eDiscovery Plain & Simple: A Plain English Crash Course in e-Discovery
Electronic discovery (also named e-discovery or eDiscovery) related to processes in which electronic data is sought, located, secured, and searched with the intent of using it as evidence in a civil or criminal legal case. eDiscovery can be carried out offline on a particular computer or it can be done in a network. Examples of electronic documents and data subject to e-discovery are e-mails, voicemails, instant messages, e-calendars, audio files, and data on handheld devices, animation, metadata, graphics, photographs, spreadsheets, websites, drawings and other types of digital data.
Steps to practical eDiscovery planning:
Cross functionality:
Members from cross disciplinary team (legal, compliance, IT etc.) are one of the most important steps to a success of an effective eDiscovery planning. Every step in the eDiscovery process should be documented and should be tested on regular basis. eDiscovery should have enough resources, in case of small company; you may have to bring some people together on ad-hoc basis, and should have a single point of contact for eDiscovery. Team lead for eDiscovery should be a neutral person rather than having particular bias against IT, Compliance or Legal. Legal has to lead the charge for eDiscovery and then delegate what you can preserve and how to maintain the data. Since the legal team has better understanding of legal implication, such as of a legal hold, a legal hold is a process which an organization uses to preserve all forms of relevant information when litigation is reasonably anticipated. eDiscovery steering committee with legal involved will also help you address compliance issues like HIPAA, PCI and SOX. Vendors need to be involved in the eDiscovery process early as well.
Plan for eDiscovery policy before the data is generated to decide things like either digital signature or trusted time stamps will be utilized. eDiscovery policy should be consistent and repeatable and should be tested by internal audit on regular basis. Establish simple, reasonable and repeatable policies.
With respect to eDiscovery, the key is to manage the largest risk, namely, the risk of being held responsible for deleting information in a bad faith effort to destroy evidence. (which is called as spoliation)
Documentation retention:
Classify the records which need to be move to record management systems to decide what you are retaining and for how long. Now courts are looking into company’s internal processes to verify if they have a documented retention policy and implemented it properly. By implementing document management systems you know where your data is and DLM can be use to limit the scope of eDiscovery data.
eDiscovery training:
Personnel’s should be trained on how to testify in the court
eDiscovery cost:
Real cost come in during the analysis of the data, technologies can be utilized to streamline the cost. The cost of the analysis will be more if use outside vendors including attorneys. Have some process in place to analyze the data in-house under the supervision of legal counsel.
Continuous improvement:
Conduct regular reviews, audit, and training to refine the process. Apply the effective technology to automate the process and lower the cost when you can.
Download a free guide for the following solutions
Hosted email archiving
Hosted online backup
January 19th, 2010 4:58 pm
[…] eDiscovery and planning (deurainfosec.com) […]
October 3rd, 2011 2:33 am
The steps you shared for the e-discovery and planning are very useful and one can easily make a plan for the future.. It's a great help to me.. I will definitely look forward to it..