Reported by:  Alexis Gambetta /The Posse List

The functions of managing record retention and disposition, electronic discovery, data privacy, audit trail, etc. are inter-related.  In fact they are more than just inter-related, they are part of an emerging underlying concept: information governance.  Organizations need to avoid siloing these governance functions into separate solutions.  Instead they should look at them holistically and integrate them into unified corporate information governance programs.

That was the big take-away from the double-session on backup, archiving, and information management.  But it was also a bit more nuanced than that.  And this was a double-session panel and they covered a lot of territory.

The panel:  Annie Goranson (Discovery Attorney, Symantec Corporation);  George Socha (Socha Consulting); Hon. Ron Hedges; Denise Backhouse (Associate, Morgan Lewis);  Mikki Tomlinson (Litigation Support Manager, Chesapeake Engergy); and Jonathan Moskin (partner, Foley & Lardner).

First, some concepts and definitions.  Backup and archiving each have a different purpose.  Backup and archiving are two distinct processes with different objectives and requirements.   With backup, the objective is to ensure that a recent copy of production data is available for recovery in the event of a disaster, outage, or accidental loss.   The process is to make a copy of production system data and store it until overwritten by a new version.   With digital archiving, the objective is to enable the long-term retention and management of digital assets to satisfy regulatory compliance, audit, litigation support, records management, data management and new business process requirements.   The process is to remove records from production systems, and to preserve and keep them available for easy access and reference until the retention period has expired or the  data possesses no more business value.

Backup

Backup technologies have long provided effective recovery options for systems subject to data loss from human error, hardware failure or major natural disasters. They are ideally suited for quick restoration of large amounts of lost information and can return complete systems to full operational capacity in a short period of time. However, backup also is a major pain point for storage administrators. Massive amounts of data can strain the ability of backup infrastructures to keep up.   But time required to back up data is shrinking, and the ability to quickly restore information is significantly improved.   A walk around the vendor floors would have told you that.

However, these technologies will be only stopgap measures if the uncontrolled growth in the amount of data requiring backup isn’t curtailed. This becomes a real danger when a company treats backup as a single solution for both data protection and data retention, resulting in highly ineffective and inefficient data management.

File Archiving

By introducing file archiving, corporations can improve their service levels for backup and recovery while reducing backup costs. File archiving can also meet regulatory requirements for data retention, managing files with complete knowledge of the file system and document metadata, as well as knowledge of the files’ content. A file archiving system moves or copies files according to the value of the actual content. They also find and retrieve individual files based on their content, which could include any number of parameters, including author, date and customized tags such as “audit” or “Sarbanes-Oxley.”

To effectively manage data, file archiving systems discover all files on a network and provide an inventory of unstructured data (for a definition click here). During the discovery process, the systems collect file system metadata and extract file contents, building a foundation for data classification and application of information governance policies.

A file archiving system must provide the following capabilities:

– Be content-aware. For example, it should index the content in the documents, not only the file system metadata.

– Populate customized metadata tags by extracting information from content.

– Prune production storage by using policies to archive information to the appropriate tiered storage level.

– Archive a subset of data (defined by archival policies) selectively to meet regulatory compliance and corporate information governance rules.

–  Provide quick access to archived data.

So file archiving and backup systems have two distinct and complementary functions within an enterprise: backup for high-speed copy and restore to minimize the impact of failures, human error or disaster; and file archiving to effectively manage data for retention and long-term access and retrieval.

But the two can intersect

Backup and archiving processes can intersect at two specific points.  First, IT should archive inactive data to free up capacity on primary storage and servers, and reduce the amount of data that needs to be backed up regularly from these systems. If the data being protected is old, unchanging or rarely accessed, but still needs to retained, there’s no reason to keep the information on production servers and storage. That data can be archived and moved to lower cost storage where it will still be accessible. This takes the aged data out of recurring backup operations. Organizations can complete backups much faster and save money on tertiary media by archiving. The brute-force alternative is to simply delete old data from primary systems. However, this would put an organization at risk of being out of compliance with regulations and limit the opportunity to leverage the information for other business purposes.

The second point of intersection involves adding information archive systems to the backup schema for data protection purposes. Efficient archiving mandates that the data doesn’t reside anywhere else (because it was moved from primary systems). As such, IT must back up the archive system as part of the backup schema so that archived data is also protected appropriately.

Issues around accessiblity and inaccessibility of data

FRCP 26(b)(2)(B) states:

(B) Specific Limitations on Electronically Stored Information. A party need not provide discovery of electronically stored information from sources that the party identifies as not reasonably accessible because of undue burden or cost. On motion to compel discovery or for a protective order, the party from whom discovery is sought must show that the information is not reasonably accessible because of undue burden or cost. If that showing is made, the court may nonetheless order discovery from such sources if the requesting party shows good cause, considering the limitations of Rule 26(b)(2)(C). The court may specify conditions for the discovery.

So how are these accessible/not accessible issues examined?   A documented accessibility analysis is essential to backup a litigant or investigator’s determination that data is inaccessible:  failure to maintain such documentation can be extremely costly to both you and your client. The Federal Rules of Civil Procedure require a thorough accessibility assessment in order to successfully claim that data is inaccessible under the FRCP.   Rule 26(b)(2)(B) prevents discovery from inaccessible sources only where the requesting party meets its evidentiary burden of showing good cause for the discovery, subject to the limitations of Rule 26(b)(2)(C).

The Rule means that a party is not required to respond to requests for inaccessible electronic information and produce at any cost.  Rule 26(b)(2)(B) of the Federal Rules of Civil Procedure provides that  a party need not provide discovery of electronically stored information from sources that the party identifies as not reasonably accessible because of undue burden or cost.  (Available at http://www.law.cornell.edu/rules/frcp/Rule26.htm).  

Six common types of electronic media ranging from the most accessible to the least accessible include:

* Active online data, usually magnetic disks, used in the most active stages of the electronic record’s life, such as computer hard drives (active data);

* Removable magnetic and optical media (active data);

*  Cell phones, i-pods, Personal Digital Assistants (PDAs) (active data);

*  Offline storage/archives used for disaster recovery (inactive data);

*  Backup tapes or compressed data requiring sequential access (generally, backup tapes are not organized for retrieval of individual documents) (inactive data); and

*  Erased, fragmented or damaged data that are only retrievable using sophisticated forensic tools and professionals (inactive data).

But these rules are changing as the technology has become more advanced.  The analysis of accessibility depends on the software application used to store and/or archive the data, the operating system, the presence or absence of encryption, the data format, existing records (i.e. an index of the media content), age, and storage method.  Courts and industry guidelines have tried to classify data into two categories active and inactive the later being (usually) considered inaccessible.  Sedona Principle 8 provides that: “The primary source of electronically stored information for production should be active data and information.  Resort to disaster recovery backup tapes and other sources of electronically stored information that are not reasonably accessible require the requesting party to demonstrate need and relevance that outweigh the costs and burdens of retrieving and processing the electronically stored information from such sources, including the disruption of business and information management activities.”  See Redgrave, Jonathan; The Sedona Principles (Second Edition) Addressing Electronic Document Production (2007 The Sedona Conference) (Available at http://www.thesedonaconference.org/dltForm?did=TSC_PRINCP_2nd_ed_607.pdf).

The panel also suggested some cases:

Phillip M. Adams & Associates, L.L.C. v. Dell, Inc.  where the court  held that the defendant’s practice of having employees archive email did “not establish the good-faith nature” of the defendant’s data management practices. Also, Fed. R. Civ. P. 37(e) did not provide a “safe harbor” for email apparently not saved by employees because the fact that the defendant had backed-up servers on which it stored financial data demonstrated that the defendant “does know how to protect data it regards as important.”

Capitol Records vs. MP3tunes During the course of discovery in this copyright infringement case, several disputes arose related to the burdensome nature of the parties’ respective requests for production.  The battle went back and forth, with one party claiming it had ineffective search software.  The court stated: “The day undoubtedly will come when burden arguments based on a large organization’s lack of internal ediscovery software will be received about as well as the contention that a party should be spared from retrieving paper documents because it had filed them sequentially, but in no apparent groupings, in an effort to avoid the added expense of file folders or indices.  Nonetheless, at this stage in the development of ediscovery case law, the Court cannot say that the EMI Labels’ failure to acquire such software and to configure its systems to permit centralized email searches means that its burdensomeness arguments should be disregarded.  I therefore conclude that the EMI Labels’ email files that MP3tunes seeks to search are not reasonably accessible within the meaning of Rule 26(b)(2)(B)”.

Social media and e-discovery

The panel ended with a discussion of the increase in Web 2.0 activity.  If anything, social media are more easily discoverable than just about any other form of user-generated content.  And it is fraught with issues of privacy and technical issues arising from these content sources.  But the big issue is enterprise applications.  As has been reported, increasingly companies are moving to advanced enterprise social media platforms as a way of improving internal collaboration and making projects run more smoothly and effectively. Because such enterprise platforms are often used on a company’s most important and strategic projects, having robust e-discovery capabilities to allow internal blog, wiki, and discussion content to be captured and placed into a format that can be seamlessly searched along with other more traditional documents is becoming critical to forward-thinking enterprises.  Over time, it will become a requirement for e-discovery platforms to integrate with enterprise social media products. 

 

As last week’s sessions at ACC Boston (click here) certainly stressed — stress being the operative word — in-house legal departments have been forced to cut their budgets just like their “sisters”, the law firms.   But with a greatly increased workload.  And it is due not just to the increase in litigation/investigations but because of regulatory/compliance issues.  As one GC told us, “we have more and more regulatory/compliance issues and we are seeing far more regulatory inquiries than in prior years … and we simply cannot cover it all.  Worse are the ‘information requests’ which seem to have tripled”. 

Corporate law departments have always sought ways to control spending on outside counsel — which (according to ACC members we spoke with) can be 60 percent or more of their budget.  Costs of outside counsel had been growing at eight to ten percent per year while law departments’ budgets averaged four to five percent growth per year. So, the question facing general counsel has been:  “How can I deal with skyrocketing outside counsel expenses on an ever-shrinking corporate budget?”

The next largest drivers are salaries for house staff and technology costs. Legal management software, for instance, covers not only the basics like spreadsheets and word processing but also more complex functions like matter management and spend management solutions as well as e-discovery tools, which increasingly includes tools that enable a law department to bring some of that work in house and not rely as much on outside firms.  As the staff at LexisNexis told us “technology costs are growing today because there is more pressure to reduce budgets by using technology to reduce people costs” [LexisNexis introduced us to their product CounselLink  which captures all legal department spending. We’ll detail that in a subsequent post]. 

So with the litigation train continuing to steam ahead, creating ever-increasing risk management challenges for large corporations, many corporate legal executives have come to the conclusion that their best option for survival is to wrest back control over their litigation portfolio. This may be a bit of a hyperbole – few companies ever actually ceded their litigation management to outside law firms over other service providers – but it seems clear that the balance of power in the control over how litigation is managed is swinging back toward the corporate law office.

And as Craig Bennett of LexisNexis recently opined “one important metric that benchmarks the industry trend of more legal work moving back in-house is the shift in hiring plans this year. According to an Inside Counsel survey reported in the March 2009 issue, 48 percent of corporations plan to reduce the number of outside law firms they use, but a nearly identical 49 percent plan to increase their number of in-house staff attorneys. Clearly, the trend is toward companies exercising greater control over their litigation portfolio”.  For his full post click here.

But it is not just in the discovery process but for overall efficiency in all law department operations.  It is part of the compliance initiative, an understanding of the broad Governance, Risk and Compliance (GRC) program that all law departments have developed or are developing.  The explosion in technology over the past 15 years and the “sudden appearance” of e-discovery are just a part.  Yes, dealing with e-discovery is a component of a risk management program, and understanding how e-discovery magnifies risk is one of the major factors in compelling companies to be proactive in setting up compliance and risk management programs.   But how a company goes about addressing the risk of litigation before a summons and complaint are served is where the battle lies.

There is still, in many companies, a patchwork of technologies and solutions to address a variety of problems — in place but disconnected.  Too many technologies make for overlapping coverage of risk and, at the same time, gaps in coverage.

Which is why we heard the clarion call (at least 1 million times last week) from GCs and AGCs: “we need a proactive information management strategy that can greatly improve our preparedness and increase our organization’s cost savings.” 

But let’s focus on the immediate concern in the life of an in-house counsel is a scenario (or a variation of this scenario) playing out daily in countless companies around the country:  you just received a complaint filed in Federal Court … or if you’re PepsiCo it’s a $1.26 billion default judgment  because you forgot to show up in court   

The complaint raises [product liability claims, contract violation claims, patent infringement claims, fill in the blank] and the allegations implicate the engineering, manufacturing, marketing and sales organizations. Relevant information needs to be identified and preserved, and the clock has started ticking.  What do you do?

But whether the information request comes in the form of formal discovery, a request for information from a government agency, or the need to identify information relevant to a pending internal investigation, the steps you have taken to manage your information before such a request materializes will have a direct impact on your ability to respond.

Today, information is being generated at such a rapid pace that the typical reactive approach to discovery no longer makes sense. As courts and practitioners have struggled to interpret the practical application of the revised Federal Rules of Civil Procedure, the challenges of handling these issues have highlighted the need for a different, more efficient approach to the discovery process. This has become even more apparent given today’s economic climate and the need to reduce costs and promote efficiencies.

For many organizations, responding to discovery or requests for information has been reactive, something akin to a fire drill. The typical response was a shotgun approach where information was over-preserved and then provided to outside counsel for review.   In today’s world of electronically stored information, these practices do not scale.  The reactive approach is time-consuming and expensive, and it diverts resources (both human and financial) from other critical functions within the business.

Enter … technology!   And technology will tell you (ok, the vendor will tell you) “I can help.  Bring all your troubles to me and I will solve them.  But first, let’s make 5 baskets because I work better in a basket, or maybe 2 baskets and sometimes all the baskets  … but the point is I love baskets … and PowerPoints … SlideShare works for me, too”.  Anyway, the baskets:

1.  Information Management

Information management is relevant to all layers of an organization. No matter what a person’s job function entails, it is imperative that end users are able to access the information they need to do their jobs. However, retaining too much information can overwhelm an organization’s systems and increase risk in the event of litigation or regulatory scrutiny.

2.  Centralized Identification/Preservation/ Collection

One of the most significant challenges an organization faces in its discovery process is the ability to quickly identify information that may be relevant to a pending matter and the ability to preserve and collect that information. Oftentimes, the costs associated with identifying and preserving data can be extraordinarily high from both a monetary and a human resources standpoint.

3.  Legal Hold

An organization must make a good faith and reasonable effort to preserve information that may be relevant to a legal or regulatory matter once litigation is reasonably anticipated. Unstructured data and data dispersed across multiple locations makes it extremely difficult to determine what is relevant. In addition, securing relevant information from normal destruction practices can test an organization’s ability to identify which systems and processes may be affected.

4.  Early Case Assessment/Meet and Confer Preparedness

The Federal Rules of Civil Procedure require that parties meet and confer to discuss various e-discovery issues early in the discovery process. In addition to these legal requirements, there is a strategic advantage to being able to review and analyze the facts surrounding your case as quickly as possible. Whether an organization is sued or is evaluating bringing a cause of action against someone else, knowing which information supports your case and which information may harm it can help you evaluate your position and risk.

5.  Review and Production

Given that the bulk of e-discovery costs can be attributed to the review process, the ability to proactively manage some of this workflow in-house can result in tangible cost savings. For organizations that are not staffed to do review in-house, an archiving and review tool can still provide substantial benefit. In these cases, an in-house legal or IT team can simply search the archive for relevant information using specific keywords, date ranges or custodians. This allows much larger data sets to be culled down to more manageable volumes and reduces the amount of information that is ultimately exported for review by outside counsel.

And so we come again to … the technology.  And if the Fulbright 6th Annual Litigation Trend Survey Report is to be believed, this is one hell of a great time to be a litigation/e-discovery vendor.  Or any legal vendor.

So, we have set the scene, we have summarized highly complex relationships and concepts in some ridiculously short paragraphs so now … what technology tools can be deployed to manage/assess data and enable law departments to enhance the department’s global risk management preparedness? 

Good question.  Coming up next in this series are interviews with companies that say “Yes, we can” and they cover a wide range of expertise:  Business Integrity, CaseCentral, doeLegal, eTERA Consulting, Digital Reef, Fios Inc., Huron Consulting, LexisNexis, Lex Mundi, Orange Legal Technologies, Practical Law Company, Recommind, and Transperfect Legal.  

We will then follow with “non-tech” interviews with Ajilon Legal, Foley & Lardner, Hogan & Hartson, Morgan Lewis, Robert Half Legal, and Womble Caryle.