If you’re constantly re-tracing your eDiscovery steps, the culprit may be inefficient data identification.
Inefficient data identification is a seemingly innocuous mistake but one with lasting consequences—the eDiscovery version of starting the cake batter before checking for all the ingredients, or commencing that furniture assembly without reading the “What You Need” page in the manual. Data identification is the cornerstone of the foundation upon which your entire eDiscovery structure will be built. While missteps in some areas of eDiscovery can be quickly addressed and mended, data identification and collection missteps are not always as easy to fix. Therefore, it’s incredibly important to give those initial steps the thorough attention and thoughtfulness they deserve.
Data identification is not to be confused with data collection. Identification efforts must come first. When litigation occurs, it’s tempting to dive headfirst into data collection for that immediate sense of accomplishment—the feeling that at least you got the ball rolling. However, if you skip or even skimp on the initial data identification stage, it will cost you. The ball may be rolling, but if it’s not on smooth ground, the path will be a rocky one.
Deficient data identification practices drastically increase risk, create lasting eDiscovery inefficiencies, slow the process, and drive up costs. When you invest in proper data identification efforts at the beginning of your case, you will save time, money (including possible spoliation penalties), and general confusion among your team. Here are some rules of the road for your legal team from our experts, who live and breathe this process every day.
Talk to IT before you talk to custodians.
Again, it’s easy to make the mistake of going straight to your custodians and rounding up inboxes. However, your custodians won’t provide you with a proper lay of the land or the valuable top-down view from which you can drill and dig to identify data. Rather, conversations with your IT department are what will help you identify every source of data needed for your case. Talking to IT offers the highest chance at collecting the appropriate data, collecting the right amount, and doing it just once. Making IT your first stop helps you avoid going back to them weeks after working with custodians to make sense of what the custodians told you. (Note that in some cases, even IT may only manage specific applications, so proper data identification may require speaking with the application owners to understand how people use the system, how data is structured, etc.)
Make your questions count…and multiply.
Proper questioning is an art, a craft, and an investigation unto itself. It’s no accident that attorneys must affirm to the court that they did their due diligence with regard to eDiscovery. To fend off inefficient data identification mishaps, be ready for your initial questions to burrow and grow into other questions. In each conversation, know which questions are fully answered and which need follow-up or further questioning to provide your team with the full picture of the data landscape.
Start with whether a litigation hold is in place. This is important for both notifying potential custodians of their obligations, as well as for determining whether potentially impacted systems with legal hold features have been activated. For example, ask if the legal hold feature has been activated within Office365 for potential custodians’ email accounts and OneDrive folders. If the answer is no (which is likely to be the case more often than you’d expect), then an explanation and guidance on litigation hold must take place. As you work through that process, you will organically identify potential data sources that need to be investigated and/or preserved.
Through the data identification process, you’ll see how questions may branch off. Take, for instance, the question, “Do you allow your users to make PSTs locally on their machine?” If the answer is yes, then you may have to collect email from custodians’ local computers too, not just from the centralized email servers. As you ask and uncover information about each system, questions will beget more questions. It’s important to have an experienced technical expert who “speaks” IT’s language involved in that process to ensure that you don’t miss any of those important follow-up inquiries.
Help your custodians help you.
Another crucial step in combatting inefficient data identification is to correctly identify your custodians and determine where and how they store their data. Even if your company has a strong data management policy, in the ever-growing remote workforces, it’s increasingly difficult to know what data you have and where it all resides. End user data storage differences may seem insignificant, but if they are not brought to the attention of your eDiscovery team, you’ll encounter problems if data is later found to have never been identified or collected. (This was a concern even before the pandemic and is even more so now.)
Custodians know the most about the data you need. Custodians know where they store their data, and they know how organized—or not—their own storage habits are (stay tuned for future BIA blogs on “data hygiene”). They know what apps, systems, and storage locations (share drives, personal drives, etc.) they use—all the more reason to speak with IT in advance to clear up any confusion on the custodian’s part. So, how do you get the most information out of the custodians themselves? You need only to ask. Surprisingly, many legal teams overlook this simple but very effective step.
When interviewing your custodians, make sure that they fully understand both your questions and the importance of the process. Trust but verify their responses, and carefully interrogate the reality of what they tell you. Enlist custodians’ help in learning where and whom you need to move to next and what you need to ask once you’re there.
Wield the power of the Custodian Questionnaire.
As in your discussions with IT, good questioning practices with your custodians will save you many hours and dollars by preventing overcollection and rework. While it’s great to speak directly with custodians (especially key custodians), it’s always best to start by having them complete a Custodian Questionnaire (CQ). A robust CQ will help you obtain details about data types, locations, management, usage, storage and more—all wrapped up into a single report. You should examine the CQ responses across all custodians before you conduct any follow-up custodian interviews. That way, you can approach those discussions from an informed position, focus on the most critical aspects, and avoid wasting time on the basics.
Attorneys also can include fact questions in the CQs to further understand potential claims, such as: “Were you in the December 2020 Board meeting?” You might include questions about whether the custodian uses paper (or scans of that paper), and if/how they organize their email Sent folder. CQs are questionnaires after all, so no need to limit them. If you use CQs to their fullest extent, you’ll be surprised at just how valuable an intelligence tool they are, and how much more fruitful they make any follow-up interviews.
Bear in mind that CQs don’t have to be one-size-fits-all. In some cases, you and the legal team may find it useful to tailor questionnaires to certain groups, i.e., sales, executive, accounting, HR, etc. Nor is a CQ a one-and-done event. Once you have the answers to your initial CQ questions, you can always craft a second or even third CQ as a litigation evolves.
Indeed, when put to best use, CQs can be the least expensive yet most efficient and effective way to focus your data identifications and collections. In short, CQs will inform your case timeline and strategy, and they can play a significant role in cost savings by increasing efficiency in data collections, fact finding, and beyond.
Ask the experts.
As mentioned above, your IT department is a great first stop, but an even better place to start your data identification process is to get data experts on the phone at the very outset of your case. We often see clients skip this at the beginning because they think they have a handle on it (they are focusing on the task at hand, not the overall picture), or they are lost and don’t know where best to start. But even a tech-savvy attorney may not know all the right questions to ask because they aren’t neck-deep in systems, data mapping, and data identification/collection every day as is an eDiscovery or Computer Forensics expert who specializes in those areas.
Even when you retain an expert to assist, the data identification and collection process will still be the least expensive step in your eDiscovery process. A little help from an expert at the outset is the best investment you can make; it will help ensure you don’t waste vast amounts of time and money on the rest of the eDiscovery process by revisiting it at a later time.
Since 2002, BIA has been helping clients examine cases from the top-down, offering insight on an organization’s overall data infrastructure and clearing a path for legal teams to excavate further with confidence and assurance of defensibility. Our experts can help you build a tailored Custodian Questionnaire or develop your own Data Identification Protocol—a documented plan that you can use, re-use, and update with every case. We can coach your team on how to start the process and what to ask. Inefficient data collection doesn’t have to plague your legal team, your case, or your budget—we invite you to reach out so we can show you how.