eDiscovery & Data Management in a Changing Regulatory Environment
Parsing massive volumes of data for responsive documents within the often-restrictive timeframes imposed by litigation is challenging for any company. During eDiscovery, workflows must strike a balance between minimizing disruption to the business and defensibly meeting tight deadlines.
As jurisdictional data protection regulations become more stringent and complex, a new dimension is added to this challenge. Personal privacy is now a top priority. Not only must responsive documents pass forensic muster, but their handling must conform to applicable data protection regulations. In addition to affecting defensibility, mishandling ESI carries the risk of running afoul of privacy regulations – resulting in steep fines and, potentially, exposure to additional litigation.
Ideally, a proactive ESI management plan facilitates data requests. The reality is that many firms struggle to satisfactorily manage data in today’s ever-changing regulatory environment. A data request stemming from litigation could highlight this reality at the worst possible time for a company. Given the tight deadline that invariably accompanies such a request, the eDiscovery consultant has to be an expert in applicable regulations and IT to work effectively with the company’s resources and to expedite the remediation of any data management deficiencies that are uncovered during the process.
The following case study illustrates how, with the right eDiscovery team, the seemingly insurmountable task of developing a reactive data management plan can be accomplished—on time and leaving the company in a better position than before.
In this case, the company was given five weeks to produce responsive documents from 17 TB of rolling data in adherence with the General Data Protection Regulation (GDPR). Since 2018, the GDPR has ushered in a new age of privacy and data protection, serving as the template for similar legislative initiatives around the globe. It makes individual privacy paramount—requiring that any data that can identify an individual must be handled with extreme caution to avoid compromising personal data. When it comes to “special categories” of personal data (including, but not limited to, ethnicity, political preference, sexual orientation, and political affiliation), the GDPR explicitly prohibits data processing except in very limited cases.
The GDPR’s primary focus is on preventing malfeasance by large-scale data aggregators like social media platforms. Compliance is possible for eDiscovery, as long as the correct data handling procedures are in place. These procedures were integrated into the eDiscovery workflow to process 17 TB of data in a manner that mitigates the possibility of noncompliance while meeting the tight five-week deadline.
FRONTEO’s consulting team leveraged its multi-faceted expertise to develop a GDPR-compliant data management plan and customize its eDiscovery workflow.
STEP 1: Leveraging IT & Regulatory Expertise to Formulate the Data Agreement
The first step was implementing a GDPR-compliant data agreement between FRONTEO, the company, and the company’s law firm. Before touching any data, FRONTEO coordinated amongst all parties to establish the roles of data collectors and data processors. As data processors, law firm associates (and any applicable vendors) were on-boarded to ensure proper data handling. Along with roles and responsibilities, FRONTEO developed an outline of the processes that would dictate how and why ESI would be processed.
STEP 2: Custom Software Solution
After carefully aligning the team structure with production needs, the next step was to engineer a workflow to produce responsive, defensible documentation within the five-week time constraint. FRONTEO developed a custom workflow within Relativity. The FRONTEO team created dynamic searches to identify all responsive and non-privileged documents that hadn’t been previously produced to ensure productions.
Importantly, the solution accounted for the fluidity in the collection process that was necessitated by the tight deadline, allowing new data to roll into the review without disrupting the process. A high-speed FTP account was created specifically for rolling data that was introduced on a near-daily basis. As responsive documents were identified, batch sets were created for privilege and responsive review teams.
All data was processed, loaded, searched, reviewed, and produced within the five-week timeline in a defensible and GDPR-compliant manner. The client not only met the tight deadline, but also was left with a better data management framework than before. Our client gained cost efficiencies from the streamlined review process and was able to use the matter as the springboard for better enhancements to DM and IT processes.
About the author: Brian Moore is the SVP of Consulting Services at FRONTEO, a publicly traded global technology and services company specializing in artificial intelligence, cross-border litigation, managed review, and consulting for the eDiscovery market. He is an industry veteran of 17 years having worked at major vendors in the e-discovery space since 2003.