Lepide Blog: A Guide to IT Security, Compliance and IT Operations

What is eDiscovery? Definition and How It Works?

E-Discovery

E-discovery, also known as electronic discovery or eDiscovery, is the process of collecting, reviewing, and exchanging electronically stored information (ESI) for use as evidence in legal cases. This can include data from various electronic sources such as email accounts, social media, databases, websites, and more. ESI must be preserved in a specific way to ensure its legal use, and metadata must be saved to verify the originality and authenticity of the document. E-discovery software is commonly used throughout the process to efficiently sort through this data.

Basic eDiscovery Terminology

Some of the common and important terms used in eDiscovery are:

ESI (Electronically Stored Information): Digital data such as emails, documents, voicemails, videos, and social media posts that can be used as proof in court. This information may also contain metadata, which should be preserved as it can provide relevant details about the file’s creation and authorship. Simply copying a file can alter its metadata, potentially discrediting its reliability as evidence.

De-Duplication: A method of identifying files that are either identical or nearly identical, allowing legal representatives to eliminate repetitive documents from the electronic data that requires review.

De-Nisting: A method for removing system files (e.g. executables, device drivers, initialization files) from gathered data. It only removes previously identified standard system files that have not been changed from their original form, rather than removing all files of a certain type.

Hash Value: Strings of characters that act as unique identifiers of electronic data. They are generated by a hash function and are commonly known as “digital fingerprints”. Two popular hash algorithms are MD5 and SHA-1.

Metadata: Data about data found in electronic files. It includes information about the file’s creation and history, and may also be generated by the device that is storing the data. Metadata is important in eDiscovery as it can provide important context to a document.

Native Format: The format of ESI as it was created and/or utilized by the producing party during their routine business operations.

PST: Files that are like small, compact databases that store emails, attachments, calendar items, etc. PST files offer encryption capabilities, making them a popular choice for legal professionals who need a practical way of transmitting bulk e-mail messages for processing and analysis by their case team.

Other terms, such as preservation, spoliation, keywords, and filtering are often used in e-Discovery, although these terms are self-explanatory.

How E-Discovery Works

E-discovery is a procedure with various stages and techniques, and there is no one methodology that works for everyone. The majority of e-discovery law firms will conduct their own investigations, using their own stages and techniques; however, most processes will follow a common theme.

E-discovery typically involves nine stages, which are as follows:

1. Information governance (IG): IG refers to the processes, controls, and policies required for collecting and preserving data. The Information Governance Reference Model (IGRM), developed by EDRM, offers a robust structure that e-discovery agencies follow.

2. Identification: Parties have a legal obligation to keep the relevant ESI safe as soon as litigation is foreseeable. However, they must first decide what information is relevant before they can preserve it. E-discovery teams employ a number of techniques, such as studying the case facts, conducting interviews, and trawling through repositories – both local and remote – to locate sources of potentially relevant ESI.

3. Preservation: After the relevant ESI has been located, it must be safeguarded against “spoliation” – the legal term used for any altering or destruction of evidence. There are other ways to preserve ESI; however, the legal hold process (or preservation order) is most commonly used. A ‘legal hold’ is a written directive from the legal team to the relevant data owners (sometimes referred to as ‘custodians’) instructing them not to delete certain ESI.

4. Collection: The strategy chosen to collect and consolidate ESI must be legally defensible, which means it must prevent any changes to the contents and metadata during the collection process.

5. Processing: ESI must be processed in order to make it ready for legal inspection and analysis. Processing may involve removing files from folders, erasing useless system data, or changing specific file formats in order to make the data suitable for attorney examination.

6. Review: The review stage of e-discovery is by far the most demanding as it entails assessing the ESI for both relevance and attorney-client privilege, which is exempt from e-discovery. Law firms generally handle this stage for organizations; however, modern technology enables in-house legal teams to employ artificial intelligence (AI) algorithms to separate privileged documents from those that are not relevant. Conducting reviews internally is now much more feasible thanks to these time and money-saving technologies.

7. Analysis: This stage involves assessing the ESI’s content and context, including important patterns, topics, people, and discussions. Even though this stage comes after the review stage, an analysis should be conducted throughout the process of discovery, as well as pre-discovery.

8. Production: To be used as possible evidence, the relevant ESI that has been found must be presented in the form of physical documentation. There are rules for e-discovery that specify how documents must be produced.

9. Presentation: Evidence must be presented to the relevant attorneys, judges, juries, mediators, and deposition participants for use in court proceedings. Data is organized in the final presentation phase to make it simple to parse and communicate to an audience.

Why is E-Discovery Important?

The success of your lawsuits may largely depend on the use of e-discovery, as tampering with digital evidence or failing to properly adhere to the nine stages could be enough to cost you the lawsuit. Organizations must understand how e-discovery works in order to safeguard data when looking into unauthorized data access and privacy concerns. Many of the regulatory guidelines that control the storage and processing of private data call for an audit trail. An audit trail makes it possible to determine what data was accessed, when, and by whom. E-discovery would make it easier to ascertain whether any unauthorized data access was caused by a system compromise or an insider threat.

Why Do Organizations Struggle with E-Discovery?

E-discovery is frequently ignored and only becomes meaningful after a case is launched. However, the e-discovery process is unfamiliar ground for many organizations. Investigations into data privacy concerns and digital infiltration can be challenging, even with experienced internal staff. Even if the organization names an attacker, law enforcement agencies need sufficient proof before they can open a case.

Another problem with e-discovery relates to the amount of data that needs to be collected. Organizations that store large amounts of data need to know exactly what data they have, and where it is located. Large databases might take months to search, and investigators need to have access to the right information quickly. In some cases, the search for and collection of data may require appointing a number of additional staff, which will cost money.

Even if every piece of data is found, you still have to trust those staff members won’t alter or delete any of it. Also, data might be stored on an employee’s mobile device instead of the network, and this device must be turned over and kept secure until the data can be recovered. It is the duty of the entire organization to maintain the integrity of its data until it can be transferred to a secure storage facility.

Common eDiscovery Challenges

Discovering electronically stored information can be overwhelming, even for experienced legal professionals. This is largely due to the extensive range of file formats that are involved, such as emails, voicemails, videos, websites, social media posts, and databases, as well as the numerous regulations that dictate their legal application. It is crucial to establish a roadmap for handling eDiscovery challenges and ESI protocols as each case is unique. The chosen path will depend on various factors, such as subject matter, key terms, and platform. Developing a comprehensive plan, anticipating possible setbacks, and communicating it to all parties involved can prevent errors and lead to a more seamless eDiscovery process. Below are some of the potential hurdles that may arise along the way:

1. Difficulty collecting specific types of information

One of the main challenges in eDiscovery is collecting specific types of electronic information, such as deleted or atypical data. To avoid this issue, it is important to understand the client’s ESI and consult them regularly about where the information is, who is in control of it, and what form it is in. Knowing these details can help establish a solid ESI protocol and minimize the need to recover missing information or revise orders. Expert assistance may be necessary in certain cases, such as when dealing with unique file types like Slack or MS Teams data.

2. Opposing counsel did not use the necessary software to produce requested documents

Opposing counsel’s inability to produce documents in the desired formats with requested metadata can be avoided by agreeing on eDiscovery software in the ESI protocols. It is important to ensure both sides have the tools to produce and share ESI in the necessary formats, which should be discussed when negotiating ESI protocols. Parties should research each platform and determine what is best for the case to prevent disputes.

3. Opposing counsel shared documents without dates

Opposing counsel may produce documents without dates, making it difficult to organize by date range. To avoid this issue, develop specific requirements for productions (dates, authors, and edit history), and hold the opposing party accountable for producing the requested data.

4. One party mistakenly produces privileged information

To avoid the problem of accidentally producing privileged information during ESI discovery, parties should establish a clawback agreement that outlines how privileged information will be handled. These agreements are designed to protect privileged information and can be “no-fault” or “irrespective of care” clauses.

5. Opposing counsel sends large amounts of irrelevant ESI

Data dumps can overwhelm and mislead and may be punishable by law. It’s important to specify what’s included and excluded in productions. Limiting the data scope can save time and money, and using deduplication techniques can significantly reduce review time. However, it’s important to have the opposing party validate the results to prevent the removal of relevant data.

How Lepide Helps with E-Discovery

The Lepide Data Security Platform provides an e-discovery tool out-of-the-box that will scan your repositories, both on-premise and cloud-based, to locate sensitive data. Locate files containing personally identifiable information through eDiscovery and let Lepide do all the work in the background. Generate all the required information you need to respond to DSARs, right to be forgotten, or e-discovery.

Our e-discovery solution allows you to combine multiple values as well as search an expansive range of file types ensuring you get the most accurate results possible and avoid irritating and time-consuming false positives.

If you’d like to see how the Lepide Identify can help you complete the nine e-discovery stages, schedule a demo with one of our engineers.

FAQs

What are the specific costs associated with e-discovery?

E-discovery involves several stages, each with associated costs. Data collection fees vary depending on the device or account ($500-$1500 per item) and data volume ($8-$15 per GB/month). Processing costs also depend on project size and features like OCR, typically ranging from a few hundred dollars to per-GB pricing.

Review and production involve software fees (flat fee or per user/GB) and legal professionals’ hourly review charges. Additionally, optional project management and expert witness fees can add to the total cost.

Remember, these are estimates, and actual costs vary based on case complexity, data volume, chosen technology, and negotiation strategies. Consulting an e-discovery vendor or legal counsel is crucial for accurate cost estimations and management.

How can I choose the right e-discovery tool for my needs?

Selecting the right e-discovery tool requires careful consideration of your specific needs. Begin by analyzing your requirements. What data types (emails, documents, etc.) do you typically deal with? How complex are your usual cases? What is your allocated budget? Will you manage e-discovery internally or outsource it?

Next, evaluate key features. Look for user-friendly interfaces to minimize training and ensure smooth adoption. Consider the tool’s scalability to handle varying data volumes. Assess the search functionalities, filtering options, and any advanced analytics capabilities offered. Security is paramount, so ensure the tool employs robust data protection measures that comply with relevant regulations. Finally, understand the pricing structure, whether it’s per user, per GB, subscription-based, or has hidden costs.

Don’t be swayed by fancy features alone. Focus on core functionalities that directly address your specific needs and budget. Research the vendor’s experience in your industry, assess their customer support, and consider client testimonials to gauge their reputation. Free trials or demos are crucial to test drive the software and ensure its compatibility with your workflow. Remember, the ideal tool is one that complements your unique requirements rather than being purely feature-rich.

What are the legal implications of not following e-discovery best practices?

Failing to follow e-discovery best practices can lead to a range of legal and financial consequences, impacting both the party responsible and potentially their legal counsel. Here are some key implications:

Adverse Inference Sanctions: Courts may impose negative consequences, assuming the missing or improperly preserved data would have been unfavorable to the non-compliant party. This can significantly weaken their case and hinder their ability to defend themselves effectively.

Financial Sanctions: Courts may levy fines or monetary penalties for non-compliance with e-discovery obligations. These can be substantial, depending on the severity of the case and the level of negligence involved.

Cost-shifting: The non-compliant party may be ordered to bear the additional costs incurred by the opposing party due to their e-discovery failures. This can include expenses associated with data recovery, additional legal work, and expert witness fees.

Exclusion of Evidence: Crucial evidence that is not properly preserved or produced during discovery might be excluded from the case, potentially weakening the non-compliant party’s case and hindering their ability to present their arguments.

Reputational Damage: Non-compliance with e-discovery obligations can negatively impact the organization’s reputation, potentially leading to public scrutiny and loss of trust from stakeholders like clients and investors.

Potential Malpractice Claims: In some scenarios, a party’s legal counsel could face malpractice claims if their negligence or inadequate guidance regarding e-discovery best practices significantly harms the client’s case.