Having a proper procedure for collecting electronically stored information (ESI) is one of the most essential aspects of the e-discovery process. Unfortunately, it’s often overlooked and done improperly.
This can lead to many issues and complications during the e-discovery process and can result in mortifying court sanctions.
With the tightening of data protection laws and new challenges that arise as companies collect more and more data, the need for rigorous data collection systems and process e-discovery practices has never been more apparent, and it’s rapidly growing.
According to the DLA Piper report, European regulators have imposed a total of €272.5 million in fines since 2018 for breaches of the General Data Protection Regulation (GDPR) alone. During 2020, there was a 39% increase compared with the preceding 20-month period, reaching a total of €158.5 million in fines between January 2020 and January 2021. During the same period, the number of breaches increased by 19%, reaching a total of 121,165 compared with 101,403 breaches in the previous year.
Establishing and following proper procedures is critical for avoiding such fines, as well as reputational damage that comes with data breaches.
Let’s go over some of the most important benefits of having a proper ESI data collection process and see what some of the best and worst practices are.
Benefits of Having a Proper ESI Data Collection Process
In the past, data collection and data discovery required a lot of manual work that could potentially take weeks and even months.
Today, on the other hand, it’s relatively easy to gather and collect data. However, as this process became much simpler, the amount of data businesses collected began to rapidly rise, requiring companies to implement a proper ESI data collection process.
The benefits of proper data collection go beyond compliance. Not only is it required by various laws and regulations, but it will also help you make your data more usable and save you both time and money by streamlining your workflow.
Additionally, with a good data collection strategy, you will ensure that all relevant metadata are carried over, including information about the device they were created on, where the file was stored, when it was created, and when it was last modified.
Metadata can be extremely useful during the review, enabling you to streamline e-discovery by allowing you to search for, filter, and prioritize relevant ESI.
Do’s and Don’ts of ESI Data Collection Process
Do: Identify Key Players
The first step in creating a proper ESI strategy is to identify the key players. You should start with evaluating and analyzing the company’s departments that might be affected by a litigation demand. These key players may include the IT department, the records management department, privacy and security professionals, HR professionals, the legal team, and business leaders.
Additionally, for companies that rely on third-party storage management or cloud-based platforms, representatives from these providers may also come into play.
You can conduct periodic interviews with IT personnel and potential document custodians to ensure your initial assessment of key players remains relevant and that all potential key players and data locations have been identified.
Don’t: Use Same Procedures for Each Data Location
When it comes to ESI data collection, one size certainly doesn’t fit all. Depending on the type of information and data location, various sets of instructions for collecting and handling data should be created.
This means you need different procedures for e-mail data, data stored on hard drives, and hard-copy documents.
For example, business e-mails contain valuable data that could serve as valuable evidence in case of litigation. You need to create an e-mail retention policy that will precisely define how long each type of e-mail data should be retained. To make e-mail retention and e-discovery easier, look for e-mail archiving solutions that allow you to automate this process and eliminate the risk of mistakes.
Do: Develop a Data Collection Plan and Negotiate ESI Agreements
You should develop a comprehensive collection plan and make sure to document each step of the process in case of a dispute. Having a data collection plan can also help you draft and negotiate ESI agreements.
ESI agreements will allow you to narrow the scope of data collection and create clear guidelines for data processing. Usually, the parties end up negotiating some of the terms of the agreement. During the negotiation, including an e-discovery professional in the review of any proposals or drafts can be incredibly helpful.
Don’t: Rely on Self-Collection
Self-collection of data oftentimes leads to complications and issues. Key pieces of information such as date of creation and date of last modification may be intentionally or unintentionally altered. These are often crucial evidence for the case and are no longer valid if inadvertently deleted or altered, resulting in potential sanctions.
What’s more, self-collection often leads to significant under-collection or over-collection, both of which result in unnecessary expense. That’s why it’s best to leave data collection to e-discovery professionals.
Over to You
Creating effective ESI data collection procedures is the most important part of any e-discovery process. With an increased focus on data collection and data privacy, it’s more important than ever to handle data properly, and without a proper data collection process, you won’t be able to successfully respond to defend your business in case of litigation.
Alex Morgan is a passionate tech blogger, internet nerd, and data enthusiast. He is interested in topics that cover data regulation, compliance, eDiscovery, information governance and business communication.