention policies, legal hold obligations, and data privacy requirements at the same time.
Minimize irrelevant ESI. After it’s been verified that the data is no longer under a legal hold and doesn’t serve a relevant business purpose, delete it.
Document your process. Courts look for a reasonable process, rather than a perfect one. Documentation demonstrates a reasonable attempt to comply with e-discovery professionals' numerous obligations.
Finding the right balance for legal holds
Legal professionals have long had to balance competing demands on their time and attention. With respect to legal holds, e-discovery practitioners have to balance efficiency, security, and defensibility. With technology, defensibility doesn’t have to be sacrificed to obtain these other two goals, which is certainly reassuring to legal teams. As Geoff Klinsporn said, “Lawyers are always going to be worried about going into court to defend, but [these days ]that means more having a defensible process ,and not just making sure that you have a copy of everything in your office.”