– Alon Israely, Senior Advisor, BIA (www.biaprotect.com), says:
Corporations get sued or investigated by regulators all the time – and one day, it will be your company (if it isn’t already.) As an IT professional, legal will probably come to you and ask you to gather certain data – that is, to perform “a collection of the relevant documents and emails”. Suddenly, you will find yourself forced into the realm of electronic discovery (“eDiscovery”), which is a different animal than the standard data migration job or file transfer operation.
From a project management perspective, think of eDiscovery just like any other IT project, but with a twist: since the requests are coming from lawyers, the data you’re harvesting is actually evidence. Concepts such as defensibility, spoliation and testimony apply in eDiscovery, so the data collection process must be handled with a forensically sound and methodical process.
Best practices for IT managing eDiscovery projects include:
• Use common sense. The tools and project management skill sets you currently possess have been vetted within your corporation and you know a lot about data. Just because eDiscovery is an unfamiliar type of IT project in your corporation, you don’t have to invent new eDiscovery project management protocols. The basic principles of gathering and organizing data are the same. It’s about using the right tools, keeping good documentation and being careful to ensure the data handling is performed in a compliant way that is different for eDIscovery projects.
• Get your team in place. Have well-defined roles and a clear understanding of industry standard models such as the EDRM (www.edrm.net) and principles espoused by the Sedona Conference (http://www.thesedonaconference.org/ . These models describe the full eDiscovery process related to data involved in legal proceedings and investigations, from information management on the IT level such as data mapping all the way through until the case goes to trial where some of that data must be presented in court. There are a lot more logging, auditing processes, chain-of-custody requirements and specialized mechanics in the eDiscovery process that each member of the team must understand to ensure the legal soundness and defensibility of the results.
• Remember – you only have one shot. In eDiscovery, you do not have the luxury of doing the collection again. You have to do it right the first time. Do not be afraid to ask questions and get the clarity you need from your department heads and legal counsel so you can perform the project correctly. There can be a host of inter-dependencies of which you may not be aware and thus will never know unless you ask questions. Clarify, clarify, clarify; and then base your data identification and collection schedule on that feedback.
• Standard IT tools won’t do. The biggest mistake an IT professional can make when it comes to eDiscovery is thinking he or she can not only do it themselves with standard IT tools, but also that standard IT tools will somehow be cheaper. Most standard IT data copy tools do not perform the necessary mechanical steps which preserve the integrity of the data collection. Additionally, you may come to realize midway through the process that you need too many of these tools to perform the process cost-effectively. Using standard IT tools for eDiscovery can be disastrous much later on when the lawyers are trying to make sense of the data that has been collected in a way that does not conform to legal standards.
• Use appropriate eDiscovery products. There are excellent eDiscovery products on the market designed from the ground-up for the eDiscovery process, and so, have the built in tools and measures to preserve the integrity of the collection process, the data results and to save IT professionals from having to testify as a witness at a deposition or in court. In the end, these products will be far more cost-effective than a piecemeal approach with standard IT tools.
eDiscovery projects are unfamiliar territory for many corporate IT professionals, and the territory is fraught with peril. However, by leveraging what you do know about data, consulting legal counsel to ensure the data is kept pristine and protected, and using proven eDiscovery tools to assist you, you can prevail. Being smart about eDiscovery protects you and your organization both, and next time your employer gets sued, you’ll be ready, willing and able to manage eDiscovery projects with great success.