What is the C-Level’s role in eDiscovery and why does it matter?
The importance of the C-Level’s role in eDiscovery decisions may seem more obvious today than in years past, especially as eDiscovery intersects more and more with data privacy, data security and other concerns within the C-Suite purview. Still, in many organizations, even though decisions about eDiscovery solutions have far-reaching ripples in the corporate-wide pond, the C-Suite is not always involved in those decisions. So why is it that C-Levels often remain absent from the table when it comes time to make big eDiscovery decisions?
The truth is: in many instances, eDiscovery snuck up on the C-Suite. For years, many companies treated eDiscovery decisions as special functions that only affect the legal and IT departments—or so they thought. When those departments found themselves suddenly neck-deep in new litigation, they didn’t have time to step back and evaluate from a broader perspective the solutions they were rapidly deploying to accommodate an immediate need.
To make matters worse, until recently most organizations lacked the cost and implementation controls needed to apply the same level of scrutiny to their legal spend as they did for normal business operations. This left the door open for eDiscovery decisions to happen in a vacuum, outside the procurement and vetting processes that an organization might otherwise employ for their primary business systems and solutions. In short, when it came to legal costs, organizations tended to shrug off untracked budgets, accept the myth that litigation costs were impossible to control or predict, and simply give in. (That started to change with the last recession when organizations were forced to look in every corner to save costs.)
Once companies realized that their legal spend was at least somewhat controllable, the C-Suite got involved. With C-Suite involvement came the disciplined, methodical approach that organizations typically apply to every other area of their businesses. The C-Level’s role in eDiscovery is not just about selecting software solutions. It’s about establishing default workflows and creating repeatable processes—in short, applying C-Level thinking to an area once thought immune to such considerations.
Organizations that do bring those C-Level processes to bear and emphasize the C-Level’s role in eDiscovery decisions will start to see results such as:
- Taming of the otherwise chaotic and disruptive process that can have detrimental effects on the organization’s core operations;
- Ability to reduce or eliminate those soft-cost impacts;
- Significant real external cost savings, both in terms of eDiscovery costs and other legal bills;
- Ability to take the best solutions and leverage to other areas as well, bringing a true ROI analysis to an area once considered uncontrollable.
Which C-Levels should have a role in eDiscovery, and how?
As an introductory note to this section, while we talk here in terms of specific titles, we also realize that individual companies might have different titles or define the responsibilities of those positions somewhat differently than presented here. Our focus is on the individual C-Level’s role in eDiscovery, so no need to get lost in the title itself if your organization doesn’t have one or all of the positions named below, or if the individual responsibilities fall under a different position than referenced here. Much more important than the actual position titles is the bottom line: making sure the right people are involved in your eDiscovery discussions, considerations, planning, and implementations.
CLO/GC (Chief Legal Officer/General Counsel)
This is the leader of the corporation’s legal team. Yet, their involvement in eDiscovery—a key component in a legal team’s success—is often overlooked or even entirely delegated. Ultimately, it is the job of the CLO or GC to make sure that every defensibility box is checked, from preservation, to collection, to processing, to review and productions. Continuity and repeatability are critical not just to controlling costs, but to ensuring defensibility and resiliency, both internally and externally. Rather than making these decisions in a vacuum, CLOs or GCs should proactively bring in other C-Levels as outlined below to address their needs and requirements as well. It’s also essential to involve those in the trenches who will be employing those solutions and processes; any solution considered should truly meet their needs and accomplish their ultimate goals efficiently and effectively.
CIO/CISO (Chief Information Officer/Chief Information Security Officer)
A CIO or CISO’s job is to manage information. eDiscovery revolves around information, so there should be no question as to why these C-Levels should be involved in high-level decision-making about eDiscovery. Indeed, when vetting new systems that ostensibly have nothing to do with eDiscovery directly (e.g., the adoption of new internal collaboration platforms like Teams or Slack), CIOs should be considering how those systems will accommodate eventual regulatory and eDiscovery requirements. The CIO should make sure that the analysis of any eDiscovery solution takes into account all of the organization’s systems and data resources, too. With ever-increasing regulations on data privacy and protection, the CIO/CISO’s role in eDiscovery will only become more crucial, as any prospective processes or solutions will require vetting through the information security lens as well.
CFO (Chief Financial Officer)
As the primary steward of corporate expenses, naturally the CFO is concerned about costs, both in terms of software solutions and professional services of all types. Here again, though, the CFO is perhaps the most commonly forgotten role in the eDiscovery process. A company’s eDiscovery expenditures can vary hugely depending on the solutions chosen and how those solutions are implemented, whether that be the selected technology itself or the cost models for document review services. The CFO should be part of the team that evaluates the total costs of the solutions selected. If you’re a CFO, eDiscovery might sound like something only the lawyers need to worry about. However, if your job is to watch expenses, then you should examine your organization’s eDiscovery (and general legal) spend. Even the most basic understanding of eDiscovery can help you control those costs because it enables you to raise important questions like:
- How many active cases do we have?
- How much data are we hosting?
- Have we looked at centralizing our efforts so we can reuse work product and leverage our spend across all our matters?
- Are there alternative providers that we can use for some legal services, particularly document review, that may be an order of magnitude cheaper than traditional law firm services?
Once a quarter, CFOs should ask their GC for a report on eDiscovery spend to confirm that those questions (and more) are being addressed.
CTO (Chief Technology Officer)
The CTO should take a leading role in technology decisions both inside and outside of the organization. As the head of technology, their presence is crucial during the procurement and implementation phases of an eDiscovery solution. It is on the CTO to conduct thorough security assessments and evaluate a prospective eDiscovery provider’s policies around:
- data location and boundaries;
- physical and environmental security;
- cryptographic and other data security controls;
- incident management and disaster recovery policies;
- …and more.
These are all areas that a CTO oversees with respect to any core business system or solution, and it should be no different when it comes to eDiscovery solutions.
CCO (Chief Compliance Officer)
It is the CCO’s duty to keep a company functioning within all applicable legal, regulatory, and ethical standards and requirements. Like the GC, a CCO should never be caught off guard by any one of the many mechanisms that comprise the eDiscovery process. Consider the recent data breaches at law firms across the country. It’s bad enough for a law firm to get hacked. If the CCO hasn’t been paying attention and the firm has twenty years of data stored because nobody asked them to delete it, or if data creep has been happening across multiple outside counsels, things quickly go from bad to worse. If said data breach contained PII that never should have left the organization, it can be catastrophic. In the end, it’s an organization’s most sensitive data that’s often wrapped up in litigation; it’s much better to proactively protect and appropriately handle that data from the outset than it is to deal with the fallout later.
CHRO (Chief Human Resource Officer)
From hiring to firing and everything in between, the CHRO’s job involves personnel and data management. For a CHRO, even a rudimentary knowledge of the eDiscovery process can serve as a powerful tool in addressing HR tasks and issues. For example, CHROs would be well advised to use social media investigation as part of the vetting process for significant new hires. They should know how to navigate the systems housing that data, and they should understand the difference between a DIY internet search and a thorough social media investigation performed by forensics professionals. An organization’s eDiscovery tools and processes can come into play when dealing with exiting employees as well. (At BIA we’ve even helped HR departments use their litigation hold notification systems for general employee notifications, policy distributions, and other HR needs.)
CEO (Chief Executive Officer)
At the top of the corporate pyramid sits the CEO, the ultimate team leader. CEOs may not need a deep understanding of eDiscovery, but certainly they should understand its importance. It’s easy for eDiscovery to get ignored and/or shuffled off to the hands of outside attorneys handling the cases—that is how the cost ballooning so commonly associated with eDiscovery begins. CEOs need to keep eDiscovery on their radar, making sure it’s being addressed and not ignored. Check in with your CLO/GC to make sure they are leading the charge and employing the same controls and process standardization that you’d expect of the core business departments. Communicate openly about the C-Level’s role in eDiscovery, and make sure that your essential C-Levels are appropriately involved as outlined here. If you are a CEO and you don’t have a keen eye and ear on eDiscovery at your company, you can expect to see unwelcome problems like:
- ad hoc processes;
- no continuity across matters;
- reinvention of the wheel with each new case;
- data leakage;
- increased legal spends; and
- cracks in defensibility.
Dear C-Levels: Please claim your place in eDiscovery.
If there is a “C” in your title, you have a seat at the decision-making table, and you should fill it. This holds true whether you’re at the helm leading the charge or contributing to early planning, procurement, implementation, operation, or any other area of eDiscovery. Ultimately, someone at your company is making important decisions around eDiscovery, whether you’re aware of it or not. Those decisions will impact you, your teams, and your budgets, so you should be involved in making those decisions. No C-Level (or company, for that matter) wants to see money wasted or their company make headlines for failing to protect or properly manage sensitive data. Stay informed, be involved, and treat eDiscovery just like you would any core element of your business. Having done so, you can rest assured as you begin to reap those A-level rewards.
BIA has spent twenty years advising companies of all sizes and working with executive leaders at every level. Fortune 500 companies, healthcare organizations, and law firms of every shape and size look to us for eDiscovery maturity assessment and training at each step of the EDRM. To learn more about the C-Level’s role in eDiscovery, reach out today so our team—our C-Levels—can help you get full control of the entire process.