The E-Discovery Field Guide
Back to the Beginning: Information Governance as the Critical First Step to an Efficient and Effective E-Discovery Process
In one of the first editions of the E-Discovery Field Guide, we highlighted the five broad phases of E-discovery, each of which is interconnected to the others. In regard to the first phase of E-discovery—information governance—we explained why a strong internal foundation for organizing and managing data is critical to managing the later phases of a case. As we wrote then:
“The best E-discovery strategy starts long before the complaint is filed. A party can ensure compliance and reduce its E-discovery costs through a comprehensive information governance and litigation preparedness plan, which includes knowing the company’s electronic systems and establishing data organization and retention policies. A strong foundation will allow a party to quickly identify sources of relevant electronically stored information (ESI), implement litigation holds, and streamline the entire E-discovery process.”
A forthcoming commentary from the Sedona Conference, entitled Commentary on Information Governance, Second Edition, 20 Sedona Conf. J. 95 (forthcoming 2019), elaborates on information governance issues and practices, including as it relates to E-discovery and data privacy. Here are three key takeaways from the Sedona Conference’s commentary as they relate to E-Discovery issues:
- In what the Commentary describes as the “siloed” approach to information governance, a company’s information is used and maintained in different ways by different segments of the company, each with their own practices, policies, and goals. The siloed approach results in each individual part of the business acting in its own best interest, without necessarily considering, or even understanding, the needs of other business units or the company as a whole. As one example of the siloed approach relating to E-Discovery practices, in-house counsel may issue an overbroad litigation hold to avoid any conceivable spoliation issue, but that hold may result in excessive costs for the company and the preservation of data across business units that is not actually required and that negatively affects business practices. The solution to the siloed approach is to understand and implement information governance practices on a company-wide basis that benefits the entire organization while also taking into consideration the needs of each individual unit.
- An information governance policy must account for and address the applicable legal obligations that the company is required to operate under. Those obligations might include record retention and disposition, privacy and security, intellectual property and commercially sensitive and confidential information, and preserving information for litigation and regulatory matters. Although the specifics will vary by company and industry, the information governance policy should take into account these compliance obligations so that the company’s practices adequately address each issue. On the other hand, the failure to maintain a policy that complies with applicable legal obligations may result in independent legal violations (such as through the failure to maintain confidentiality of information subject to a non-disclosure agreement), as well as exposing the company to unnecessary risks of penalties, litigation, or costs down the road.
- An information governance policy regarding destroying records is just as important as a policy regarding preserving records. While many companies default to a “preserve everything” model, the Commentary recommends that “[i]f there is no statutory, regulatory, or preservation obligation, information should be disposed of as soon as the likely business value of retaining the information is outweighed by the cost and risk of retaining the information.” It may be hard to draw bright lines around when that point in time occurs, but the many benefits of timely records destruction—e.g., reduced storage costs, reduced costs in discovery from decreased data size, and increased ability of business people to quickly identify valuable information—make it worth the effort. The information governance policy, therefore, should address the lifecycle of the different information the company creates and maintains, while also providing easy mechanisms to alter the destruction policy when necessary, including as the result of a legal hold.