For eDiscovery Risk Management, One Approach Does Not Fit All Companies

Synopsis Part 1:  For eDiscovery Risk Management, One Approach Does Not Fit All Companies

Conducted October 22, 2007

By K.E.H. Polanski writing for DCIG Inc

Andrew Cohen's legal responsibilities include managing teams within the EMC Legal Department that handle Mergers and Acquisitions, Litigation, Investigations, Employment, and Corporate Compliance responsibilities, including employee training and records and information management. In connection with his responsibilities, Mr. Cohen has implemented best practices in the areas of eDiscovery and litigation hold, records and information management, electronic matter management, and electronic billing.

Kelly:  Andy, one of the most frequently asked questions by CIO's and others worried about the cost of data management, is "how long do I have to keep my data, really?"  What do you say when you get asked that question?

Andy:  What we find is that many times clients are asking this question for the first time when they confront real eDiscovery to support litigation.  When they go through this process, they sometimes find out that there is a significant cost to a de facto "save everything" strategy.  Companies need a risk adjusted approach to information management, including to get them to the point where they can "defensibly delete" some of their content.  Simply applying traditional detailed processes for records management which try to outline an object-by-object or document-by-document metaphor are not practical because the volume of content is too great. 

Kelly:  What's causing this concern about eDiscovery to happen now?

Andy:  There are three drivers, the first of which is cost.  Organizations are piling up their data, and they know that this can't continue - it's not practical.  The next driver is concern about statutes and defensible policies, including to identify sensitive data that needs greater security and privacy.  And, finally, eDiscovery.  Going through legal discovery exposes problems in the data system and the organization's capability to meet discovery requirements.  It also puts more focus on the risk and cost of not meeting these requirements.

Kelly:  Are legal counsel willing and able to get actively involved in the process of defining IT requirements for eDiscovery, to help ensure that their organizations are better prepared to go through legal discovery when it happens?

Andy:  Some are.  Some organizations have very active legal discovery teams, such as in the oil and gas or financial services industries.  In these industries, there tends to be very well conceived governance structure and they are, in general, better prepared for eDiscovery actions.  In other cases, lawyers just don't want to get involved yet.  They see it, legitimately, as being outside of their domain of expertise to try to get involved with the IT side of the business.  In these cases, it tends to take legal action to get them involved - for example, Judge Scheindlin's famous set of rulings made clear that it was the in-house counsel who were directly responsible for eDiscovery and litigation hold.  The Federal Rules of Civil Procedure are driving the lawyers to get involved in understanding where the "sources" of information are, and how they are managed.  Those organizations with repeat litigation are thinking about how to make the process more efficient, including by putting in place "playbooks" for repeatable eDiscovery process, and "source maps" of where their data is located.  The lawyers, by necessity, are directly involved in this repeatable and cross functional (Legal, RM and IT) process. 

Part 2 of DCIG's interview with Andrew Cohen will appear next week.  You can read more about Andy's views on eDiscovery on his BLOG at:  http://andrewsblog.emc.com/