"If you don't have experience in e-discovery, EDRM is useful. It is good for showing what the issues are," said Mark Brennan, counsel at Bryan Cave LLP in Kansas City.
"For an IT person faced with finding e-discovery tools, the first thing I would do is take the EDRM diagram and go talk with your legal counsel," said Matthew Todd, CISO and vice president of risk and technical operations at Palo Alto, Calif.-based Financial Engines Inc. The legal counsel should tell you which functions the IT group should do in-house. Then you can start looking at tools.
Where EDRM breaks down is with naming tools. "It's very useful, except it doesn't name tools," said Lance Rea, chief information officer (CIO) at New York City law firm Davis & Gilbert LLP. Actual products tend to overlap EDRM areas. For example, an archiving tool from the information management area will also perform search, making it useful for identification. Rea performs
The areas of e-discovery that involve storage the most include information management, identification and preservation/collection. Information management covers those things the storage group already handles, such as content management, records management, document management, CRM, email archiving and data archiving.
"Even with all these systems, it's hard to get to unified content management, which is where you ideally want to be. It takes several years to get to that point, and you still face fire drills when an e-discovery request comes in," said Jason Priebe, of counsel at the Chicago-based law firm Seyfarth Shaw LLP, and formerly the e-discovery practice manager at a major property and casualty insurance company. "Even with tools like Oracle Corp.'s Content Server or [EMC's] Documentum, it still takes years to sweep up all the unstructured data," he added.
Just getting the data unified and into one place isn't enough. Every company needs a data-retention policy it actively follows and enforces. "The best thing the storage people can do is to support the email retention policy," said Jack Hupper, CIO at the New York City Law Department. In terms of tools, that means deploying email archiving applications, such as Symantec Corp.'s Enterprise Vault, and tools for classification and categorization like those from Autonomy Corp. (which owns Zantaz Inc.) or Recommind Inc.
Identification is the process of determining the scope, breadth and depth of the electronic information that might be needed in litigation. You should start by identifying the largest pool of potentially relevant data, which requires search tools. For the purposes of identification, the search tools don't even have to be that good. "You could use Outlook or even Google," said Rea at Davis & Gilbert. At subsequent stages, when culling the data to zero-in on the exact documents you need to turn over, you'll need more sophisticated search tools like Kazeon System Inc.'s Kazeon Information Server or even forensic search tools like Guidance Software Inc.'s EnCase suite of products -- but that comes later and probably needs to be handled by lawyers. If the amount of data to be searched is vast, many companies call in outsourcing vendors.
Preservation/Collection is the next and probably last piece that directly involves the storage team. Preservation is the process of protecting data that may be needed in the litigation, and there are big penalties for failing to do this right. For this step, IT needs a legal hold tool. PSS Systems is widely recognized as the leading legal holds vendor, while Exterro Inc. is a newcomer in this area. But any product that can enforce policy against stored data could work. Ideally, the legal hold tool should identify and preserve both centrally managed documents and distributed documents, including those residing on desktops and laptops.BIO: Alan Radding is a frequent contributor to TechTarget sites.
(This article originally appeared in Storage magazine.)