(ADVERTISEMENT) eCAMPUS NEWS • 9 May 2013 How to survive the eDiscovery process Here’s some advice to help campus leaders reduce the time, effort, money, and legal risk involved in costly electronic discovery You just learned your college is being sued for discrimination by a student who claims he was treated unfairly by one of his professors. The student’s legal team is requesting all communications between the student and professor, as well as eMail messages from the professor to other members of the class, and any other documents that could shed light on the situation. Are you prepared to meet this demand? Electronic discovery, or eDiscovery, refers to the This Publisher’s Report is sponsored by Symantec Corp. pre-trial phase of a lawsuit in which the parties exchange any digitally stored information that is relevant to the case—including eMail messages, data from software programs such as course management or human resource systems, and other files. Legal experts say it has become increasingly important for campus leaders to understand this process and its implications for their schools. eDiscovery, page 10 (800) 721-3934 http://www.symantec.com/ediscovery-platform (ADVERTISEMENT) 10 • eCAMPUS NEWS March 2013 Publisher’s Report eDiscovery ... continued from page 9 Why should campus leaders be concerned with eDiscovery? For one thing, the number of lawsuits involving colleges and universities is on the rise. “The world has become more litigious, and [colleges] must prepare for this reality,” said Tom Kennedy, director of sales for Symantec Corp., which sells a software platform to help institutions manage and streamline the eDiscovery process. Paula Barran, a partner in the Portland, Ore.-based law firm Barran Liebman, which specializes in higher-education law and labor disputes, said she has seen an “explosion” in the number of lawsuits involving colleges in the last few years. She pointed to a pending case against the University of Oregon in which a graduate student is suing her dissertation advisor. “Until recently, it was pretty rare for students to file legal complaints related to the academic process,” Barran said. But that’s no longer the case. An increase in federal regulations governing colleges and universities—such as recent guidance from the Education Department on sexual harassment—has contributed to the rise in legal disputes, Barran added. Also, the amount of electronically stored information (ESI) generated by students, faculty, administrators, and other stakeholders is growing exponentially. That puts an enormous burden on campus administrators tasked with storing and retrieving such information in the event of a lawsuit. “The growth of ESI is a major pain point and driver of eDiscovery,” said Kennedy. “The amount of ESI is growing at an astounding rate—reports have it growing tenfold every five years.” Changes made to the Federal Rules of Civil Procedure in 2006 created a category for electronic records that, for the first time, explicitly named eMail and instant messages as records that must be archived and produced when relevant to a case. What’s more, failure to respond in a timely manner to an eDiscovery request can result in a judge in- structing the jury to assume that the missing evidence would have hurt your case—and you could be subject to legal sanctions, too. For all of these reasons, campus leaders should have an eDiscovery plan in place, just as they would create a disaster recovery plan to prepare for an emergency. This plan should designate who’s responsible for which eDiscovery tasks, as well as how data will be preserved, located, and delivered in the event of a lawsuit. Agrowing number of institutions are finding that software can help them simplify the eDiscovery process, Campus leaders should craft an eDiscovery plan, just as they’d create a disaster recovery plan. saving them time and money and reducing their legal risk. In this special Publisher’s Report, we’ll look at what’s involved in planning for eDiscovery, the major pain points in the process—and how technology can help. Steps in eDiscovery The Electronic Discovery Reference Model identifies three phases of the eDiscovery process: (1) identification, preservation, and collection of data; (2) processing, analysis, and review of data; and (3) production and presentation of data. Campus administrators and IT staff typically would be involved in the first phase of this process, which is triggered by what is known as a “legal hold.” Campus leaders, in conjunction with their legal counsel, might be involved in this second phase as well—and colleges with legal counsel on staff would be involved in the third phase as well. A legal hold is the process by which an organization preserves all forms of relevant information in response to, or anticipation of, a lawsuit. Through a legal hold, an institution alerts all people who have potential knowledge that is relevant to a case (“custodians”) that they have a legal obligation to preserve information related to that case. When should campus leaders issue a legal hold? There are three instances that should prompt this action, according to Rodney Petersen, managing director of the Washington, D.C., office of the higher-education technology organization Educause: • Initiation of a lawsuit by or against the institution; • When an institution is put on notice by a party that litigation is or might be imminent; or • When an institution has knowledge of facts that suggest litigation is “reasonably anticipated.” This last condition is subject to broad interpretation, but Petersen cited the tragic shooting at Virginia Tech that left 33 people dead in 2007, or the revelation that former Penn State assistant coach Jerry Sandusky has sexually abused a number of children, as examples of when litigation could be “reasonably anticipated.” What information is subject to eDiscovery? An eDiscovery toolkit created by Educause defines this as all electronically stored information that is “subject to possession, control, or custody [by] an institution, regardless of its format and the media on which it is stored.” ESI includes, but is not limited to, electronic files; communications, including eMail, voice mail, and instant messages, that are sent or received; data produced by calendaring software; and information management software. Besides information that is electronically stored and readily retrievable, ESI includes metadata and other information that might not be visible but is generated by computer hard-drive, eMail, and instant messaging software; handheld computer devices; and backup storage devices. eDiscovery, page 11 eDiscovery best practices Colleges and universities should consider the following best practices to mitigate the risk of having significant unplanned business interruptions and costly diversion of staff and IT resources by an eDiscovery request: 1. Set up an eDiscovery team. This team should assess your eDiscovery readiness, provide support during litigation, and apply lessons learned to update policies and procedures as needed. It should include members from legal counsel, compliance, records management, IT, key business areas, and risk management. 2. Take an inventory of your institution’s information assets, their nature (how are they stored? In what format?), and their location—especially for confidential information. Include back-up copies when applicable. 3. Identify and define the roles and responsibilities for information owners and custodians. For instance, IT staff should review legal hold notices to determine any need for action, such as disabling automated functions that delete or alter ESI; consult with the school’s legal counsel to identify the scope of data that must be preserved, collection processes, and searches; and collect the data, as specified. Custodians who receive a legal hold notice should review the notice and acknowledge its receipt; comply with any instructions accompanying the hold; suspend all personal practices regarding the destruction of information related to the hold (such as deleting eMail messages); complete any questionnaires included with the hold; and collect and preserve any relevant information, if it’s possible to do so without changing the nature of this information; otherwise, they should seek help from the IT team in doing so. (800) 721-3934 http://www.symantec.com/ediscovery-platform 4. Define a clear and defensible records retention/management policy, as well as procedures for storing, retaining, and destroying paper and digital information—and communicate these to all employees. This plan should include (a) what constitutes a record, (b) how records should be archived, (c) how records should be de-duplicated to ensure only one authoritative copy, and (d) what document metadata should be preserved. 5. Ensure that the records retention/management policy and procedures cover the entire information life cycle—from creation to destruction—and that the procedures are repeatable. 6. Audit the records retention/management policy to ensure appropriate enforcement. 7. Define and implement a process for handling and coordination of eDiscovery requests. Just like a disaster recovery plan, this process should include roles, corresponding tasks, and communication channels. 8. Define and implement a process and procedures for how your IT department should handle eDiscovery requests and retaining information in response to a litigation hold notice. 9. Provide IT staff with appropriate training in eDiscovery searching, and/or retain a third-party service provider to perform the eDiscovery searching. 10. Use appropriate technology to automate or support compliance with your records retention/management policy. 11. Periodically review ESI archiving technologies to ensure they can recover potentially required ESI, and to test their backup and disaster recovery capabilities. (Source: Educause, 2009) (ADVERTISEMENT) eCAMPUS NEWS • 11 March 2013 Publisher’s Report eDiscovery ... continued from page 10 ESI might be stored on different electronic devices (such as internal and external drives, smart phones, servers, laptops, backup tapes, thumb drives, CDs, or DVDs), and it might reside at different locations (such as on home or work computer systems, institutionally-owned or personal systems, or in departmental files). “It is very important that ESI is preserved in its original electronic form,” the Educause toolkit notes, “so that all information contained within it—whether visible or not—is also available for inspection.” Recommendations for campus leaders To prepare for the possibility of eDiscovery, colleges and universities should establish an eDiscovery team, experts advise. This team should include members from legal counsel, compliance, IT, records management, risk management, and key business departments that might be affected by a lawsuit. (For instance, the human resources department is likely to be involved in any labor dispute, while campus security would be involved in a safety-related complaint.) The eDiscovery team should assess your institution’s readiness for such an event, define the roles and responsibilities for the owners and custodians of information, and provide support during litigation. After litigation is over, team members should evaluate the eDiscovery process and apply lessons learned by updating any policies and procedures as needed. A key challenge to eDiscovery is knowing what information to save—and what can be destroyed. The amount of data that even small institutions end up saving can be “staggering,” Barran said. “We tend to be pack rats; academics tend to keep things, because you never know when you might need that quote,” she added. But having too much data can drive up the costs of eDiscovery very quickly. That’s why it’s important to “think critically and carefully about records retention,” Barran said. Petersen, of Educause, advises campus leaders to make sure they have a clear policy for both the retention and destruction of data that makes good business sense for their institution. “You don’t want those kinds of decisions being made by a single individual,” he added—but by having an eDiscovery team in place, campus officials can reach a reasonable consensus on this issue. Campus leaders, in conjunction with IT staff, should understand where various kinds of data are stored and how to retrieve them, Barran said. They also should plan for how to protect the privacy of student information in the event of an eDiscovery process. “You want to design a system that would allow [users] to sort out or protect sensitive information,” Barran said. She recommended that IT leaders consider how to store information so student records are either flagged or stored separately from other data, making it easy to redact sensitive information. For more advice from the Educause toolkit, see the sidebar “eDiscovery best practices.” eDiscovery pain points—and how technology can help Managing the legal hold process, making sure all necessary information is collected from each custodian, and culling enormous amounts of data from various sources are challenges for institutions of all sizes. “The courts are having less and less tolerance for the inability to produce ESI in a timely fashion,” Symantec’s Kennedy noted. “eDiscovery-related sanctions are up 271 percent over the last five years, and damages awarded continue to mount.” In retrieving and compiling relevant information, you don’t want to limit your search too narrowly, or “you might miss that ‘smoking gun’document” that is critical to your case, Barran said. On the other hand, you don’t want your search to be too broad, either, because you risk overexposing your institution if you hand over too much information to the opposing side in a legal dispute. With ESI, “you learn way more about people than you need to—there’s not a whole lot of privacy any more,” Barran said. “There’s often a lot of collateral damage in a lawsuit.” When you’re involved in a lawsuit or in potential litigation, “you want to make sure you’re really honing in on data [that are] relevant to a case, and not providing too much information that would expose you to risk in another case,” added Dawn Swainston, national programs manager for Symantec. Also, the more information you turn over to your legal team, the costlier the review process is. Using research from IDC and Gartner, Symantec estimates that businesses and other institutions spent nearly $2.5 billion to process, analyze, and review ESI in 2007—making it the most expensive phase of the eDiscovery process. Legal counsel fees range from $200 to $300 per hour to manually review ESI, meaning that attorney review fees for a gigabyte of data could be as much as $30,000, Symantec says. Barran agrees that the cost of litigation has soared, in part because attorneys “have so much more infor- Culling enormous amounts of data from various sources is a key challenge. mation to go through.” And much of that is redundant information, such as correspondence that is repeated throughout an eMail chain. “You end up looking at the same root eMail message that 400 people have replied to,” she said. “All of that has to be read and processed. It’s not just doubling or trebling the amount of data your lawyers have to process—it could be increasing this tenfold.” Fortunately, technology can help campus officials manage the legal hold process, target their searches for relevant ESI more effectively, and filter out redundant information—resulting in significant cost savings for their institutions. “How do you efficiently zoom in to just the relevant information? You need automated eDiscovery tools to do this for you, so you can be more efficient eDiscovery, page 12 A landmark case for eDiscovery A 2012 court ruling could serve as a landmark in determining whether a sophisticated computer application can be used in the legal discovery process. The case centers on “predictive coding,” a specialized method of electronic discovery that proponents say could save significant dollars and time for clients who pay hefty fees for discovery as part of their legal bills. Thomas Gricks III, a partner in the Pittsburgh office of Schnader Harrison Segal & Lewis and chair of its eDiscovery practice group, filed a motion to use predictive coding in a circuit court in Loudoun County, Va., where the firm was defending Dulles Jet Center in a series of lawsuits claiming that significant property damage occurred when a roof collapsed at the facility during a 2010 snowstorm. The case involved more than 2 million documents, said Gricks. Predictive coding, he said, is a way to characterize a massive set of electronic files by reviewing a much smaller portion of the data. “Typically when you collect data, you have a lot of non-relevant documents,” he said. “Predictive coding lets you review a limited number of those, then characterize the entire set as relevant or not relevant.” The technology works by creating a mathematical model that scans electronically stored information to find data most pertinent to the case. “So instead of reviewing 2 million, we could review 3,000 to 5,000 documents” and then come up with perhaps 200 that contain information critical to the case, Gricks said. “The key to this, from my perspective, is that it makes electronic discovery more affordable.” The plaintiffs objected to the use of predictive coding, claiming it was not as effective as human review. So Gricks argued a motion to protect its use, and the judge granted the motion. The significance of the ruling, legal experts say, is that it opens the door to using predictive coding when opposing counsel doesn’t agree. Peter Mansmann, chief executive of Precise Inc., which provides trial consulting, eDiscovery, and document retention services, said predictive coding is “kind of new to the legal industry, and though it’s statistically shown to be accurate, people are afraid to use it because they’re not sure if it’s admissible in court. The importance of this case is that now you have a judge who said, ‘Yes. I’m going to accept this as a reasonable approach to handling discovery.’” He added: “It will open the door for this to become a more accepted method. And it’s a huge cost savings. Typically, attorney review is the most expensive part of the process.” (c) 2012, the Pittsburgh Post-Gazette. Visit the Pittsburgh Post-Gazette online at www.post-gazette.com. Distributed by MCT Information Services. (800) 721-3934 http://www.symantec.com/ediscovery-platform (ADVERTISEMENT) 12 • eCAMPUS NEWS March 2013 Publisher’s Report eDiscovery ... continued from page 11 and more cost-effective throughout the process,” Kennedy said. One new technology that has shown a lot of promise in reducing the cost of eDiscovery is called “predictive coding,” which can slash document review expenses by more than 90 percent, Symantec says. Using predictive coding, reviewers tag a subset of ESI for its relevance to a case. Based on a complex set of algorithms, the software “learns” the criteria that the human reviewers are using to distinguish relevant from extraneous information, and it automatically applies these criteria to the rest of the ESI collection. A court case from last year established an important precedent allowing the use of predictive coding in eDiscovery, even if the opposing legal team objects (see the sidebar “A landmark case for eDiscovery”). Clearwell eDiscovery Platform Symantec’s Clearwell eDiscovery Platform, which IT research firm Gartner Inc. has identified as a “leader” in the market for eDiscovery software, enables colleges and other organizations to manage all matters relating to the eDiscovery process with a single application. Through an intuitive, web-based interface, users of the software can… • Automate the legal hold workflow. • Establish and follow clear policies for retaining or deleting information. • Streamline the identification and collection of relevant ESI. • Accelerate early case assessments from weeks to hours. • Improve the legal defensibility of their eDiscovery process. • Intelligently pare down data—saving thousands of dollars in the process. “Zooming in on just the relevant information [means] reviewing fewer documents, which is the most expensive part of the eDiscovery process,” said Kennedy. “Many customers report a complete return on their investment after a single case; the solution pays for itself.” The software includes three modules: Legal Hold, Identification and Collection, and Processing, Analysis, Review and Production. Colleges can buy each module separately, or they can purchase the whole solution. The Legal Hold module establishes a repeatable, and legally defensible, workflow for automating the legal hold process, so campus administrators can make sure everyone who’s relevant to a case has complied with a request for information. When using this module, one can easily create legal hold notices, distribute them to custodians, and track responses. Initiating a legal hold with the software is as simple as choosing a legal hold notice from a library of templates, customizing it with specific interview questions or requests, and then sending it to specified custodians. You can schedule reminder notices to be sent to custodians who don’t respond after a designated period of time, and these reminder notices can escalate in frequency or urgency if you’d like them to. You can also track all responses to legal holds by case file, using a centralized dashboard that shows how many custodians have responded—and who has yet to reply. The Identification and Collection module helps you assemble and manage a collection of information that is relevant to a particular case. The software lets you Technology can help you intelligently pare down data, saving thousands of dollars in eDiscovery fees. browse information by group, custodian, and source type (such as Microsoft Exchange or Sharepoint) and then indicate which items you want to collect and store in a case file. Information can be collected directly over your campus network, or you can perform manual, on-site data collections using a removable flash drive. In setting up automated collections over a network, you can filter out certain types of information, and you can schedule collections to happen during off-business hours to reduce their impact on the network. Collections also can be “throttled” to ensure optimum network performance. The Processing, Analysis, Review and Production module provides deep insight into case assets. It shows the amount of data left to be processed, so legal teams can accurately predict the costs of litigation. It also contains several tools to help you filter out irrelevant information. One of these features is called a concept search, and it relies on word associations to help you whittle down an eDiscovery file. A concept search for “diamond,” for instance, might produce a list of associated terms such as “poker,” “field,” or “wedding”; by choosing only those terms that are relevant to the case, you can eliminate a number of false positives. Aseries of automatic filters helps users accomplish the same task, filtering out information by group, custodian, or domain. For example, when reviewing eMail messages to and from a certain person, you can filter out all eMail messages that come from domains such as amazon.com, say, to eliminate messages that are clearly not relevant to the case. Most eMail messages are fragments of longer discussions, and the Clearwell eDiscovery Platform dynamically links all related messages into a single, chronological discussion thread—complete with replies, forwards, CCs, blind CCs, and attachments— making it quicker and easier to review these exchanges. The software’s review module lets users take advantage of what Symantec calls “transparent predictive coding,” which adds a layer of transparency to the predictive coding process by offering insight into how predictions were made. For instance, each document is given a percentile score that shows how likely it is to be relevant to a particular case. These prediction scores can be used to sort, rank, and prioritize documents for further review. What’s more, a feature that Symantec calls “accelerated linear review” lets you spread the task of reviewing ESI across a team of reviewers who can tag and process each file as appropriate. The Clearwell eDiscovery Platform “gives IT administrators a single platform to run ESI collections, leverage robust search and analytic tools, review and tag documents, and ultimately produce relevant content,” Kennedy concluded. “The efficiencies gained are great. We often hear reports of a single eDiscovery process going from 10 days down to one or two after leveraging [the software].” eCN A leader in eDiscovery software Symantec’s Clearwell eDiscovery Platform is a leader in the eDiscovery software market, according to market research firm Gartner Inc. and its 2012 Magic Quadrant for eDiscovery Software. Gartner’s Magic Quadrant evaluates industry solutions and their providers according to two key criteria: the completeness of their vision, and their ability to execute that vision. Companies that rank low on both scales are considered niche players. Those that rate high in vision but low in execution are considered visionaries, and those that rate high in execution but low in vision are called challengers. Firms that grade high in both areas—including Symantec—are considered market Leaders. For more information: http://www.symantec.com/ediscovery-platform About Symantec: Symantec protects the world’s information and is a global leader in security, backup, and availability solutions. Its innovative products and services protect people and information in any environment—from the smallest mobile device, to the enterprise data center, to cloud-based systems. Symantec’s world-renowned expertise in protecting data, identities, and interactions gives its customers confidence in a connected world. More information is available by connecting with Symantec at go.symantec.com/socialmedia. Symantec World Headquarters: 350 Ellis St., Mountain View, CA 94043 USA +1 (650) 527-8000 1 (800) 721-3934 (800) 721-3934 http://www.symantec.com/ediscovery-platform www.symantec.com This Publisher’s Report is sponsored by Symantec Corp.