The smartest thing I know about information governance and defensible disposition is this: Concentrate on focused projects. CMSWire put it this way in a summary of Symantec’s 2012 State of Information Survey:
Concentrate on focused projects. Give attention to specific initiatives such as compliance, e-discovery and data privacy. With specific goals, procuring an adequate budget will be easier. Implement technologies with a high ROI such as e-discovery, archiving, de-duplication, and data loss prevention solutions.
OK, let’s focus. If we focus on e-discovery, which specific projects should we start with? The way to start answering this question is to focus on the two most important variables that you want to impact: risk and cost. Now we ask:
- Which e-discovery stages will reduce your risk most effectively?
- Which e-discovery stages will reduce your costs most effectively?
- What’s a plausible roadmap for fixing your e-discovery process?
The most fruitful conceptual advance in helping firms address e-discovery has been the decomposition of the complex discovery process into simpler distinct sub-processes, each of which can be understood and tackled separately. Kudos to the Electronic Discovery reference Model (EDRM) and EDRM.net for getting the ball rolling 9 years ago and providing a standard that’s proven to be both useful and widely adopted. There’s nothing comparable in other areas of enterprise content management (ECM) – definitely not any version of the “content lifecycle” or “information management”. But many firms are unclear regarding which activities in the discovery process have the most impact on risk and cost (and risk versus cost, if there are substantial differences).
This post briefly explains how each EDRM activity addresses risk or cost, and then suggests a roadmap for firms with typical e-discovery requirements.
The graphic below chunks up the EDRM into some typical bigger pieces, adds a box for “E-D Process Management,” and indicates whether each is more associated with risk (R), cost (C), or both risk and cost (RC):
As you can see,
- The activities most relevant to risk are Information Management (IM), the Left Side activities (Identification, Preservation, Collection – or IPC), and Process Management (underlying both left and right sides).
- The activities relevant to both risk and cost are IM, IPC, and Early Case Assessment (one example of Process Management).
- The activities that address primarily cost are the Right Side (Processing, Analysis, Review – or PAR) and Production & Presentation (PP).
We get a first cut at a roadmap by taking the above analysis and factoring in what it takes to get an effective impact (primarily time, effort, and money). So, for example, if you’re bleeding through the eyes because of discovery risk, you should start with activities that will start fixing things quickly. We recommend the following set of guidelines to help you decide how to tackle your e-discovery challenges:
1. If you must immediately reduce risk in discovery, then focus on improving the Left Side and Legal Hold Management. Most firms are aware that they could do a better job at Identification, Preservation, and Collection, but they may not clearly understand how they can improve their situation by addressing the legal hold process. Legal Hold Management improves your effectiveness in sending out hold orders, tracking responses, managing multiple holds that might extend over several years, and providing an audit trail for everything you did. In looking at discovery readiness programs, Doculabs has found that some of the firms with the best legal hold process management don’t actually use any legal hold software (e.g. from IBM Atlas or Exterro). They’ve just developed a solid process and have implemented it well. One drawback we’ve found, however, is that these manual workflows for legal hold management can’t scale if they get substantial increases in case volume or complexity (without adding more and more bodies – and that fails pretty quickly, anyway). So consider Legal Hold Management software.
2. If you want any significant long-term decrease in risk and cost, address your pre-trigger information management. It’s easy to show how using content management, email archiving, and records management to reduce your volume of electronically stored information (ESI) will lead directly to decreased costs and risk. There are several ROI calculators available online (e.g. here and here). Doculabs uses its own – just let me know and I’ll send it to you and show you how to use it. These technologies impact cost and risk by providing (pre-trigger) de-duplication, ensured retention and disposition, version control, and search, thus making Identification, Preservation, and Collection much simpler and easier. Improving your information management will definitely require changing the behavior of your employees, as well as some systems for content management. It requires a long-term initiative and won’t have an impact as quickly as Identification, Preservation, and Collection and Legal Hold Management, but its overall impact on risk and cost will be greater. Everything you know about chasing down your escaping livestock versus fixing your barn applies here: The first recommendation helps you catch your runaway cow, while the second helps you secure your doors.
3. If you want to focus on decreasing your discovery costs (rather than risk), then address Processing, Review, and Analysis and Early Case Assessment. Your firm is in great shape if you are focusing primarily on costs rather than on both costs and risks, or primarily on risk alone. Typically, this means that you’ve gone through steps 1 and 2 (above), or are in an industry where the ESI relevant to discovery is well defined and not voluminous. In other words, you have a relatively narrow funnel of ESI that has to be processed, analyzed, and reviewed. Since Analysis and Review are the most expensive activities in discovery, the fact that you have a reduced ESI set means that your Right Side costs will be lower. You can reduce them even further by addressing Processing, Review, and Analysis (PRA) with software (e.g. from Veritas, Recommind, and many others), or by reassessing your PRA service provider approach. A growing trend today is to bring routine or simple PRA activities in-house. But doing so even for simple PRA activities requires that you have your act together.
Early Case Assessment (ECA) is an exciting emerging area that belongs to the category of E-Discovery Process Management. (Legal Hold Management, discussed above, is another.) The idea is to help you make optimal decisions about how to address each particular case, starting with the trigger event. We suggest that you take on ECA after you’ve tried some of the other approaches because doing it effectively requires that you have a handle on some of the other issues first (like being at least fairly competent in Identifying, Preserving, and Collecting relevant ESI). If you try to do ECA without a foundation of ICP, you’ll end up doing ICP first anyway – just misleadingly labeled as “Early Case Assessment.” At this point, many of the vendors aren’t really ready to do ECA, either: Many ECA offerings are really just re-labeled ICP products (without substantial workflow or “assessment” capabilities).
4. What about Production and Presentation? Compared with the other discovery activities, these have comparatively low impact on cost and risk. If they aren’t dramatically broken, leave them alone and focus on other activities.