e-discovery 2.0

One of the new buzz words of the last few years in computing has been Cloud Computing. After the initial hype, and the subsequent shakeout of its potential, everyone is beginning to recognize that it represents a paradigm shift in how we purchase, deploy, and utilize computing resources. The general impetus for the cloud has been its potential to reduce capital costs, offer flexibility in purchasing computing resources, and reduce operational costs in maintaining hardware resources.

A lot of what the cloud offers is achievable using existing technologies, but repurposed in new and innovative ways. Several forms of the cloud, with specific benefits to customers, are being packaged and promoted. The offerings are delivered as cloud services, such as Platform as a Service (PaaS), Infrastructure as a Service (IaaS) and Software as a Service (SaaS). Without getting into specifics, each service offering comes with a set of service agreements between the purchaser and provider of the cloud services.

As with any new initiative, there are new challenges to contend with including security and compliance with corporate policies and industry regulations.  Although these issues are substantial, for this article, let us consider the legal implications as it relates to electronic discovery. We all know that sooner or later, every organization faces litigation, and increasingly, fair number of them involves e-discovery. Traditionally, in house legal and IT teams have had an understanding of how to respond to legal requests and have focused on litigation readiness. But, how do these translate to the new cloud computing paradigm? I’ll examine some of the challenges in a series of posts on e-discovery and the cloud. For starters, let’s analyze the challenges and considerations inherent with the duty to preserve electronically stored information (ESI).

Duty to Preserve ESI

Before we get to the mechanics of electronic discovery and actual preparation for Rule 26(f) conference, the duty to preserve arises. The duty to preserve may be triggered when a legal proceeding is “reasonably anticipated” and increases in importance on receipt of pre-litigation correspondence or a similar trigger event. Traditionally, such duty to preserve is reflected by placing litigation holds. It is often the case that litigation holds are placed on at least a portion of the ESI well ahead of an actual triggering event. See Adams v. Dell as perhaps an extreme example. In fact, some organizations invest in litigation support software technologies for classifying data and placing holds on the most reasonable subset.

How does such a litigation hold translate into the cloud? As a customer of a cloud, one should craft service agreements to dedicate certain cloud-resident data, in the form of folders or other broad categories, to be preserved. If the cloud provider has deployed technology to ensure that no party within the customer’s user community can delete the preserved data, it is well and good. However, placing such restrictive access impedes normal running of the business, and becomes impractical. Essentially, data in the cloud that is available for normal course of business is in the hands of user-custodians. If they then delete the data either deliberately, or inadvertently, or through normal business functions, that data deletion is subject to spoliation claims. Even though the “safe harbor” from spoliation sanctions of Rule 37(f) applies when information is lost due to the “routine, good faith” operation of electronic information systems, when preservation order is in place, shelter under 37(f) is not possible. Thus, the actual implementation of litigation hold comes under scrutiny. Because of this, many implementations adopt preservation using a “copy and preserve” model. However, this model is at odds with live business data that is constantly evolving. Even if the latest point-in-time snapshot technology at the physical volume is employed, the result is inadequate – you end up preserving massive volumes of data in the cloud, unrelated to actual logical messages or files that need to be preserved. What is needed is some smartness in the form of an application in the cloud itself that can translate a litigation hold request into specific ESI in the cloud. Who owns and manages this application and what the service levels are for this application is a significant issue.

Now, the view from the cloud provider’s perspective is very different. In light of the flexible data management architectures available, there is a great temptation to share both data with a litigation hold and data without a litigation hold on the same physical infrastructure. As a result, the cloud provider   preserves all data from every customer that is resident on that infrastructure – a very conservative approach. As a consequence, this would preserve another customer’s ESI accidentally and that data is now discoverable, in the context of a different litigation, despite the second customer’s active management of the data. Preserving a set of live, constantly changing data in the context of a single enterprise is technically difficult; doing so across multiple customers, sharing the data infrastructure is exponentially harder.

Another related issue with preservation is the need for the ability to release preservation holds. Typically, when the litigation response team determines that the legal hold is not necessary, the hold is released. In the “copy and preserve” model of litigation hold, one has to verify that the released ESI does not overlap with other litigation holds and is marked for destruction. One of the benefits of the cloud is the flexibility in storing bits and pieces of data wherever data capacity is available. Applying the release can again be tricky for both cloud customer and the cloud provider.

Given these additional complexities of evidence in the cloud and the fact that the duty to preserve may arise well before the trigger event of litigation, the costs associated with the duty to preserve can add up very quickly. It’s essential to understand three critical items related to the duty to preserve in the cloud: 1) what the cloud provider would charge for ongoing preservation, 2) whether agreements with the cloud provider cover the legal issues raised by the duty to preserve and 3) what the cloud provider offers in terms of a flexible workflow for applying and releasing legal holds.

Since I’ve finished off the last of the Halloween candy and tossed out the moldy, squirrel ravaged pumpkins, it occurred to me that now might be a good time to think about what 2010 will hold for the electronic discovery industry.  My 2009 list seems to have been fairly prescient and many of those notions still hold true since the legal industry (as we know) doesn’t move at the most blistering pace.

Again, doing my best Nostradamus impersonation, here are my top ten trends for 2010:

1. Early case assessment (ECA) moves from a “nice to have” to a “must have” requirement for any matter involving electronically stored information (ESI).  In 2009, we saw ECA move into the mainstream as a methodology to quickly understand case facts, assess risk and lower both review and data processing costs.  But, in 2010, with the advancement of the tools and the increased socialization within the bar and the litigation support community, ECA will graduate into a core methodology for savvy litigators regardless of matter type or size.
2. Appetites for broad information lifecycle management initiatives diminish as organizations realize these programs are far too complex to solve specific pain points, and they often take too much time (measured in years) to execute.  The economic reality is that these holistic, cross data, cross enterprise pipe dreams really can’t demonstrate the ROI that’s needed in today’s challenging economy.
3. Staffing roles continue to evolve with a newfound focus on project management. The role of an in-house e-discovery coordinator will emerge as more of a project management and analyst versus pure legal or IT. This shift will become increasingly necessary as e-discovery evolves from an ad-hoc fire drill to a standard business process that is repeatable, measurable, and defensible.
4. Data analytics and statistical methodologies gain traction to augment the type of subjective decision making approaches that have historically formed the backbone of the e-discovery search and review processes.  These objective methodologies have long been called on as best practices by the likes of the Sedona Working Group. In 2010, they now will start to move from theoretical to practical task as e-discovery tools increasingly move in-house and departments enhance defensibility and add elements such as sampling into the workflow.
5. Platform e-discovery solutions finally become a reality as customers finally graduate from painfully stitching point solutions together, thus requiring less physical document hand-offs (i.e., exports and imports) between applications, cutting costs and lowering the risk of data loss.
6. Associate-based review gradually goes extinct, as both clients and law firms tire of expensive, linear review processes.  More review work becomes either insourced or is managed with specialized contract attorneys, who are both cheaper and better trained for this type of work.
7. Similarly, FRE 502 and “clawback” agreements will be increasingly used to reduce the need for any manual, eyes-on review, although many litigators will resist this trend because of the fears of “un-ringing the bell” when privileged information is disclosed in any context.
8. While perhaps anathema, alternatives to the much lauded EDRM model will gain traction, as practitioners strive to find an even better, and perhaps more practical, project management framework, in many cases acknowledging the role that the EDRM has taken in forming *the* lingua franca of the e-discovery industry.
9. The push for cooperation in the e-discovery process, will make incremental progress despite reticence by old school litigators.  Increasingly, this type of cooperation, as strongly advocated by the Sedona Working Group, will be ironically forced by judges and local rules.
10. “Cloud” computing starts to really impact how e-discovery data preservation/collection is done, both in terms of social media and traditional ESI.  More and more companies block social media applications and file types in the workplace because of fears surrounding the inability to preserve and collect.

There is no bigger idea in enterprise technology than the idea of “cloud computing“. What does it mean? Simply put, the idea is that enterprises will cease to buy hardware, software, and all the headaches that come with them. Instead, companies will rent whatever applications they need and access them over the internet. Software vendors will keep their applications on a pool of shared infrastructure (the “cloud”), which will automatically allocate resources between applications according to demand. Using a common analogy, we will move from today’s world where companies are buying and building their own electricity generators, to a world where there are power companies distributing electricity over a grid.

To get a sense for how this might happen, just take a look at the CRM market. Ten years ago, Siebel and other packaged software vendors were among the fastest growing companies in America. Today, they are shrinking as customers migrate en masse to, for example, salesforce.com’s cloud-based approach. One Wall Street analyst I spoke to last week forecast that hosted (i.e., cloud-based) applications will grow their market share from 12% to 21% by 2011, and account for all growth in the market.

E-discovery is no exception to this mega-trend, and I expect a portion of the litigation software business to move to the cloud. How quickly this happens depends on how easy it is for companies to adopt cloud-based e-discovery solutions, which is why Google’s recent moves into e-discovery are so significant.

Google is by far the largest cloud computing company in the world. Its cloud-based Google Apps suite of applications was only launched in 2007, but is already being used by several hundred thousand businesses and, Google tells me, 2,000 new businesses sign up every day. Today, the customers are mainly small to medium sized businesses (500-5,000 employees). But as its functionality improves, larger companies will increasingly start asking why they should pay for Microsoft Office when cheaper alternatives exist.

Talking to Bill Kee, a product marketing manager at Google, it’s clear the biggest gap in Google Apps’ functionality was the lack of enterprise features around security, compliance, and e-discovery. That’s why Google acquired Postini, a leader in messaging security. It’s why Google recently launched Message Discovery, a hosted archive that comes bundled into Google Apps Premier Edition. And it’s why Google is collaborating with Clearwell to educate the market on cloud-based e-discovery solutions.

If you are interested in learning more about “e-discovery in the cloud”, register for a free webinar which we are hosting with Google on June 3.