Proactive Email Discovery

The traditional, reactive approach to finding e-mail is to manage and control it after the fact – once it has been read and saved by employees. This means in the event of discovery, organizations spend significant effort and incur large costs trying to regain control of e-mail. Much effort is made to locate, retrieve, and deduplicate messages that originated from a centralized system. The nature of electronically stored information, coupled with new demands around e-discovery, is creating a tipping point for many organizations. They are coming to the conclusion (sometimes after it's too late) that taking a proactive approach to storing, managing and controlling electronic documents, especially e-mail, will put them in a better position to respond to litigation when it occurs, and reduce the costs of litigation. Nearly every legal action taken against a company will involve some type of electronic discovery. Companies must prepare for this. The traditional reactive approach to e-discovery must be changed, with systems that can be deployed quickly and enable immediate, proactive storage and production capabilities for e-mail. The following six steps capture the best practices for becoming proactive in e-discovery for e-mail.

Rather than regain control reactively, many organizations are proactively taking control of e-mail through the use of archiving technology. This technology allows the retention of internal, as well as incoming and outgoing e-mail messages at the mail server. The key to being litigation-ready with e-mail is to implement archiving technologies that can create a complete archive of all messages and store them according to a clear retention policy. The archive must be a superset of all other e-mail repositories, an archive that includes all messages passing through the mail environment – whether on-premise or hosted – regardless of user actions or any mail stored in personal archives.

With a comprehensive archive in place, old concerns about locating data and discovery of holes in the record are erased – the archive becomes a one-stop shop for e-mail search and production. With active archiving technology, e-mail is captured as it is created by or arrives to an individual within an organization, reducing the likelihood that critical information will be missed and ensures defensibility. Companies that capture e-mail early can go to the Rule 26 Conference with the assurance they have all relevant documentation.

When faced with the need to preserve e-mail, organizations should avoid the apparently "easy" path of relying on backup tapes as the exclusive method for preserving e-mail. This strategy can backfire since it can be extremely expensive to recover information quickly from even a modest set of backup tapes. In addition, the need to preserve e-mail can last for months or years, so an e-discovery action could require that hundreds or thousands of backup tapes be reviewed. For these reasons, companies should consider implementing "smarter" alternatives, including immediate implementation of e-mail retention journaling. Better to start capturing e-mail quickly with an effective e-mail retention system than allow backup tapes to accumulate. Many e-mail archiving systems – SaaS or hosted e-mail retention systems in particular – can be deployed very quickly and mean that companies can still arrive prepared and organized at their Rule 26 conference.

Most organizations have employees in multiple locations, and hence have e-mail being created and received from multiple locations. In addition, litigation or regulatory discovery requests typically require organizations to find all relevant documents from all locations, not just those at centralized locations. This problem is particularly acute for companies with many locations or branch offices. This is even more challenging for those companies with numerous international locations. Having all the e-mail from just headquarters is not enough. Gaining control of e-mail requires being able to capture e-mail from all locations, including laptops and mobile devices.

To avoid the expense and time of struggling with underground archival, the emerging best practice is to have a centralized copy of all e-mail in one place. While other copies of e-mail can exist in other places, if companies save a copy of every e-mail in a centralized archive (these copies would be considered copies of record) e-mail is easier to search and retrieve. Under this type of system, companies need only search the centralized archive and need not search through the "convenience" copies on desktops, laptops, file systems, etc.

This, of course, can greatly speed the process of discovery, as well as significantly reduce costs. The process of search and production will change once this system is in place. Rather than relying on outside parties to act on requests, legal staff can interactively search the archive themselves, iteratively weeding out nonresponsive records (those records not relevant to the discovery request) and reducing the volume of production. They can then create a single complete set of data, often in a variety of formats as required.

Furthermore, this "do-it-yourself" search and production greatly reduces the cost and risk of legal action. Rather than going through the effort of setting up a new data archive for each action, a comprehensive archive is always ready to be searched, and in-house interaction with the archive reduces request/response lags and misunderstandings. A superset archived e-mail is, quite simply, the best way to become litigation-ready.

Lack of e-mail control can result in another serious issue: inadvertent spoliation. Spoliation is a legal term for alteration or destruction of evidence that may pertain to a legal action. Inadvertent spoliation for e-mail is the accidental or unintentional deletion of e-mail that should be preserved. Companies have a responsibility to preserve documents and ESI relevant to a litigation. This responsibility starts not when they are actually served with a suit, but when there is a reasonable belief that litigation may occur. When companies don't control e-mail, inadvertent spoliation is a serious risk and unfortunately common. This can include employees deleting files from an inbox and not having that information backed up, overwriting backup tapes, etc. Companies that engage in spoliation can face sanctions from the court or even suffer loss from a summary judgment arising exclusively from the spoliation.

Becoming litigation-ready in part means enacting processes that can affect defensible litigation holds. For e-mail, this means enacting "top down," automated litigation holds that do not depend upon employee compliance with the hold request. When e-mail is held in a centralized archive, litigation holds can be accomplished by freezing some or all of the archive.

Many e-mail and document retention policies are out of date. They do not reflect newer compliance requirements such as FRCP. Furthermore, many of these policies don't reflect the ubiquitous nature of e-mail and ESI; these older policies are based around a paper paradigm. Often the average employee is unaware the he or she should be following a policy. The result is that many of these policies sit on the shelf, and are not followed. From a risk and legal perspective, it is worse to have a policy you do not follow, than to have no policy whatsoever. Policies may be and often are discovered. The opposing side will make a significant issue that you did not follow your own policies. They may raise questions designed to raise suspicion about an organization's intent, criminal or otherwise, that can be very damaging to their defense. As part of becoming litigation ready, companies should create and/or consistently update document retention policies. Policies should align with current regulatory requirements and e-discovery environments – also covering how to manage legal.. Good policies are media-agnostic, and they cover paper, and ESI, including e-mail. Today's policies tend to be simpler and clearer, making it easy to understand what should be retained and for how long. Furthermore, good policies must be written so that they can be automated to the greatest extent possible, avoiding manual processes.

Many organizations forget the final step in e-mail control: deletion. Users want and need to retain e-mail for a period of time, but after a while the users and business have no need to retain some e-mail. Most companies today have a de facto policy of saving all e-mail forever. Or they periodically ask employees to manually delete their own e-mail, which the employees never do. The result is that e-mail tends to accumulate. When faced with discovery, companies must identify and review significant amounts of e-mail, driving up costs of litigation.

Companies should implement an effective litigation and regulatory hold process. Make sure that you preserve any e-mail that may be relevant to an anticipated or ongoing litigation or regulatory inquiry. Third, follow your policy to preserve documents and e-mail needed to meet regulatory requirements. The amount of e-mail that needs to be preserved for regulatory requirements above the user-driven "high water mark" is typically a smaller amount of messages. Once these steps are in place, a company should deploy an automated, periodic deletion process to avoid excessive accumulation.