Tips for Creating a Corporate Ediscovery Policy
Teaming Up Legal and IT
Companies often put off creating an ediscovery policy until they’ve been burned by long, drawn out, costly litigation. The time to lay the foundations for effective ediscovery is before your organization gets hit by a regulatory investigation or headline-grabbing lawsuit.
Discovery is typically the most expensive part of litigation. A well thought-out corporate ediscovery policy helps a business successfully manage the ediscovery process by codifying the rules for the people, process, and technology involved.
To be effective, the creation and maintenance of an ediscovery policy requires involvement from a multidisciplinary team of company leaders who contribute to the assessment of discovery costs and risks, and contribute an understanding of enterprise data and relevant laws and regulations, all of which affect the defensibility of an ediscovery approach. At a minimum, leaders of both legal and IT teams have critical roles to play.
A well thought-out corporate ediscovery policy helps a business successfully manage the ediscovery process by codifying the rules for the people, process, and technology involved.
By planning a response to complex legal obligations that call for the production of relevant data, a company can reduce its risks and save money when an investigation or litigation matter comes in the door.
What Is a Corporate Ediscovery Policy?
A corporate ediscovery policy is a road map for the rules to follow in the event that a company is involved in litigation or other matter that entails a request for information (in the form of, for example, a discovery demand, subpoena, or regulatory investigation.) It ensures that electronically stored information that is potentially responsive in a legal matter is effectively identified, preserved, maintained, and if needed, produced.
Modern companies generate vast amounts of digital data in the course of business — almost all of which can be subject to discovery.
Ediscovery, which is short for electronic discovery, describes the collection and exchange of electronically stored information. Governed by the Federal Rules of Civil Procedure (FRCP) when in federal courts, discovery is central to dispute resolution that calls for the collection of facts, including litigation, internal investigations, and arbitration.
Modern companies generate vast amounts of digital data in the course of business — almost all of which can be subject to discovery. That data comes from ever evolving sources —including applications such as Slack and Zoom and BYOD devices — and in increasingly complex formats — including instant messaging chats, social media, spreadsheets, audio, and video files.
All that electronically stored information, or ESI, needs to be effectively managed on a regular basis. That begins with solid information governance, including methodical records and information management on one end, and efficient ediscovery practices on the other, to quickly and defensibly respond to an investigation or litigation matter.
Why Is an Ediscovery Policy Important?
Whether a company needs an ediscovery policy depends on its risk profile, as Deloitte discusses in “Building a Corporate Discovery Framework.” Questions to consider include:
How much litigation exposure does the business have?
How often is it involved in litigation?
What type of litigation or regulations affect it?
With the volume and complexity of data growing at breakneck pace, corporate discovery costs continue to climb. Nearly 60% of GCs, CLOs, and in-house legal professionals said they’re looking to move more litigation work in-house to contain rising litigation costs, according to “The State of Corporate Litigation Today” published by Everlaw with the Association of Corporate Counsel. The industries making the biggest changes to reduce costs are energy (83%), healthcare (71%), and insurance (71%).
Nearly 60% of GCs, CLOs, and in-house legal professionals said they’re looking to move more litigation work in-house to contain rising litigation costs.
A defined ediscovery policy, as an essential element of a litigation response plan, helps a company effectively manage the rising risks and costs of ediscovery. It provides guidance to key stakeholders for complying with ediscovery demands.
By outlining a litigation response plan and a defensible discovery approach, a company can involve the right stakeholders at the right time for a coordinated approach, and ensures that it understands its data and how to produce it before a lawsuit strikes.
A defined ediscovery policy, as an essential element of a litigation response plan, helps a company effectively manage the rising risks and costs of ediscovery.
Who Is Involved in Creating an Ediscovery Policy?
Developing a defensible ediscovery policy is a team sport. Ownership of the ediscovery process and policy creation is a shared responsibility across company functions. Deloitte underscores that stakeholders from in-house legal, compliance, IT, and relevant business departments all have an important role to play in mitigating ESI-related risks and should be consulted in the development and maintenance of the policy.
The litigation or investigation response team may include executives from the C-suite, such as the COO, CIO, or CFO, and the compliance team.
The legal team plays a central role. With specialized knowledge of the federal, state, and local ediscovery rules that are relevant to their company, the legal team is critical in ediscovery preparation. In-house legal professionals also play an important role in informing leadership and teams they work closely with about how rules and regulations affect the company.
Developing a defensible ediscovery policy is a team sport.
The IT team is another critical partner. Legal collaborates with IT to make sure that processes are in place to identify, preserve, and produce relevant information if litigation is on the horizon. IT can also serve as a valuable resource for information on how data are accessed, stored, retrieved, and destroyed.
Together, legal and IT develop the company’s information management plan and outline its records management policies, into which an ediscovery policy rolls up.
Litigation Holds, Records Retention Policies, and Production
Most corporate ediscovery policies are confidential, but seeing how other organizations approach this process can be instructive.
The American Health Information Management Association (AHIMA) details the steps for litigation response planning and policies for ediscovery in healthcare, an industry that generates vast volumes of sensitive and regulated data on patients.
AHIMA recommends separate policies for key elements that contribute to a successful ediscovery response. Though they’re described for the purposes of health organizations, many are broadly applicable to companies in other industries, notably:
Preparation for a pretrial conference
Before legal counsel attend a pretrial conference — where attorneys for both sides meet in court ahead of trial to discuss various issues about the case — it’s important to have clarity around the key issues that will be addressed with the judge and plaintiff lawyers, to understand the discovery plan, and the impact on pretrial activities.
Preservation and legal holds for relevant ESI
The ediscovery policy needs to spell out how to preserve records and other information as part of a responsive discovery process to avoid spoliation of evidence.
Retention and destruction of ESI
A company needs to have clear rules for the proper storage but also the destruction of documents that are no longer needed, including timelines for doing so. This is typically detailed in a retention policy.
Document production
It’s also important to outline the steps necessary to effectively disclose electronic information in response to a legal proceeding. This may include an approach to determine the burdens and costs associated with producing ESI.
The Role of Modern Technology in Ediscovery
The use of technology is an important part of navigating the challenges of discovery management and reducing both costs and risks. However, modern ediscovery tools, with their analytics and automation capabilities, play an important role in simplifying some of the most costly phases of ediscovery. One example is the ability to use tech to reduce datasets to just the relevant documents that require human review.
Leading in-house law departments are increasingly leveraging tech-enabled discovery tools that make large volumes of data more manageable, such as:
Concept clustering helps teams leverage near-instant insights from massive amounts of data to quickly sort through and understand millions of documents for full review or early case assessment, without any human input required.
Early Case Assessment allows a team to quickly assess a claim by slicing through huge datasets to the key pieces of information that fuel insights early in a matter and help shape the company’s litigation strategy. In 2022, Everlaw users were able to reduce the volume of documents for review by 74%. That means a rate of exclusion of nearly three out of every four documents through ECA.
Modern ediscovery tools play an important role in simplifying some of the most costly phases of ediscovery.
What Should Be Included in an Ediscovery Policy?
Though the specifics of an ediscovery policy depend on the size and nature of a business and its unique risk profile, some elements are universal to modern organizations. Private corporations don’t typically publish their ediscovery policies online. Universities and colleges, on the other hand, offer a look at the basics.
To comply with various ediscovery requests that arise in the context of litigation, administrative proceedings, audits, investigations, and Freedom of Information Law requests, SUNY Purchase College follows key steps that can be applied across organizations, whether public or private.
Purpose of Ediscovery Policy
In its Legal Proceeding Preparation (Ediscovery) Policy, the public college describes the purpose of its ediscovery policy. In short: the goal is “to provide guidance and directives to aid various University constituencies and officers in their efforts to comply with those ‘e-discovery’ responsibilities and demands.”
It goes on to identify the personnel involved, including custodians (the individuals who may have responsive ESI) and legal counsel in their role “to identify, preserve, maintain, and produce ESI that is subject to a Legal Hold.”
Definitions of Key Concepts and Terms
The Purchase College policy goes on to define key terms, including: ediscovery, legal hold (also known as a litigation hold), counsel, custodian, IT personnel, and the “triggering event” that would lead legal counsel to expect litigation or another legal process that may call for a preservation obligation. It also defines what a “legal preservation notice” is and what constitutes “Electronically Stored Information,” or ESI.
People and Roles
Purchase College describes the duties of the organization’s in-house counsel and their role in issuing legal holds, in defining the scope and types of ESI, and in coordinating with leadership to identify key persons, such as custodians. It spells out collaboration with IT to determine proper ways to preserve ESI. The policy also lets other key people know what their obligations are in managing records and ESI and preserving relevant information under a legal hold.
Process
Once an information request requiring a response can be reasonably anticipated, the college in-house counsel spring into action on a number of fronts. These include issuing appropriate legal holds, working with campus leadership to identify and notify the custodians and other affected personnel, and defining the scope and type of ESI for the recipients of the legal hold.
Legal counsel at the college work with IT to determine the best methods for preserving ESI, monitor compliance with legal holds, and manage the production of ESI if needed.
At Purchase College, the IT department is responsible for contracting with vendors, including ediscovery services providers.
Purchase College’s policy also notes that failure to follow the ediscovery policy may result in discipline and potential exposure to legal sanctions. The records management office of each campus ensures compliance with the policy.
Revisit Your Corporate Ediscovery Policy Regularly for Success
Ediscovery is a complex undertaking no matter the size or focus of a corporation. Developing a successful corporate ediscovery policy benefits from the involvement of leaders from various functions, including legal, IT, and business. Establishing a litigation and ediscovery response team, a game plan, and policies are essential parts of the process.
An ediscovery policy is a living document that requires regular care.
It’s worth remembering an ediscovery policy is a living document that requires regular care. As AHIMA notes, the litigation and ediscovery response team should oversee the ongoing review, monitoring, and evaluation of discovery processes and make annual training available for key personnel to ensure compliance with the policy.
A well planned corporate ediscovery policy rolled out in advance can go a long way to mitigate risks, improve litigation outcomes, and reduce expenses.
Learn more about how to reduce costs in “7 More Ways to Cut the Cost of Ediscovery.”