Legal preservation and eDiscovery compulsions

Andy Jurczyk, CIO, Seyfarth Shaw LLP and M. James Daley, Senior Counsel-eDiscovery and Information Governance and Data Privacy Group, Seyfarth Shaw LLP
784
1232
272
Andy Jurczyk, CIO, Seyfarth Shaw LLP

Andy Jurczyk, CIO, Seyfarth Shaw LLP

Cloud computing enterprise email management systems are being implemented, or seriously considered, by organizations worldwide. However, migration to a Cloud-based system is not for the IT faint of heart; it is a significant undertaking in terms of time, cost and legal risk. Before taking the leap, organizations need to carefully consider whether Cloud-based solutions will satisfy their business and legal requirements. That is, will such solutions be judged as reasonable and legally-defensible when tested by Courts, Regulators and Prosecutors?

It’s no wonder that this trend toward “email as a service” is increasing. Generally, 71 percent of global businesses expect to have such applications in the cloud by 2017, and enterprise spending on cloud services is projected to triple between 2011 and 2017.Two principal drivers of this trend are anticipated reduction in total cost of ownership, and keeping pace with changes in technology.

Yet after investigation, many organizations with substan­tial litigation and regulatory compliance portfolios are find­ing that Cloud-based email systems may not fully satisfy their legal records retention and eDiscovery requirements. Why? because many fail to provide adequate email archive, eDis­covery and compliance features, and functionality. Without these tools, such organizations risk substantial regulatory and eDiscovery sanctions, damage to brand, and increased costs. These risks are magnified if an adversary can show that the organization diluted its capability in bad faith, on the pretext of cost savings and keeping pace with technology.

  The CIO must first team with Legal and specialized outside eDiscovery counsel to identify critical requirements imposed by your unique litigation/ regulatory portfolio 

For example, the Office of the CIO of the State of Washington, following a detailed requirements gap analysis of Office 365, concluded that due to the State’s legal preservation and eDiscovery compliance requirements:

“Office 365 does not satisfy the state's critical records management requirements to accurately store, protect, search and retrieve email records. This alternative would increase time and effort for records management and increase the risk of failing to satisfy public disclosure and litigation requirements, resulting in financial loss.”

The State of Washington exploratory team also noted: “Microsoft could not provide an operational archive/search environment for the team to evaluate all requirements, or supply an adequate amount of test data to satisfactorily evaluate search capabilities.”M. James Daley, Senior Counsel-eDiscovery and Information Governance and Data Privacy Group, Seyfarth Shaw LLP

Additional organizations, across di­verse industries, have also concluded after investigation that use of cloud-based email management systems without the addition of separate journaling or archival functions may create too much legal and business risk. And the anticipated cost-savings from cloud-based solutions can be rapidly erod­ed by costs of email migration; integrating third-party email journaling and archival functions, if needed; incorporating legal hold process management tools, as needed; increased internet bandwidth (if available), to perform eDiscovery functions in a timely and sufficient manner; additional IT re­sources to support eDiscovery searches and collections; and potential negative impact of the cloud-based eDiscovery operations on email performance.

Even more troubling are potential records retention compliance and eDiscovery gaps. For example, in 2015, Osterman Research noted the following such gaps with some Cloud-based solutions: an inability to index, search and export messages with external SMTP addresses, as well as other values across multiple mailboxes; an inability to ensure that legal hold and retention policies cannot be manually modified; an inability to selectively preserve email, rather than via an entire mailbox; difficulty searching and exporting by bcc and distribution lists; and the inability of some to preserve a departing employee’s email mailbox, without first manually placing it on hold and inactivating; a lack of Legal Hold management functions, including notification, acknowledgement, and reminders; metadata field search and export function; the loss of a “quick peek” into the content for early case assessment and case strategy purposes; an increased risk of metadata corruption and loss due to the “data dump” export process; and most importantly, the potential inability to perform timely and sufficient eDiscovery due to import and export throughput performance limitations..

Many of these potential gaps can restrict an organization’s ability to comply with detailed eDiscovery rules and specifications adopted by the U.S. Department of Justice, Securities and Exchange Commission, and Federal Trade Commission, such as selectively searching across mailboxes for external email addresses, blind carbon copy (bcc) and distribution list recipients, and to perform horizontal and vertical email deduplication.

Also, many Cloud-based email services separate email message content from email metadata, creating a risk of corruption when the information is extracted and recombined, and provide no support for Chat data—an increasing source for business communication. At minimum, many Cloud-based email services appear to require use of Email Administration permissions or third-party email archival tools to satisfy email preservation compliance and eDiscovery functionality requirements.

How can you help? The CIO must first team with legal and specialized out­side eDiscovery counsel to identify criti­cal requirements imposed by your unique litigation/regulatory portfolio; and second, invest the due diligence process to validate these can be met. Otherwise, the anticipat­ed savings will quickly evaporate, in place of increased infrastructure, resource, and eDiscovery costs, as well as accompanying risk of regulatory and eDiscovery sanctions and costs.

Read Also

Towards a More Powerful Legal Architecture

Towards a More Powerful Legal Architecture

Lisa Konie, Senior Director of Legal Operations, Adobe
Growth in eDiscovery Analytics Means Growth in Profits for Law Firms

Growth in eDiscovery Analytics Means Growth in Profits for Law Firms

Terry Reeves, CEO, Elite Document Technology and Elite Deposition Technologies
The Goldilocks Theory for Risk Management

The Goldilocks Theory for Risk Management

Patricia Titus, Chief Privacy & Information Security Officer, Markel Corporation [NYSE:MKL]