Be more strategic with your eDiscovery data collections.
Proper preservation and better eDiscovery data collection efforts can serve as the “silver bullet” to any eDiscovery data spoliation claim. Now let’s talk about how targeted eDiscovery data collections will, without question, save larger organizations millions of dollars.
First things first, if your organization is still forensically imaging entire hard drives in response to civil litigation, you probably need to stop doing that right now. Hard drive imaging in legal matters is a practice that arose from essentially replicating what law enforcement did with computers in criminal matters, but it is clearly overkill in civil matters.
When law enforcement wants to obtain digital assets, they get a warrant and generally seize everything in sight. With rare exceptions, that just doesn’t happen in civil matters – and it shouldn’t. But, speaking conceptually, if you are imaging hard drives, that’s basically what you are doing – taking every digital asset in sight, regardless of whether it will ever be useful in the litigation.
Another way to think about it is to compare collecting digital information to collecting paper files. You would never go into your client’s office and blindly copy every piece of paper from every filing cabinet, desk drawer, garbage can and shredder, right? Of course not! You’d speak to the employees (a.k.a. custodians) and find out where the relevant information is most likely to exist, and target your paper collections to that.
Using targeted data collections is key.
Your approach to digital collections should be no different. Just like you wouldn’t blindly copy every piece of paper in sight, you shouldn’t blindly copy every hard drive and other digital assets. Instead, you should target your data collections to that data most likely to contain relevant information – the user-created data files. That is not only defensible, but it can have a surprising impact on your costs, not to mention data security.
The first place you will see savings is in your costs for the data collection process itself. Forensic imaging is much more disruptive and costly than targeted collections. With forensic imaging, you often have to pay for expert services, or at the very least, the two-way shipping costs of remote forensic imaging solutions. In addition to that are the soft costs that often include hours of employee disruption (and the loss of revenue and productivity tied to that) and the general apprehension caused by the entire process.
Juxtaposed to that are targeted data collections, typically performed remotely, and that have very little impact on employee productivity (usually 10-15 minutes), and generally no costs beyond a simple, low flat fee. With the right legal technology solution and methodologies, the employee gets an email, clicks a link, walks through a brief wizard, and voila, the employee’s user data is identified, forensically copied and encrypted, and uploaded for processing and review – simple, fast and remarkably affordable.
Beyond the immediate direct costs of the collection is the sheer size and scope of the data leaving your organization with forensic imaging, which has both data security and cost implications. It’s axiomatic that the fewer data leaving your organization, the better.
With forensic images, you can expect well over 250 GB per custodian, including all sorts of data you and your users don’t even really know about (including deleted data, partial file data and much more). Compare that to an average of around 10 GB of user-created data being collected with a targeted data collection process, and the differences are readily apparent.
Full forensic disk imaging is not the solution.
In short, if you are using forensic images as your collection method, it’s likely that more than 95% of what you are collecting will be trash. Again, it’s like collecting every single piece of paper, only to decide later that the vast majority can be discarded. You would never do that in the paper world, so why are so many organizations doing it with digital data? Sure, it can be easy to just copy everything, but just because something seems easier, doesn’t make it right.
Of course, the more custodians you have, the more this issue becomes critical. For example, if you have a case with 50 custodians, using forensic images means that you’ll end up with around 12 TB or more of data as your starting point, while targeted collections will result in probably about 500 GB. Even if your eDiscovery vendor gives you a “cheap” option for culling those forensic images, it’s still wasted money – and often more important – a lot of wasted time. And ask your CIO or IT manager if s/he is more comfortable with 500 GB leaving the organization or 12 TB – although, you probably already know the answer to that.
There are always exceptions to consider.
Now, as usual with any legal issue, there’s one caveat. If you are really investigating some activity, dealing with a matter that has actual or even potential criminal ramifications, or you need to access deleted files, then a forensic image may be more appropriate. But absent that – and the vast majority of data collections done for civil litigations fall outside those rather limited exceptions – targeted collections should be your default collection method.
Doing so will save you countless time and money, and your entire team will appreciate the results of performing these better eDiscovery data collections.
For other ways to learn how to save money with your eDiscovery strategy, check out our article, The Value of Managed eDiscovery Services.