Now it’s time to consider how all this theory works in real-life e-discovery situations. In our last module, we will give brief overviews of the process of creating and responding to the e-discovery plan from the points of view of both the requesting party and the responding party, followed by some projections of the field into the future.
Creating E-Discovery Plans
The parties, by rule, need to have an e-discovery plan in place by the first pretrial meeting.[1] An e-discovery plan is the plan that takes into consideration the rules and case law that we have been discussing, as well as delineating the types of e-discovery software platforms that will be used, best practices and numerous other aspects of producing the right data at the right price. If there is no agreement between the parties, the judge will impose a plan.
At that point, the plan will be memorialized as a pretrial order[2] and generate a “Form 52” report. [3] Form 52 covers the main points to consider in creating the discovery plan. The e-discovery plan may be made more or less difficult depending on how the responding party’s data storage is organized. Some are set up to easily allow e-discovery and some are not. But all of them must respond to the same orders and rules in the same ways under the 2015 amendments to the federal rules.
Different law offices and different courts design plans to their own needs, but the following overview provides a basic approach for how these plans can be designed.
Determining the scope of discovery
The first step in an e-discovery plan is to figure out what data is needed and when it should be produced.[4] Determining this is not going to happen at one pretrial meeting. Counsel must communicate about this aspect of the case on an ongoing basis before the first pretrial meeting. They can bring stipulations to that pretrial, and then argue over points of disagreement.
Data Preservation
All issues of data preservation must be in the discovery plan.[5] The parties may have received preservation letters long before the pretrial, but now the plan should include specifics on what data needs to be preserved, where it is located, and so on.
Scheduling Discovery
Discovery is usually scheduled so that the easiest data to retrieve will be delivered first, while the technically more difficult data will be given more time to be retrieved. Schedules should be reality-based in terms of technology and human effort, but also driven by the scheduling needs of the court.
At this point, the parties can begin to discuss cost estimates, especially in highly complex cases. It is here that the judge may begin imposing some cost limits under proportionality principles.
Dealing with Data in the E-Discovery Process
Delineating the Actual Data—What is it and What is it Stored on?
Before dedicating resources to finding and analyzing data, the parties need to determine if that data exists. That may require an inventory of devices on which the data may be stored, then followed by some indication of what may be on those devices. The parties can then assign scheduling priorities to the devices. This is also a step in early determination of whether there may have been spoliation of any data. Also, at this point outside experts may be called in to study and map out each party’s data storage universe.
Determine How the Data Will be Analyzed
This part of the plan requires input from IT staff and perhaps the engagement of third-party experts and third-party e-discovery software platform providers. The parties and the judge determine how much of the data search will involve predictive coding and how the data review will proceed from that point. The agreement also lays out how various types of documents are handled. There are numerous kinds of documents that can be subject to various kinds of search algorithms.
— Data can be found in both structured formats, like databases and unstructured formats, like word processing documents. It is much more difficult to extract data from structured than from unstructured formats.
— Compound documents are documents with multiple parts in different formats, such as an email (the “parent document”) with a video attachment (the “child document”). One parent document can have many child documents. The parties determine how to handle these types of documents.
— Duplicate documents need to be identified and removed, usually by “hash” algorithms that identify digital signatures.
— Search parameters will be identified, and the means to conduct the search will be determined.
— Encryptions may need to be detected.
— Deleted files may need to be recovered.
— The extent of disclosure of metadata needs to be decided.
In addition, file systems need to be catalogued and search indexes and file activities constructed.
Protected Data
The parties should try to agree ahead of time what to do in the case of inadvertent disclosure of data protected by privilege, confidentiality, protective orders or non-disclosure agreements. This disclosure can happen either by a party inadvertently delivering a privileged document to the other side or by the requesting party being given open access to the other party’s data. In any case, the effects need to be discussed in the plan. This part of the plan can also include steps to creating a privilege log.
Analyzing the data
Once the data is discovered through the search platform, it must be analyzed for relevancy. This is when the humans take over. The final data is analyzed by teams of skilled professionals who read through all the documents that the searches have produced. The plan should contain procedures for these tasks.
How the Documents are Produced
The next part of the plan will discuss the formats and delivery requirements of the analyzed and reviewed documents, along with the privilege log, extent of the metadata to be delivered and other requirements. It will also include how to handle duplicates, file types, compound documents and the rate of production as determined by the schedule.
Disputes
The e-discovery cases that make news are the ones in which the judge has to decide a pretrial dispute about some issue. But the agreement can provide for ways to resolve disputes short of asking the judge, including bringing in a third party or allowing the various IT people involved with the case to conduct open discussions of the issues. A primary consideration should be making the judge’s life easier.
Cost Assignment
Cost assignment is another facet of “making the judge’s life easier.” It is likely that the judge will have some idea of what a reasonable cost distribution[6] would be around the time of the first pretrial, and that input will be valuable. But, ultimately, having the parties agree on cost distribution is the best way to go.
Disposition of the Data After the Case Has Ended
All parties need to preserve discovered data while the case is active—up to and including appeals. But storing and maintaining that data comes with a cost, and so, at the end of the case, the parties should be given the option of destroying or otherwise cutting maintenance costs of the data. Therefore, a data disposition clause will usually be attached to an e-discovery plan.
How to Respond to the Data Request Litigation Response Plan
On the other side of any e-discovery plan is a “litigation response team” to make sure that that the responding party and its attorneys properly conform to the plan. That team can be within a company, run by the company’s lawyers, or a combination of the two. A typical litigation response plan and process includes the following five key steps:
- Attorneys conduct an evaluation of applicable rules with leadership
Corporate or outside counsel will have to start the e-discovery process by briefing the responsible members of the company hierarchy on the rules and how they expect them to be applied to the organization in the case. This will include the expected scope of discovery, a review of the applicable software platforms that may be used and caveats on delaying implementation of the discovery plan. This should take place as soon as possible after even the threat of litigation raises its head.[7]
- Create, Identify or Engage a Litigation Response Team
An organization’s litigation response team should be composed of people who bring different skills and training to the table. One can assume that most big companies have some version of this, but at the same time, the personnel and procedures must be constantly updated.
Litigation response teams create policies around the preservation and destruction of electronically stored information and how to respond to discovery requests. They are responsible for the identification, preservation, search, retrieval, and production of responsive ESI relevant to current, pending and potential litigation. The team is in communication with the legal team about the location, format and status of any relevant ESI and costs associated with retrieving requested discovery.
A typical litigation response team consists of a permanent group and a temporary group. The permanent group may include someone from IT, a corporate officer and people from compliance, records and finance, and possibly in-house counsel. Outside members of the team could include counsel and outside technical help as well as cloud storage companies that hold data relevant to the litigation. Temporary members may include someone in a supervisory position in each department affected by the litigation. In many cases, the CEO of the company will work directly with legal counsel on an ongoing basis.
- Risk, Issue and Challenge Analysis
Before doing anything, the litigation response team must engage in an overview analysis of the entire e-discovery plan. This analysis includes the following items, although this is far from a complete list.
— Identify where the relevant data is located and what methods or e-discovery platforms will be used to identify and deliver it. Find and identify all potential custodians of the data, including third parties. Check backup, cloud and legacy systems.
— Make sure legal counsel is familiar with the organization’s information systems and records management protocols before the first pretrial conference, so the lawyer can knowledgably engage in the discussion.
— Estimate the true costs of the e-discovery.
— Identify and conform to all litigation holds. Make sure the technology is capable of this.
— Determine the forms in which the data and the rest of the discovery will be delivered.
— Make determinations about the reasonability of the discovery requests under the rules.
— Email is still the most sought-after ESI. Lawyers need to know how company email is classified, managed, stored and retained, as well as how to handle privacy and privilege issues.
— All data must be screened for privilege and a privilege log should be created.
— Check for both over-responsiveness and under-responsiveness to the actual data requests.
- Implement Policies and Procedures for Response
So how do you get the data in the right form, within budget, to the right people, within the desired time frame? You need a plan, and that plan should be formal, in writing, with checklists, calendars and controls.
Litigation response teams will generally create policies along these lines:
— Preparation for pretrial conference. The lawyers will want specific information for each pretrial conference and the team will need procedures for getting that to them.
— Preservation and legal hold policies, as well as determining the custodian/ monitoring of the data, along with policies to stop destruction when a hold is imposed to avoid spoliation.[8]
— Data retention and destruction policies need to be specific, detailed and reasonable. Failure to properly track these procedures can bring sanctions.[9]
— Plan for the deposition of an IT person.[10]
— Process all information for attorney review.
— Develop response plans that require the least amount of business disruption for adequate response.
- Develop a System for Ongoing Monitoring and Evaluation
Once a system has been developed to respond to e-discovery requests, it must be continually monitored and updated. Staff training should keep up with developments in both the law and technology, and policies need to be continually revisited to make sure everything is up-to-date.
Future Challenges and Coming Technology
E-Discovery as a field is just beginning to mature. Looking into the future of e-discovery is looking into the future of all technologies connected to the field. While it is impossible to predict all the changes in the field, it is possible to talk about the obvious challenges the field will be faced with in the near and far terms.
Operations and Costs
The global market for e-discovery services is expected to top $22 billion by 2021.[11] That may be a low figure. According to a 2015 survey, barely a third of businesses have the hardware or procedures to properly respond to e-discovery requests.[12] At the same time, legal departments are under pressure to streamline their operations, which means getting more from less, including e-discovery technology.
The remaining two-thirds of businesses need upgrades to their systems. This may include new equipment, new software platforms and training a new generation of lawyers and legal assistants in the new technology. This is an investment many companies cannot afford, which moves cost management to the top of the list for the e-discovery future.
The conundrum here is that the software which streamlines e-discovery the best is also the most expensive, and the people needed to run those programs aren’t cheap. In the end, all data that makes it through predictive coding is hand-read by staff, who also must be paid.
One 2017 survey found that companies spend almost $2 million on average per e-discovery case. About 70% of that goes to lawyers to review the data.[13] In fact, an industry is currently emerging that connects freelance lawyers, paralegals and legal researchers to e-discovery teams to review documents found by predicative coding.[14] Experts estimate that it may cost approximately $30,000 to review one gigabyte of ESI.[15] While these are expensive, non-conformance to e-discovery rules, with its attendant sanctions and other consequences, may be a worse and more expensive option.
More data, more problems
As time goes on, more and more data is produced by humans. In the US alone, people create 2.5 quintillion bytes of data per day,[16] the internet grows by 7.5% per year, 3.5 million text messages and 460,000 tweets are sent every minute, 3.6 million Google searches take place, etc.[17] All of that and more are potentially discoverable data. Searching through all of it is impossible, so predictive coding and other forms of machine learning are going to have to get much bigger and much faster.
A second facet of this unstoppable data explosion is the fact that information gathering is more and more intrusive. There are cameras all over the place, from red light cameras to cell phones. The “Internet of Things” has the potential to track every movement and every sound of everyone who owns a smart TV or smart refrigerator or thermostat. Internal corporate data platforms like Slack are also subject to e-discovery. These platforms are continually in development and constantly rolling out new applications. And new technologies and data platforms are coming along all the time. Who knows what the next Facebook or Twitter will be? E-discovery technology will have to be able to expand into all of it.
More and more mobile
Mobile devices and the data on them are discoverable ESI. But that data can be extremely difficult to access, and mobile communication apps like WhatsApp, iMessage and Signal are constructed around encrypted data that can disappear after a few seconds (although it may be stored in the cloud), depending on the app’s settings. One can only assume that these apps will get more sophisticated over time, and the discovery techniques will have to grow along with them.
Privacy, the GDPR, and international e-discovery
What happens when ESI is not just evidence but also the subject of the legal action itself? Especially when we are dealing with international law. The European Union implemented the General Data Protection Regulation[18] in mid-2018. The GDPR sets rules for protecting the data privacy of any user whose data is stored within any company that does any business in the EU. That includes many American businesses. But at the time the GDPR was implemented, fewer than a third of US businesses had compliant procedures in place.[19] The penalties for non-compliance can be severe, enough to threaten the existence of some small businesses.[20] At the same time, the FRCP and the terminology and rules of discovery in the EU don’t necessarily match up with each other—even to the point that “discovery” is called “disclosure” in England.
Conclusion
Thank you for viewing LawShelf’s course in E-discovery. We hope that you’ve gained some insight into this critical and evolving area of legal practice. We hope you’ll also take advantage of the other courses we offer in litigation and legal technology issues. We welcome your feedback and questions and wish you the best.
[1] Fed.R. Civ. P. 26(f)(2).
[2] United States Seventh Circuit Court of Appeal’s Model Discovery Plan
[3] See, e.g., Civil Form 52. Report of theParties’ Planning Meeting, U.S. Dist. Ct. N. Dist. Ala.
[4] Fed.R. Civ. P. 26(f)(3)(B).
[5] Fed.R. Civ. P. 26(f)(3).
[6] Fed.R. Civ. P. 26(b)(1) (proportionality analysis).
[7] Fed. R. Civ. P. 26(a)(1)(B); PhoenixFour v. Strategic Resources, 2006 U.S. Dist. Lexis 32211 at*19-20 (S.D.N.Y May 23, 2006).
[8] See Wiginton v. CB Richard Ellis, 2003 U.S. Dist. Lexis 19128 at * 12-13 (N.D. Ill. Oct 27, 2003).
[9] SeeIn re Livent, Inc. 2002 U.S. Dist.Lexis 26446 at *9 (S.D.N.Y.) (Defendant ordered to write down all steps taken to preserve emails).
[10] Fed.R. Civ. P. 30(b)(6).
[11] Global E-Discovery Market 2017 by Solution, Service, Deployment, Type, and Vertical – Forecast to 2021 – Research and Markets, Business Wire, (Apr. 19, 2017), https://www.businesswire.com/news/home/20170419005948/en/Global-E-Discovery-Market-2017-Solution-Service-Deployment.
[12] Inside E-Discovery: The State of E-Discovery According to Corporate Counsel, BDO Consulting, (Oct. 2015),https://www.bdo.com/getattachment/Insights/Consulting/Inside-E-Discovery/2015-BDOC-E-Discovery-report-WEB.pdf.aspx(reporting only a third of middle market organizations have adopted technology-assisted review procedures).
[13] Nicholas M. Pace & Laura Zakaras, Where the Money Goes, Understanding Litigant Expenditures for Producing Electronic Discovery, RAND Institute for Civil Justice (2012).
[14] Id. at 25.
[15] David Degnan, Accounting for the Cost of Electronic Discovery, 12 Minn. J.L. Sci. & Tech. 151, 151 (2011).
[16] Bernard Marr, How Much Data Do We Create Every day? The Mind-Blowing Stats Everyone Should Read, Forbes (May 21, 2018), https://www.forbes.com/sites/bernardmarr/2018/05/21/how-much-data-do-we-create-every-day-the-mind-blowing-stats-everyone-should-read/#669b12c660ba.
[17] Tom Hale, How Much Data Does the World Generate Every Minute?, IFL Science, (July 26, 2017), http://www.iflscience.com/technology/how-much-data-does-the-world-generate-every-minute/.
[18] General Data Protection Regulation, OJ L 119, 04.05.2016; cor. OJ L 127, 23.5.2018, https://gdpr-info.eu/
[19] GDPR:Most Aren’t Ready – Are you? Answers from a 2018 survey of 183 global,cross-industry businesspeople involved in preparing for GDPR, SAS Institute, Inc. (2018) (reporting only 8% of U.S. organizations fully compliant).
[20] Fines and Penalties, EU General Data Protection Regulation, https://www.gdpreu.org/compliance/fines-and-penalties/