Parsing massive volumes of data for responsive documents
within the often-restrictive timeframes imposed by litigation is challenging
for any company. During eDiscovery, workflows must strike a balance between minimizing
disruption to the business and defensibly meeting tight deadlines.
As jurisdictional data protection regulations become more
stringent and complex, a new dimension is added to this challenge. Personal
privacy is now a top priority. Not only must responsive documents pass forensic
muster, but their handling must conform to applicable data protection
regulations. In addition to affecting defensibility, mishandling ESI carries
the risk of running afoul of privacy regulations – resulting in steep fines
and, potentially, exposure to additional litigation.
Ideally, a proactive ESI management plan facilitates data requests. The reality is that many firms struggle to satisfactorily manage data in today’s ever-changing regulatory environment. A data request stemming from litigation could highlight this reality at the worst possible time for a company. Given the tight deadline that invariably accompanies such a request, the eDiscovery consultant has to be an expert in applicable regulations and IT to work effectively with the company’s resources and to expedite the remediation of any data management deficiencies that are uncovered during the process.
The following case study illustrates how, with the right eDiscovery team, the seemingly insurmountable task of developing a reactive data management plan can be accomplished—on time and leaving the company in a better position than before.
In this case, the company was given five weeks to produce
responsive documents from 17 TB of rolling data in adherence with the General
Data Protection Regulation (GDPR). Since 2018, the GDPR has ushered in a new
age of privacy and data protection, serving as the template for similar
legislative initiatives around the globe. It makes individual privacy paramount—requiring
that any data that can identify an individual must be handled with extreme
caution to avoid compromising personal data. When it comes to “special
categories” of personal data (including, but not limited to, ethnicity,
political preference, sexual orientation, and political affiliation), the GDPR
explicitly prohibits data processing except in very limited cases.
The GDPR’s primary focus is on preventing malfeasance by
large-scale data aggregators like social media platforms. Compliance is
possible for eDiscovery, as long as the correct data handling procedures are in
place. These procedures were integrated into the eDiscovery workflow to process
17 TB of data in a manner that mitigates the possibility of noncompliance while
meeting the tight five-week deadline.
FRONTEO’s consulting team leveraged its multi-faceted
expertise to develop a GDPR-compliant data management plan and customize its
STEP 1: Leveraging IT & Regulatory Expertise to Formulate the Data Agreement
The first step was implementing a
GDPR-compliant data agreement between FRONTEO, the company, and the company’s
law firm. Before touching any data, FRONTEO coordinated amongst all parties to
establish the roles of data collectors and data processors. As data processors,
law firm associates (and any applicable vendors) were on-boarded to ensure
proper data handling. Along with roles and responsibilities, FRONTEO developed
an outline of the processes that would dictate how and why ESI would be
STEP 2: Custom Software Solution
After carefully aligning the team
structure with production needs, the next step was to engineer a workflow to
produce responsive, defensible documentation within the five-week time
constraint. FRONTEO developed a custom workflow within Relativity. The FRONTEO
team created dynamic searches to identify all responsive and non-privileged
documents that hadn’t been previously produced to ensure productions.
Importantly, the solution accounted
for the fluidity in the collection process that was necessitated by the tight
deadline, allowing new data to roll into the review without disrupting the
process. A high-speed FTP account was created specifically for rolling data
that was introduced on a near-daily basis. As responsive documents were
identified, batch sets were created for privilege and responsive review teams.
All data was processed, loaded, searched, reviewed, and produced within the five-week timeline in a defensible and GDPR-compliant manner. The client not only met the tight deadline, but also was left with a better data management framework than before. Our client gained cost efficiencies from the streamlined review process and was able to use the matter as the springboard for better enhancements to DM and IT processes.
About the author:
Brian Moore is the SVP of Consulting Services at
FRONTEO, a publicly traded global technology and services company specializing
in artificial intelligence, cross-border litigation, managed review, and
consulting for the eDiscovery market. He is an industry veteran of 17 years
having worked at major vendors in the e-discovery space since 2003.