The days when e-discovery consisted of handing over copies of e-mails to address Freedom of Information Act (FOIA) requests, compliance regulations or other legal obligations are over. Now, it's just as likely that the process of discovery will also entail coming up with relevant presentations, text messages, social media posts and Internet of Things data, according to a new research report on the topic of e-discovery.
As author Osterman Research stated in the report, six in 10 managers are at least "somewhat worried" that their organizations will be sued. Four in 10 anticipate an increase in the number of e-discovery requests they'll face over the next 12 months.
Electronically stored information, or ESI, is growing, making the e-discovery process more challenging for those trying to comply with a request, Osterman said. A 2016 survey found that organizations stored a mean of 49.3 gigabytes of e-mail data per user and that total messaging-related storage during the previous 12 months had increased a mean of 18 percent. With growth at that pace, the data per user will reach 133 gigabytes by 2022.
The ability to retain, find and produce various types of content varies, according to the survey. For example, 80 percent of respondents said they were "well prepared" or "very well prepared" to handle email up to one month old. That dropped to 57 percent for email older than six months. On the other hand, participants didn't show nearly the same level of confidence for other types of content:
- Content stored in Office 365: 44 percent
- Content stored by employees in cloud storage systems: 20 percent
- Instant messages: 18 percent
- Content stored in online applications such as Slack, HipChat or Jive: 12 percent
Also, data generated by Internet of Things devices "will increasingly be subject to e-discovery." The report noted content from an Alexa-enabled Amazon Echo device that was requested for a 2015 murder investigation. And "at least five U.S. states now use data from automobiles' vehicle event data recorders to determine the speed at which cars were traveling when they were involved in an accident."
"As the proportion of electronic content shifts primarily from documents created by humans to data generated by things," the report stated, "we anticipate a growing proportion of discoverable content will come from the latter."
The use of the cloud won't release organizations from their responsibilities related to e-discovery, the report emphasized. The cloud is making an impact on e-discovery in two ways. First, the cloud is where the goods are increasingly kept. That means that "e-discovery capabilities will need to adapt not only to the shift in venues where data may be found but also to any limitations that may be imposed by the cloud on e-discovery efforts, such as the speed of search from cloud-based data repositories that are accessed from Internet connections that may not always be adequate to the task at hand." Second, more cloud vendors have begun to offer e-discovery, archiving and other capabilities, which can make the work of e-discovery easier for the client.
The report offered several best practices related to e-discovery work, including three "basic principles" decision makers are encouraged to follow:
- Retain only what's necessary and only for as long as necessary. The report advised, "When records can be safely deleted, the deletion process should occur quickly with a carefully prescribed plan for 'defensible deletion.'"
- Be ready to "rapidly identify suspect or non-compliant content." Having a standard response for dealing with this kind of content, the report explained, will help prove that the organization is being proactive in dealing with it.
- Manage content to minimize risk. The approach should encompass systems, policies and training to minimize legal compliance risks, such as "inaccurate identification of content for retention, systematic failures to delete appropriate content and insufficient care by employees in following corporate policies."
"There is a lot at stake for firms that are not ready to respond quickly and appropriately to e-discovery requests. And, as this paper outlines, cobbling together manual processes and calling it a 'compliance' program has become unacceptable to insurance companies and the courts," said Founder Michael Osterman in a prepared statement. "So, business and IT leaders would be well advised to immediately take a proactive approach to their e-discovery readiness and, in doing so, enable their firm to stay competitive, avoid the consequences of non-compliance and earn the trust and loyalty of clients."