News Stay informed about the latest enterprise technology news and product updates.

E-discovery still confounds companies and their lawyers

Black Hat: Ignorance of e-discovery rules and procedures drive up cost and risks, says an expert at Black Hat. Companies and their lawyers typically preserve too much.

LAS VEGAS -- E-discovery is incredibly expensive, time-consuming and fraught with error. If you botch it, your company may lose its case in court and be sanctioned with heavy fines for failing to produce all the required information. And your lawyers can get hauled before the bar association for ethical breaches if their client (that's you) fails to meet its legal obligations.

"Attorneys are just coming to the realization that people have computers and have important information on them.”

John Benson, Electronic Discovery Consultant, Stinson Morrison Hecker LLP


Federal Rules of Civil Procedure (FRCP) were amended in 2006 to clarify the requirements for e-discovery, said John Benson, an electronic discovery consultant for Kansas City law firm Stinson Morrison Hecker LLP, but the issues around e-discovery should have been resolved a long time ago, he said.

While companies have routinely been creating, distributing, storing, duplicating and re-duplicating information electronically for years, when it comes to e-discovery, most corporations, and what's more troubling, their lawyers, still don't get it.

"The world left the legal profession in the dust years ago," Benson told a Black Hat audience Wednesday. "Attorneys are just coming to the realization that people have computers and have important information on them. I spend a good deal of time dragging attorneys kicking and screaming into the 20th century."

Black Hat 2008:

Visit our extensive news coverage of Black Hat 2008.

Exclusive photos of Black Hat 2008.

Researchers develop lightweight Cisco IOS rootkit Black Hat: Building on previous research against IOS, Core Security researchers have theoretically shown the plausibility of an IOS rootkit attack.

Mozilla to release Firefox threat-modeling data: The Mozilla Foundation's security chief says it will soon publicly release threat-modeling data for the next version of the Firefox Web browser.

Valuable lesson emerges from DNS flaw handling Any effort to prevent others in the legitimate security community from working out the problem is a waste of time.

Legal discovery is not a cookie-cutter process. Each corporate environment and case is different. E-discovery is expensive and will likely remain expensive. What's more, the e-discovery process itself is fraught with security issues; but companies can do a lot to minimize costs, strengthen their hand in court, and avoid sanctions while securing information. IT plays a critical role.

Companies and their lawyers typically overreact, attempting to preserve everything, for example, in backup tapes. This just adds to expenses -- IT folks reuse backup tapes for a reason -- and make it harder to sift through terabytes of information.

The greatest cost comes during the review process. Even with new search technologies, information still has to be eye-balled to ensure it's what you're looking for. And there's a lot of it. Mass storage is cheap, and employees can spread information among themselves and scatter it on servers, laptops, PDAs and smartphones, removable storage devices and home computers. Restoring data from backups and imaging files, and cleaning up metadata and OCR to produce documents in their final form for lawyers is costly.

Anticipate that the e-discovery process will cost about $1,000 per gigabyte. This is a fact of life, but you can control the cost, Benson said, by taking steps to identify data, lowering the volume to make it easy to secure and review when you need it, and centralizing storage.

Benson recommends fully documented and well enforced policies and procedures for handling and backing up data. There should be an established litigation response plan, including a formal litigation response team prepared to move into action as soon as the company sniffs the possibility of litigation.

That last point is important. Sometimes a company doesn't see a suit coming until it is served. But there's often much more lead time. You can anticipate possible litigation when there's a data breach or employee termination, for example. The sooner you move the better -- you have to take steps to preserve what's likely to be applicable data immediately. Your at the point when the lawyers, IT managers and other groups who might be involved need to decide what needs to be preserved -- from backup tapes to, possibly, an image of an employee's hard drive -- to avoid tampering.

"This is the most critical time to avoid sanctions and to avoid getting in trouble down the road with counsel and courts around preservation of data," Benson said.

Anticipation is key, he said. FRCP rules require the two sides in litigation to meet and discuss issues surrounding producing electronic information within 99 days of the start of litigation. That's not much time.

Be aware of e-discovery security issues, Benson warned. You're giving your data over to third parties -- your e-discovery processing vendor, your law firm, your opponent's law firm and its processing vendor. They all may be hacker targets, and it's a good bet security's not high on their priorities. There are a lot of new e-discovery vendors out there, Benson warned, vet both them carefully and take steps to make sure your law firm has solid data security policies and practices.

There's good news ahead, though, as technology gets better, and, we hope, companies get more savvy about dealing with electronic data.

"Technology will, over time, change the way legal system works," Benson said. "But that will only happen if there is good, meaningful communication between legal and IT communities. Through that communication, we'll drive the cost of litigation down. That's not necessarily a good thing for law firms, but it's certainly a good thing for corporations."

Dig Deeper on Information security laws, investigations and ethics

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.