Why An Organisation Needs an eDiscovery Process

The need to be able to locate email data for priority purposes has never been greater. Many organisations now have in place an e-discovery portal allowing them to meet their requirements in this area whether that is down to obligations they may have under directives such as Freedom of Information or from a best practice aspect. Through email archiving firms can capture, store & retrieve all email data.

What triggers an e-discovery of email data?

  • Freedom of Information request
  • A legal situation for an organisation
  • Internal HR issue
  • A raid by the Financial Regulator
  • The need to locate privileged data
  • Possible sharing of intellectual property

There are many reasons why an organisation needs to commence the electronic discovery process. Nearly all public sector organisations fall under Freedom of Information legislation requiring them have an accurate & speedy mechanism to locate all relevant data.

An external or internal legal team might need to see if emails were sent/received linked to current legal case. HR may wish to establish if inappropriate emails were circulated within an organisation.

Many financial institutions are governed by strict guidelines; the Financial Regulator has the authority to arrive at an office and demand access to data, placing the organisation under immediate pressure to commence an eDiscovery process.

This may require the organisation to sift through search results to identify privileged data before furnishing the Financial Regulator with only the relevant information. Organisations also use eDiscovery to establish if critical business data has been sent to email addresses outside of the company.

Who conducts and e-discovery request?

  • IT Director/Manager
  • Freedom of Information Officer
  • Compliance Officer
  • Legal Counsel
  • Human Resources

Generally requests to conduct priority searches for data are passed to the IT Dept. However in some public sector organisations people outside of the IT Dept. may have a role to play in the process, these would include a Freedom of Information or Compliance Officer.

In a legal situation the legal counsel for a company may wish to conduct searches themselves. Having an easy to use solution which can be utilised by non-technical people is important in this circumstance. Likewise, HR may wish to conduct searches to determine if acceptable email policies have been broken.

What are the main challenges regarding email eDiscovery?

  • Can we do the eDiscovery ourselves or do we have to hire an expensive external agency
  • Do we have access to all of the organisation’s email data
  • How long will it take for locate all of the required data
  • Are the search parameters associated with the eDiscovery request too broad
  • Do we have to disclose the costs/time the eDiscovery process will take before it commences
  • When a search is ran did we capture all of the relevant data
  • How do we know this was the exact email which was sent/received
  • Can we provide an audit trail regarding the eDiscovery process

Integrity of Data

Many organisations only consider the challenges involved in an e-discovery process when they find themselves involved in one. There is an expectation, if not obligation, within organisations that all email data can be located internally negating the requirement to hire an expensive external agency to conduct what should be a routine process.

Before one can have confidence that the electronic discovery process will be effective one must first know if all email data is being captured/archived. A legal team may have to furnish the court with an estimated cost for the process, failure to do so or to provide an accurate estimate may result in the costs being awarded against the company.

Before the results of an electronic discovery process are shared/used the individuals involved must be 100% sure that they have captured all email. Of paramount importance also is the integrity of the data, was this the exact email which was sent/received.

In order for this to be established the email must have been encrypted when it was archived. Lastly the people involved in the e discovery process need to be able stand over the process itself. The only effective way to do this is to have a solution in place which has an audit trail built into it.