1 Guidance Software Whitepaper Corporations Take Control of E-Discovery Chris Dale edisclosure Information Project
2 What Does Your In-House E-Discovery Look Like? 53% indicate a GROWING CASE LOAD 55 % review MORE THAN HALF of their cases internally 72 % are using E-DISCOVERY SOFTWARE 46 % have MORE THAN ONE E-Discovery Software Solution What Are Your Collection Requirements? 50 % 44% want to collect ESI FROM THE CLOUD 33 % reuse PRIOR COLLECTIONS have a BYOD program with 50% PARTICIPATION This paper is written by Chris Dale of the UK-based edisclosure Information Project in conjunction with Guidance Software. It is based on the results of Guidance Software s Second Annual E-Discovery Survey, which analyzed the responses of nearly 100 people from in-house legal departments and e-discovery service providers. About the Author Chris Dale runs the edisclosure Information Project which disseminates information about the court rules, the problems, and the technology to lawyers and their clients, to judges, and to suppliers. He was a member of Senior Master Whitaker s Working Party which drafted the 2010 edisclosure Practice Direction and Electronic Documents Questionnaire. Chris writes an authoritative and objective web site and blog on the subject and is a well-known speaker and commentator in the UK, the US and any jurisdiction which requires electronic discovery of documents. Chris is an English solicitor and was a litigation partner in London, a litigation software developer and litigation support consultant before turning to commentary on electronic disclosure / discovery. 2
3 JOB ROLES Inside Counsel % Other % Paralegal % Chief Legal Officer - 3.1% E-Discovery Manager % Figure 1: Job functions of E-Discovery Survey Respondents One of the survey s aims was to establish who is taking responsibility for handling electronic discovery between the corporation itself and outsourced providers. Other questions related to the level of e-discovery activity, to the sources of ESI (electronically stored information), to the distribution of work (e.g. as between in-house teams and outsourcers), and to things like cybersecurity and information governance. Guidance Software s first e-discovery survey, in 2014, showed a clear trend towards greater involvement by in-house legal departments in the management of the e-discovery process, with more control being taken by the corporations; they did this either by setting up their own teams and installing their own software or, at the least, by exercising more direct management over the conduct of e-discovery by, for example, dictating the choice of method, of provider or of software tools. The 2015 survey goes yet further in the same direction. There is now more hands-on control of other things relating to the management of information, not least cybersecurity - cost is not the only factor driving the move in-house. 3
4 Summary of the Key Findings 53.5 percent indicated that caseloads are growing 55 percent of those surveyed review more than 50 percent of their cases internally 72 percent have an e-discovery software solution, with 46.7 percent having more than one 50 percent reported having a bring-your-own-device (BYOD) program in place with an average of 50 percent participation by employees 44.4 percent want the ability to collect ESI from the cloud in a defensible manner Other questions related to levels of cybersecurity readiness, collection from social media platforms, the use of TAR (technology-assisted review), and the status (or not) of any information governance initiative. Litigation Caseloads and Review Companies are facing more litigation, with 53.5 percent of the respondents indicating an increase in litigation volume year over year. It needs no survey to suggest that companies data volumes are also increasing year over year, so when this is added to an increase in the number of cases, one can see why companies are looking at alternative strategies for managing it. More than half the respondents indicated that they review more than half of the cases internally, a slight increase since last year. Of the cases that make it to review, what percentage are reviewed internally vs. by outside counsel / legal service provider? 40% 35% 30% 32.3% 35.4% 25% 20% 24% 15% 10% 5% 8.3% 0% Between 100%-75% are reviewed internally Between 75%-50% are reviewed internally Between 50%-25% are reviewed internally Less than 25% are reviewed internally Figure 2: Percentage of cases that are reviewed internally 4
5 Companies are not just taking the task in-house, but thinking about better and more effective ways of dealing with it, not least methods that are more easily performed behind the firewall than from outside it. A notable trend is the increase in work product re-use, with 32.6 percent of respondents using the prior collections for early case assessment. In many cases, that content has already been reviewed and tagged. If outside lawyers have been slow to adopt technology assisted review, their clients have been quicker to appreciate the benefits. In this survey, 35.7 percent of respondents reported using TAR on more than 50 percent of their cases, up from 23 percent in The primary uses are data culling, early case assessment, and responsive review. BYOD, Cloud, and Social Media Stepping outside the survey for a moment, the increase in the trend known as BYOD grew unobserved by many companies and, indeed, by their lawyers. Many, if not most, employees now have one or more devices that are connected to the Internet outside the protection of the firewall. The fact that many of them are also connected to the company s systems raises one set of issues. Others derive from the ease with which employees may remove data from the company, introduce data or application programs from outside, and use their own devices for company business, each of which has the potential to cause problems even before discovery implications are considered. It can make it almost impossible for a company to be certain that it has fulfilled its discovery obligations; even if the existence of devices and data is known about, questions arise about the ownership of data and its mixture with private information. Since it is, in practice, impossible to control this as a technical matter, it is necessary to establish policies which govern the use of non-company devices. In this survey, 50.5 percent of respondents said that they already offer a BYOD program, 20 percent are working on one, and percent have no plans to offer a BYOD program for employees. If that deals with devices, there is the separate (though often related) problem of cloud collection. Of the survey respondents, 44.4 percent see a business need, now or in the coming year, to collect from cloud repositories such as Box, Dropbox, Google Drive, or SkyDrive. It is not clear whether the others have considered the question and decided there is no need to address it or have not applied their minds to to establish policies which govern the use of non-company devices. 5
6 60% Which cloud repositories do you want to collect? 50% 56.9% 51.7% 51.7% 40% 44.8% 30% 20% 20.7% 10% 0% Box Dropbox Google Drive SkyDrive (Microsoft) Other Figure 3: Of the 44.4% respondents who indicated that they needed to collect from the cloud, this chart shows their priorities for cloud repositories Respondents were asked a similar question about social media platforms. A smaller number, 34.5 percent, foresaw a business need to collect from social media platforms for e-discovery purposes, with Facebook (95.1 percent percent), Twitter (85.4 percent) and LinkedIn (70.7 percent) being the sites that mattered for these purposes. Information Security Security breaches are a concern, with 65.2 percent of those surveyed indicating that legal and security teams are meeting more regularly. This year, 47.8 percent indicated that they now have security provisions with their vendors, and 31.9 percent have requested sensitive data maps. 6
7 80% 70% With the increasing threat of security breaches, what steps is your organization taking to strengthen your security posture? 60% 65.7% 50% 40% 47.1% 30% 20% 27.1% 31.4% 10% 0% 12.9% 12.9% We have reorganized such that security reports to legal We have engaged an outside law firm specializing in security We have established relationships with law enforcement so that we are prepared in case there is a breach Supplier agreements now include security provisions We have asked our Security team for a sensitive data map We are meeting regularly with our Security team to plan and implement strong security policies and procedures Figure 4: This chart shows the actions organizations have taken in response to concerns over security breaches Information Governance The expression information governance embraces a wide range of programs, policies, and initiatives for which responsibility is spread across different divisions in a company such as Legal, IT, Privacy, and others. Information governance implies a program concerned both with extracting value and mitigating the cost and risk inherent in information. The most interesting statistic in the survey is that 37.3 percent of organizations claim to have an information governance program in place, with 29.3 percent either planning or implementing one, and 20 percent discussing an information governance initiative. Again, it will be interesting in future surveys to include a more granular set of questions aimed at identifying which problems and functions were addressed by these initiatives. The answers to the survey indicate that organization-wide management of information is moving up the agenda. 7
8 E-Discovery Tools Seventy-two percent of the respondents indicated that they have one or more e-discovery solutions in-house, and 46.7 percent of those have more than one solution. Again, it would be interesting to see a breakdown of the type of solutions in place. It is reasonable to assume that the most common tools are those whose function is legal hold, data collection, and at least the early stages of processing, including culling and, perhaps, tools giving the ability to conduct a first-pass review aimed at giving an early assessment of the case. The answer to the earlier question about the percentage of cases reviewed internally to which percent of respondents indicated that between 100 percent and 75 percent were reviewed internally - suggests that a high proportion of those who have e-discovery software use it for more than just legal hold and collection. Conclusion The answers to this survey suggest a continuing move towards bringing some at least of the e-discovery process in-house, together with a growing appreciation by legal teams of the need to look more widely than the company s own data sources. Twenty-eight percent of respondents indicated either that they did not have any discovery solution or that they outsource their e-discovery work. It is probable that a number of those who do have in-house resources use them only for early stages and thereafter send them out for management by an outsourced provider. It would be interesting next year to seek a more granular breakdown of this, aimed at identifying, for example, how many companies host the data, giving access behind the firewall to their lawyers, and how many (after a certain stage at least) send it out to be hosted elsewhere. 8
9 Our Customers Guidance Software customers are corporations and government agencies in a wide variety of industries, such as financial and insurance services, technology, defense contracting, pharmaceutical, manufacturing and retail. Representative customers include Allstate, Chevron, FBI, Ford, General Electric, Honeywell, NATO, Northrop Grumman, Pfizer, SEC, UnitedHealth Group, and Viacom. About Guidance Software (NASDAQ: GUID) Guidance Software is recognized worldwide as the industry leader in endpoint investigation solutions for security incident response and forensic analysis. Its EnCase Enterprise platform, deployed on an estimated 20 million endpoints, is used by more than 70 percent of the Fortune 100 and more than 40 percent of the Fortune 500, and numerous government agencies, to conduct digital investigations of servers, laptops, desktops and mobile devices. Built on the EnCase Enterprise platform are market-leading cyber security and electronic discovery solutions, EnCase Cybersecurity, EnCase Analytics, and EnCase ediscovery. They empower organizations to conduct speedy and thorough security incident response, reveal previously hidden advanced persistent threats or malicious insider activity, perform sensitive data discovery for compliance purposes, and respond to litigation discovery requests. For more information about Guidance Software, visit This paper is provided as an informational resource only. The information contained in this document should not be considered or relied upon legal counsel or advice. EnCase, EnScript, FastBloc, EnCE, EnCEP, Guidance Software and Tableau are registered trademarks or trademarks owned by Guidance Software in the United States and other jurisdictions and may not be used without prior written permission. All other trademarks and copyrights referenced in this press release are the property of their respective owners.
TM GUIDANCE SOFTWARE EnCASE ediscovery EnCase ediscovery Automatically search, identify, collect, preserve, and process electronically stored information across the network. GUIDANCE SOFTWARE EnCASE ediscovery
WHITE PAPER Quantifying the Costs and Benefits of Archiving Your Email and Other Electronic Content An Osterman Research White Paper Published October 2011 SPON sponsored by sponsored by Osterman Research,
Managing Information for E-discovery Readiness A Docula bs Wh i te Pa pe r 2009 Doculabs, 200 West Monroe Street, Suite 2050, Chicago, IL 60606 (312) 433-7793 firstname.lastname@example.org. Reproduction in whole or
Privilege Gone Wild: The State of Privileged Account Management in 2015 March 2015 1 Table of Contents... 4 Survey Results... 5 1. Risk is Recognized, and Control is Viewed as a Cross-Functional Need...
Electronic Discovery & Information Governance 2014 TIPS OF THE MONTH A Compilation Table of Contents Introduction... 1 January Social Media E-Discovery... 3 February Managing the Risks of Bring Your Own
A REPORT BY HARVARD BUSINESS REVIEW ANALYTIC SERVICES Meeting the Cyber Risk Challenge Sponsored by ABOUT ZURICH INSURANCE GROUP Zurich Insurance Group (Zurich) is a leading multi-line insurance provider
Brochure Best practices for cloud-based information governance Autonomy Cloud solutions Information governance in the cloud Key advantages to cloud computing Cloud computing alleviates adoption complexity,
ediscovery and Information Governance Practice Overview ediscovery and Information Governance Electronic discovery, or ediscovery, is increasingly changing from the exception to the norm in modern litigation.
Law Firms at a Rediscovery Watershed: Embrace ediscovery Entirely or Collaborate for Client Service? Benchmarking Report By Ari Kaplan INTRODUCTION As corporate legal teams increasingly focus on transparency
WHITE PAPERS The Real Challenges and Benefits of Cloud Computing to Law Firms Contents Introduction 3 What type of cloud services are most suitable for law firms? 4 What does the SRA say about law firms
Checklist to Assess Security in IT Contracts Federal Agencies that outsource or contract IT services or solutions must determine if security is adequate in existing and new contracts. Executive Summary
White Paper Minimizing ediscovery Complexity Through Vendor Consolidation By Brian Babineau March, 2010 This ESG White Paper was commissioned by FTI Technology and is distributed under license from ESG.
WHITE PAPER N Email Archive Migration: An Osterman Research White Paper Published February 2014 sponsored by SPON sponsored by Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058
MAY 2012 Peer Research What s Holding Back the Cloud? Intel Survey on Increasing IT Professionals Confidence in Cloud Security Why You Should Read This Document This report captures key findings from a
Best Practices for Cloud-Based Information Governance Autonomy White Paper Index Introduction 1 Evaluating Cloud Deployment 1 Public versus Private Clouds 2 Better Management of Resources 2 Overall Cloud
WHITE PAPER: EDISCOVERY AND LITIGATION READINESS Becoming Litigation Ready Through Proactive Information Governance OCTOBER 2008 Peter Pepiton II CA INFORMATION GOVERNANCE SOLUTIONS Table of Contents Executive
A Forrester Consulting Thought Leadership Paper Commissioned By Trend Micro Key Strategies To Capture And Measure The Value Of Consumerization Of IT Enterprises Achieve A Wide Range Of Benefits By Deploying
Peer Research Big Data Analytics Intel s 2013 IT Manager Survey on How Organizations Are Using Big Data Why You Should Read This Document This report describes key findings from a survey of 200 IT professionals
The Business Value of IT Outsourcing Benchmark Report Managing Expectations and the Providers July 2006 Sponsored by Executive Summary O utsourcing has become a standard business tool for many IT organizations
Creating Effective Cloud Computing Contracts for the Federal Government Best Practices for Acquiring IT as a Service A joint publication of the In coordination with the Federal Cloud Compliance Committee
Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered
Is Your Company Ready for a Big Data Breach? Sponsored by Experian Data Breach Resolution Independently conducted by Ponemon Institute LLC Publication Date: April 2013 Ponemon Institute Research Report
New York State Office of the State Comptroller Division of Local Government and School Accountability LOCAL GOVERNMENT MANAGEMENT GUIDE Information Technology Governance Thomas P. DiNapoli State Comptroller
The Growing Importance of E-Discovery on Your Business! An Osterman Research White Paper Published June 2008 SPONSORED BY!! Osterman Research, Inc. P.O. Box 1058 Black Diamond, Washington 98010-1058 Phone: