As a frequently outsourced aspect of the litigation process, it’s no surprise that many legal professionals underestimate the flexibility and utility of the eDiscovery skillset. Usually, eDiscovery is relegated to a team of contract lawyers or an alternative legal service provider. As a result, the full understanding of eDiscovery’s utility remains siloed within these organizations.
In this blog, we’ll try to break down that knowledge silo a bit. Here’s three ways eDiscovery tools and methodologies can be taken advantage of outside of litigation.
1. Data subject access requests
More and more jurisdictions are implementing data privacy regulations such as the California Consumer Privacy Act (CCPA) and the General Data Protection Regulation (GDPR), each with their own spin on an individual’s right to access, amend and delete the data collected by third parties.
Because there is no standard data privacy framework and the cost of noncompliance is high, many businesses are funneling data subject access requests (DSARs) through their legal department. But this is an expensive practice. Gartner research estimates this costs, on average, $1,406 per DSAR, while another study estimated that an average mid-sized UK firm spends $2 million a year handling DSARs.
When responding to a DSAR, organizations need to provide:
- Confirmation that they are processing the data subject’s personal data
- Access to their data (and only their data; not somebody else’s)
- The types of relevant personal data
- Third parties that the organization shared the data with
- The period for which the personal data will be stored, or the criteria used to determine that period
- The data subject’s right to request that the organization delete, amend or restrict the processing of their personal data.
- Their right to lodge a complaint with a supervisory authority;
- The source of their data
- Any automated decision-making, including profiling, and the potential consequences of this processing
Looking at this list of required information, we can see that the overlap with the eDiscovery process is quite significant. In both DSAR requests and eDiscovery, data needs to be discovered from the many different sources spread out across the organization; it needs to be reviewed to determine whether it is responsive to the data subject’s request; extraneous data needs to be privileged and redacted; all of this needs to be performed on a potentially massive data set; and it all must be done before a deadline. For the GDPR, for instance, companies must respond to a DSAR within a month.
Using eDiscovery software, a DSAR reviewer can cull the data set using machine-learning techniques and other early case assessment strategies. Functionalities like optical character recognition (OCR) enable reviewers to search through unstructured data formats like images for text related to the data subject, and natural language processing (NLP) helps ensure that reviewers identify relevant documents by their meaning and not just their keywords. In fact, this eDiscovery use case is an excellent means for organizations to save money on both noncompliance penalties and potential lawsuits stemming from failure to respond to DSARs appropriately or accidentally exposing another individual’s data.
2. FOIA requests
When responding to a Freedom of Information Act (FOIA) request, according to the AP, the government only delivers all requested information one out of every five times. This low fulfillment rate is due in part to the need to redact sensitive information and privileging. However, the AP analysis also reported that over half of the cases where the government provided no information were because the requested information could not be found.
Legal and compliance experts in the public sector understand the challenge. With only 20 business days to track down the requested documents and to review them for sensitive information on top of existing duties, meeting FOIA requests on time can be extremely difficult.
For a FOIA coordinator, eDiscovery tools and methodologies offer a number of benefits in fulfilling this process. Since so many government documents are still faxed or scanned, OCR is a must if one wishes to search through a large corpus of documents. Similarly, government documentation runs the gamut from highly standardized forms to casual communication over email, making NLP an essential means of searching through documents in a contextually aware fashion. And perhaps most importantly, eDiscovery tools have robust redaction capabilities that can meet Department of Justice standards.
3. Information governance
Often, in-house counsel and law firms seek out an eDiscovery expert in a reactive fashion; they’ve become involved in litigation and need somebody to manage the eDiscovery. But actually, the eDiscovery process is meant to begin before litigation even takes place.
The eDiscovery Reference Model (EDRM) consists of 9 steps representing the various stages of eDiscovery. The first step is information governance, which concerns itself with the creation and disposition of information in a manner that takes into account business imperatives, tools and infrastructure and the regulatory environment. The EDRM Global Advisory Council refers to this stage as “getting your electronic house in order.”
eDiscovery experts understand how ESI should be managed, when and what kind of data should be destroyed, how to store data in workable, structured formats and more. Many business leaders are under the impression that more data is better, but this is only true for properly managed data. Mismanaged data is a liability; it presents greater risk should the organization become involved in litigation.
When businesses consult with eDiscovery experts on their information governance, they transform eDiscovery from a reactive process to a proactive one. In the long run, this reduces the costs associated with litigation or audits and reduces the likelihood that litigation will occur in the first place.
Start where you’ll make the greatest impact
Simply because eDiscovery most often falls under the umbrella of litigation doesn’t mean it can’t deliver value in other aspects of business as well. Any time that data needs to be quickly discovered, reviewed and processed, eDiscovery tools and methodologies can be applied.
Out of the eDiscovery use cases described in this article, information governance may be the most overall impactful practice for an organization. It minimizes risk, makes data easily discoverable for litigation or audits and provides the larger organization with access to data for analyses and reporting.
We’ve put together a practical guide on the topic that can show you how to regain control of information, reduce risk, provide employees with data they can trust and develop a strategy fit for the future. Watch our webinar, “Information Governance: Smelling the Roses,” to learn more.