eDiscovery costs are directly linked to how much data you are dealing with. The more data you have, the higher your costs. This means that the first step to driving down eDiscovery costs is simply to reduce how much data you are working with. Data reduction requires attention to be paid to the entire lifecycle of data, starting with a plan for information governance and ending with how defensible data will be captured and stored.
What is big data in eDiscovery?
The term big data is everywhere, and no wonder, considering that by 2025, the World Economic Forum estimates that 463 exabytes of data will be created each day globally.
Oracle categorises big data according to the three Vs: it contains greater variety, arrives in increasing volumes and has more velocity. In other words, big data is being generated all around us, hard and fast, and without the proper governance in place, it is impossible to manage.
The challenge is that this larger, more complex data often comes from entirely new data sources. The WEF also lists these incredible stats – each day in 2019, 500 million tweets were sent, 294 billion emails, and 65 billion WhatsApp messages. 4 petabytes of data were created on Facebook, and 5 billion online searches were made.
It’s a challenge that businesses are grappling with while trying to find a balance between accepting that big data is a reality (and can provide extraordinary insights into customers, innovation and business efficiencies) while also processing, governing and storing it according to local regulations.
Navigating the complexities of big data and eDiscovery
It’s only natural that big data has had a massive impact on eDiscovery. With the amount of data within businesses expanding dramatically, the eDiscovery process has become much more complex. For example, how is data that may be subject to a hold segregated? What safeguards are in place to ensure it is not deleted? This becomes particularly important when the threat of litigation looms and legal holds must be put in place.
Here are few key ways eDiscovery has been affected by big data and what you can do to gain more control of it in your organisation:
- Understand how data is created, organised and stored
Information governance is the overarching approach that dictates how businesses organise and control the mountains of data they generate from sources like prospects, customers, employees, and business units. As we’ve seen, this data is drawn from structured and unstructured sources, from invoices to collaboration platforms and even web-based chatbots.
Organisations need to be able to process, store, and retrieve data for a number of reasons, including regulatory requirements and litigation and product innovation and sales strategies. Professionals in the eDiscovery space can play a crucial role in establishing information governance initiatives that set the rules for how data is created, acquired, processed, managed, stored, retrieved, and deleted.
eDiscovery experts already have experience in how different data types and repositories have historically constituted higher volumes or more significant risks for eDiscovery, from the time required to preserve, collect, and review data to how defensible data is presented. This experience can be leveraged to face the key challenges presented by big data.
Experts can also further refine their information governance recommendations by monitoring basic metrics in the business’s workflows, such as tracking where time and money are spent on eDiscovery by source or data type.
- Control where data is created (and stored)
Can you identify the devices, applications, and data repositories that your employees are using, even if they aren’t on the company’s ‘approved’ list? Legal teams can assist you in tracking these to ensure that all relevant data is preserved.
You can verify your data creation and retention practices with a few key questions:
- Are you using any personal applications or devices for business purposes?
- Have you accessed or stored data outside of the company-approved list of repositories (these would include unauthorised cloud storage or collaboration tools)?
- If so, does any of this data include any payment card industry (PCI) or personally identifiable information (PII) data?
Understanding the type of data being retained, such as PCI or PII data, will help reduce any privacy or cybersecurity risks to the company. During the eDiscovery process, legal teams interact with people and their data, identifying the types of data captured and retained on various devices. These interviews are essentially a hands-on way to understand the real-world data governance practices of employees versus the official data governance framework and policies of an organisation.
These are all routine eDiscovery actions that can give you unique insights into the potential risks and vulnerabilities posed by your data, which can inform your security and privacy initiatives. The key is not to wait until a legal hold is upon you – regularly question employees to ensure you are on top of big data in your business and that you can determine if any unauthorised devices, applications, or data repositories have made their way into your organisation.
- Have a defensible deletion policy in place
Adequately managing data means that data must be stored correctly but also deleted correctly. Businesses cannot keep creating and storing big data indefinitely – but you also cannot simply delete data either.
Instead, create a plan for defensible deletion that includes clearly understood preservation obligations and an adherence to record retention schedules. Remember, businesses are required to keep data for a variety of legitimate reasons, including regulatory compliance, legal obligations and records management. When data has outlived its business purpose, however, and has become aged, redundant, or obsolete, best practice states it should be deleted. The key is that it must be deleted in such a way that it stands up to later scrutiny if a claim of spoliation is levelled against the business. This requires strict adherence to data governance policies.
eDiscovery experts and legal teams can help assess data retention and deletion policies and identify any risks a business may be exposed to. This is particularly useful in the case of legacy applications and storage devices. They can also provide guidance on best practice around keeping or discarding data that could be redundant or obsolete. Most importantly, they can lay the foundation for defensible deletion by regularly releasing expired legal holds after a duty to preserve no longer applies.
- Align new technology with existing data governance
The accelerated digitisation of businesses means that new applications are implemented in organisations every day. For example, with remote workforces on the rise, cloud collaboration platforms have become standard practice in a way they were not a few short years ago. Businesses cannot afford to simply add new technology without considering how the data that will be created in these platforms can be governed, including how long it should be kept, how it can be preserved, and what protocols are used to collect the data when required for eDiscovery.