With the maturing of the e-Discovery marketplace, it can be easy -- too easy -- to think that it's all just a matter of using the right tool. But as with most business processes, and particularly with e-Discovery, it's a matter of policy and process as well.

E-Discovery Becoming Big Business

With events occurring this year such as the first Gartner e-Discovery Magic Quadrant and Symantec's acquisition of Clearwell Systems, it's obvious that the e-Discovery tools business has hit the big time. No longer does it seem solely the purview of wizened gnomes in basements meticulously poring through scanned documents like the Gringotts Wizarding Bank in the Harry Potter movies, but now something that could be done swiftly and automatically by machines.

No less an authority than John Markoff of the New York Times wrote earlier this year about how "armies" of attorneys were being replaced by software, which was not only faster but more accurate:

The computers seem to be good at their new jobs. Mr. Herr, the former chemical company lawyer, used e-Discovery software to reanalyze work his company’s lawyers did in the 1980s and ’90s. His human colleagues had been only 60% accurate, he found."

Tools Not a Panacea

However, it's important to remember that tools can't do everything. Indeed, tools are most typically used to implement processes and policies that are already in place -- and a tool can't create a process or policy if there isn't one there. Moreover, different tools are appropriate at different parts of the process.

This is especially important because, as awareness of e-Discovery and its use in trials grows, the number of sanctions against companies for failing to perform e-Discovery correctly is increasing, not decreasing.

Moreover, an LDM Global study of errors in e-Discovery indicate that the most significant errors tend to be errors of process and people, not tools:

  • Failure to Effectively Communicate across Teams: 50% of the respondents identified this error as one that frequently occurs
  • An Inadequate Data Retention Policy: 47% of the respondents identified this error as one that frequently occurs
  • Not Collecting all Pertinent Data: 41% of the respondents identified this error as one that frequently occurs
  • Failure to Perform Critical Quality Control (i.e., sampling): 40% of the respondents identified this error as one that frequently occurs
  • Badly Thought Out, or Badly Implemented, Policy: 40% of the respondents identified this error as one that frequently occurs

In contrast, the study notes, only 14% of respondents identified Spoliation of evidence, or the inability to preserve relevant emails -- one of the easier things to automate -- as an error that frequently occurs.

The Most Important E-Discovery Process

There are a number of descriptions of the e-Discovery process lifecycle, but the most important part is this: Some steps are required to be followed before litigation, while others are followed afterwards. In other words, you can't wait until you get the subpoena to begin to implement an e-Discovery policy; it needs to be started right now. 

The part that needs to be done before litigation is the information management part, which governs setting up policies that determine which documents the company keeps, and how long it keeps them.

Companies should consider implementing information and records management policies and procedures that address [electronically stored information], including the retention, preservation and destruction of electronic information and records. Without such policies and procedures, a company's retention and destruction of records can be inconsistent and could result in the retention of records that are not needed for business purposes and not required to be preserved by regulation or law. Retaining unnecessary records can significantly increase the burdens, complexity and costs of electronic discovery."

What this doesn't mention is that implementing proper records destruction policies help protect a company by getting rid of documents that could be used against it later. Many attorneys and e-Discovery professionals espouse the regular destruction of records for this reason. Tools that are appropriate for this round of the process include email archiving products and storage tiering products.

After Litigation Starts

Once litigation starts, however, all bets are off, and typically a company is forbidden from destroying any records that could be relevant to a case. The steps involved once a case is filed include the following, according to the law firm of Gibson Dunn:

  • Identification: The identification phase begins when the duty to preserve relevant information for litigation or an investigation is triggered. It involves developing and implementing a plan to identify sources of potentially relevant records.
  • Preservation: The preservation phase involves protecting potentially relevant data in ways that are legally defensible, as well as reasonable, efficient, auditable and that mitigate risks.
  • Collection: The collection phase entails gathering potentially relevant ESI and its metadata in a manner that is legally defensible, targeted, proportionate to the matter, auditable and efficient.
  • Processing: Processing involves formatting collected ESI so that it can be culled and searched in a review tool.
  • Analysis: Analysis involves evaluating collected ESI to determine relevant summary information, such as key topics, critical players, specific vocabulary and jargon and highly relevant documents.
  • Review: Document review is the means of identifying responsive documents to produce and privileged documents to withhold. (Interestingly, some researchers are discovering that processes that include human review as well as computer review are more accurate.)

E-Discovery as a Business Process

Barry Murphy of eDiscovery Journal recommended earlier this year that businesses begin looking at e-Discovery like any other business process.

Long-term information management projects do little to help the legal, litigation support, and IT staff run ragged by reactive eDiscovery fire-fights. What can these organizations do today while the immature solutions market sorts itself out? The best way to look at eDiscovery is as another business process to manage. And that means balancing short-term needs with longer-term strategic decisions (such as an information management infrastructure).

The good news, though, is that courts don't expect perfection, says Mark Diamond of Inside Counsel. 

Having a documented policy and procedure surrounding e-discovery response is important to demonstrating reasonableness, but only if a good faith effort is made to follow those procedures...It is much better to have a simple records retention policy applied consistently than a complex, albeit seemingly perfect, policy no one follows.