eDiscovery Explained - The Ultimate Guide

First, we need to understand what the term discovery means, in relation to the subject.

Discovery is the term used for the initial phase of a lawsuit, where both parties discover and provide each other with relevant information.

eDiscovery, also known as e-discovery and electronic discovery can be best described as the multi-stage process that involves collecting electronically stored information, securing it, and making the data searchable for review. This information will be used as evidence in a lawsuit.

This guide focuses on eDiscovery for civil lawsuits, not criminal lawsuits.

The process starts from the time a lawsuit is reasonably foreseeable, all the way through to when the digital evidence is presented in a trial.

Here is a quick high-level overview of the e-discovery process.

Information governance (IG) serves to support processes that an organization uses to maximize the value of its electronic information, while minimizing costs and risks associated with keeping that electronic information. It’s not really a step or stage in the eDiscovery process, it’s more about managing “big data” so that relevant data can be accessed quickly when needed.
Many organizations are yet to put IG into practice. That said, it is now becoming a conversation that many companies are starting to have.
You can find out more about IG here.

Before moving through the Identification, Preservation and Collection stages, it’s beneficial to build a strategy.

How do we identify what to collect?
How do we preserve the data?
How are we going to collect it?

The best approach is to develop an e-discovery collection strategy and plan which should be unique to each matter. For example, in some cases it may be important to collect data immediately. In other cases, early collection may not be necessary (the data is already preserved).
The strategy is then used to select a collection method and execute the collection plan.

What does the e-discovery collection strategy involve?

The collection strategy can vary depending on the matter. For example:

Things to consider usually include:

• Identifying the number of custodians to collect the data from. Whose data should ultimately be reviewed?
• Identifying relevant data. What’s important and what’s not?
• How will the data be preserved (prevent data spoliation)? For example, prevent the metadata changing.
• Why is the data is being collected from certain sources? It is important to consider why and how the data is being collected. Why choose one collection method over another?
• Data sources will be discussed in more depth in the next section.
• How accessible is the data (what are the data sources, and where are they located)?
• Are any special tools needed to collect the data?
• Is there any sensitive or encrypted data that warrants special measures?
• Who will be involved in the collection process (cross-functional team – legal, IT, experts)?
• Are there internal resources to help with the data collection?
• What is required to collect the data legally (litigation hold notice)?
• Which collection methods will be adopted?
• Planning for a Meet-and-Confer. Here the opposing parties meet and confer at least 21 days before the scheduling conference with the court in order to work out agreements on the preservation of ESI, the forms of ESI production, the methods that will be employed to filter out irrelevant information, and the protection for privileged information. The meet and confer will make eDiscovery more efficient, help reduce discovery disputes, and most importantly, get parties to the litigation’s most relevant information faster.
• Draft an ESI Protocol. Shortly after the Meet-and-Confer, it is good practice to draft the ESI Protocol. This document is often entered by the judge as a formal order and controls the conduct of electronic discovery in the case.
  The ESI protocol will contain the following information:

  1. the scope of the ESI collection efforts
  2. the format in which electronic documents will ultimately be produced
  3. the handling of privileged information

  This is all described in greater detail below.

Electronic discovery begins with identifying what to data to collect for review.

What electronically stored information (ESI) may be relevant to the case?
Who are the custodians?

Identification begins as soon as a lawsuit is reasonably foreseeable.

During this stage, interviews with key players and IT staff are conducted to establish what ESI may be relevant, where the relevant discoverable data is located, how the data can be collected, any special tools required, etc.

It’s necessary to learn where potentially discoverable data resides to issue an effective legal hold.

Once relevant electronically stored information (ESI) has been identified, it’s extremely important to ensure that the data is preserved, kept intact – not modified, corrupted or lost, the legal community refers to this as “spoliation”.

It’s important that data preservation is conducted properly, to avoid spoliation of metadata and/or files.

A legal hold is usually used to preserve ESI. A legal hold is a formal notice sent from the legal team, stating that a lawsuit is anticipated and the recipient (custodian) must preserve all ESI that may be relevant to the matter.

But it’s not only about ensuring ESI relevant to the matter is protected from spoliation, it’s also about trying to preserve only the necessary data. Preserving unnecessary data causes inefficiencies and increases costs and risk.

After electronically stored information (ESI) had been identified and preserved, it must ultimately be collected and stored in a secure repository for review.

The collection stage is often the most complex stage of eDiscovery, requiring professionals from both IT and legal to collaborate and ensure the extraction process is properly executed.

Relevant ESI may be stored across many different types of data sources, each one requiring different collection methodologies to ensure the data is collected properly.

Here’s a list of some common data sources that ESI may need to be collected from for electronic discovery.

Data Sources

1. Archive Data

Active Data is ESI that is stored on local hard drives, network attached storage (NAS) or other networked drives. This includes emails and other traditional files that are stored on devices such as laptops, desktops, servers and network attached storage. This type of data is usually the easiest to access and collect.

2. Cloud Data

More and more data is being stored in the cloud (remote data that is stored and accessed over the internet). This not only includes the corporation's own applications, it also includes data stored by third party service providers such as CRM and accounting software, instant messaging services (skype, slack), social media networks, storage services (Dropbox, OneDrive), etc. Accessing this type of data can be beyond the reach of internal IT and may require specialized help.

3. Mobile Data

This category includes phones, smartphones, tablets and blackberry devices. Collecting ESI from these types of devices will generally require specialized knowledge and sophisticated tools.

4. Offline Data

Offline Data is ESI that is sent to offline storage or is no longer active (no longer in use). Examples include old computers, old hard drives, portable hard drives, USB sticks, optical disks and archived data. Collection this type is data is relatively easy if the whereabouts are known.

5. Backups

ESI that has been moved to backup devices such as tape drives or disaster recovery systems. Backup systems often compress files, this makes it difficult to search and access files. Typically, the files will need to be restored first.

6. Hidden Data

This can include deleted data, files and fragmented files. Deleted data is not visible through the regular operating system, but it may still exist. It’s possible to recover deleted data with specialized tools and/or software if the sectors have not been formatted or overwritten with new data.

After collection, it’s time to process, review and analyze the information.

The processing part aims to reduce the dataset by removing irrelevant data.

The review stage involves reviewing and analyzing the ESI to determine which ESI is relevant to the case. A review team is selected based on the variables of the individual case, such as the amount of data, the deadline, and the budget.

Law firms or review service providers are usually engaged to handle the review and are typically paid by the hour. It’s the most expensive stage of the e-discovery process, accounting for about 75% of the total e-discovery cost.

A deep understanding of the case is necessary for an effective review, the reviewers need to know what to search and look for.

The review stage is obviously extremely important, it’s when the law firm gain a greater understanding about the case, helping them to develop a legal strategy.

During the review process, documents are coded or tagged to categorize them. Each review team has their own system, but it’s critical that everyone knows the system. For example, documents may be tagged as privileged (attorney-client privilege), irrelevant, relevant, further review needed etc. The documents are also numbered, which helps identify them later.

It’s also common practice to have some quality control measures in place to help ensure reviewers are tagging correctly.

The review process results in a final set of documents that have been determined to be relevant to the case. Production means to “produce” the final set of documents to the opposing party.

Before the documents are exported both parties will agree on a production format. Formats can include native, near-native, image (TIFF and PDF) and paper.

A document in its native format will usually include associated metadata. Near-native may include some metadata, but image and paper will not include any metadata. However, additional files are created containing the metadata and other document information

A “load file” is often produced and included. A load file helps load and organize all the information within eDiscovery software so that the information can be searched and viewed. It also links documents to their metadata.

In the past, production involved large sending boxes of paper documents to the opposing party.

The final stage of the eDiscovery process. This is when the ESI is presented as evidence during trial. The legal team will develop a presentation strategy to show the information at trial.