Data, Data, who’s got your data
The ‘other’ risk of litigation
Common sense dictates that litigation is risky and costly. Most organizations employ sophisticated measures to reduce the chance of litigation, reduce the cost of unavoidable litigation, and adherence to governance regulations to avoid additional risk, penalties and loss. Since the emergence of electronically stored information as the predominant form of business communication, the cost of litigation; hold, collection, processing, and review, has skyrocketed. In the days of paper based communication and litigation, a million document case was among the largest. Today that could represent only one custodian. A multitude of technologies and processes entered the litigation support market focused on reducing the overall cost of litigation as conventional methods could not sustain under the deluge of electronic data. Technologies from automated hold, early case assessment, near duplicate detection, email thread grouping, conceptual searching, and predictive coding have all been introduced and adopted in an effort to mitigate the cost and prevent the collapse of the litigation process into automatic settlement. One important victim in the wake of these conditions is the protection of corporate intellectual property.
Prior to electronic data, there were many cases where the paper collection could only be accessed at a secure location. Tracking, logging, and destroy orders were practices utilized to protect the valuable information of the clients. Since the onslaught of the volumes of data, these precautions are rarely used. While chain of custody is accounted for, very few cases log, track, or remove all copies of non-responsive data. The processes and technology of the current litigation practice focus on culling the data to a manageable volume. Early Case/Data assessment can filter out 80% – 90% of the non-responsive data, and while the discarded data may not be relevant to the case, it certainly can be relevant to the corporation. Perhaps we should think less in terms of ‘data’ and more in terms of ‘intellectual property’.
Consider what happens to a client’s intellectual property once it’s collected; it leaves the confines of the corporate protection and is sent either to a law firm or directly to a service bureau (or their data center). The media is logged (for chain of custody), and then copied to a staging area for processing. Once the data is ingested into some sort of tool, it is then filtered and searched to reduce the set to potentially relevant data only. The remaining data is exported from the processing tool and then imported to a review tool. That exported data may also be shipped again on new media to the review hosting site, where the media is logged, data copied once again, then imported. The data is reviewed, issue coded and produced to opposing counsel, where it is again shipped, logged, copied, and imported. The process is both cyclical and iterative, and happens multiple times for the same case, as most data is collected, shipped, processed, and reviewed in groups to expedite the process. In addition, the data is likely backed up for disaster recovery and stored to tape, disk, or the cloud. Ultimately, the lion’s share of collected data is sitting in multiple locations, most of which are not behind corporate firewalls. I know of only a few cases where all copies are logged, tracked, and destroy orders are deployed and confirmed. This protection of corporate IP has become a casualty of the need to deal with the large volume of data in today’s world, as well as the cost associated with litigation requiring access to that data.
I believe there are several potential solutions to protect the property of corporate America without a negative impact on the attempt to control costs, and potentially benefit both requirements. At the very least all data copies and exports should be logged and tracked. Data destroy orders should be considered, managed, and used appropriately. Since technology created most of the problems with the propagation of information due to modern advancements, technology should be able to resolve these issues.
Corporations have their own data vaults, data centers, and many currently use managed services for other areas of operations. These same techniques can and should be applied to the litigation arena. Data can be collected in-house, by outside vendors if needed. Electronic data processing is virtually all hardware resource centric, with experienced personnel managing the process. Data can be processed at the corporate data center, using corporate hardware behind corporate firewalls. Managed service partners can provide the expertise, knowledge, and management of the process so the intellectual property never has to leave the corporate environment. Today’s large case review tools are browser based, so outside counsel can access the data without the need to ship it. There are tools that will process the data, allow early culling, full review, and production, without the need for multiple imports and exports. This paradigm, along with the technology for reducing the review time, such as analytics, visualization, threading, predictive coding, and attorney work-product reuse, would offer a best case scenario in terms of time, cost, and protection.
Law firms specialize in the law, and should not be expected to specialize in data transfer, processing, and tracking. Service bureaus specialize in processing data, project management, workflow, and customer service. It should be irrelevant to both entities where the data, hardware, software, and tools reside, even if more than one software tools is required as long as the data is protected properly.
There’s no place like home. That is especially true when it comes to a corporation’s intellectual property. The risk to data at large is serious, but has taken a back seat to the wildfire of data explosion. Using the tools and knowledge available in the industry, these problems can be brought under control and allow the civil legal system to perform its function by protecting everyone’s right to defend, while protecting their valuable business knowledge.
About the author:
Richard Ruyle has been involved in software development for vertical markets for over twenty years, including complex database solutions. He currently serves as CTO/CIO for IPRO Tech which has been developing leading edge technology solutions for the litigation support industry since 1990.