As these mistakes are not infrequent, it is useful for eDiscovery practitioners to understand the root cause of such issues, and what can be done to avoid them. A potential cause may be the increasing availability of software that transforms tasks that were previously complex and technical into automated, user-friendly processes.
The potentially significant downside of such innovation is if it lulls its users into a false sense of security, whereby they can complete a task without questioning whether the output it accurate. This tension is as old as technology itself; in sailing, for example, the convenience of GPS and a depth finder is undeniable, but relying on these tools exclusively will cause any skipper to run aground.
The case of vanishing email
In eDiscovery, recent improvements in the technology used in the preservation and collection of Electronically Stored Information (ESI), such as the discovery module in Microsoft’s Office 365 suite (“M365”), enable IT teams to preserve and collect information with having to engage computer forensics experts. However, these tools lack the validation workflows that forensics experts use to defend the discovery process; their use without a documented due diligence process can result in failures such as those described in Mark's comments.
There are various reasons for such failures, which can include any of the following:
- Mailboxes or standalone email archives were not migrated to M365, and remain in the legacy system;
- Mailboxes were imported, but with undetected errors that rendered them unreadable;
- Data that remains available on the backup was deleted from M365 ;
- Additional custodians' mailboxes that are not included in the scope of collection (e.g., from an employee seconded to another entity with a separate email system); and
- Various technical issues such as an incomplete search index, or data corruption.
Such risks don’t necessarily mean that practitioners should revert to the forensic process, but some form of due diligence is needed to avoid problems. In some cases, we have seen almost half of the relevant emails missed due to the factors such as those described above. Accordingly, practitioners should at a minimum test the data received from clients to validate the data collection process.
The neglected loose end
I have also seen issues arise in the context of document review, which relies on a variety of reports to track a large number of details necessary to keep the review on schedule. The reporting platforms need to balance several competing elements:
- Provide clear “Big Picture” summary information necessary so the team leads can understand the progress of the review team, and the content of the document set being prepared for disclosure;
- Track the various concurrent workstreams (and their sub-tasks) that need to be resolved in preparation for production. The workstreams will generally identify document sets that are carved into separate tracks to answer outstanding questions, perform additional processing, or resolve the various other technical issues that might arise (the “loose ends”); and
- Minimize the effort and cost necessary to effectively report on the Big Picture and loose ends in a proportional manner. Proportionally checking the loose ends is challenging because they involve a potentially large number of relatively small sets of documents that are in constant flux. Reporting on them can become an endless task that ties up the team leads in unnecessary detail, and requires a disproportionate level of effort.
Nonetheless, all of these loose ends must be tracked, as each needs to be resolved well in advance of the production deadline, as any of them amounts to a potential omission.
The optimal solution is for the teams managing the loose ends to use a tracking tool that is integrated into the main reporting system used by the team managing the review. This should include the ability to “roll up” a summary, such as the number of tasks outstanding and their estimated timeline. The key is for the information used by the team managing the loose ends to provide transparency to the management team without any additional report preparation.
The errors identified in the cases reviewed by Addleshaw Goddard are foreseeable and have serious consequences. Accordingly, as eDiscovery practitioners continue to embrace the convenience and efficiency provided by software solutions, they need to retain traditional validation plans that will identify errors early enough to leave time for remediation before the production deadline.
Fundamentally, the discovery of ESI involves both vetted technology, as well as thorough and documented investigation and due diligence workflows to ensure that all potentially relevant information is identified, preserved, reviewed and produced.