For IT organizations looking to better prepare for and respond to data requests during an e-discovery process, the Electronic Discovery Reference Model (EDRM) can help. In this SearchStorage.com interview, Christine Taylor, an analyst at Hopkinton, Mass.-based Taneja Group, explains what the EDRM is and which stages of the model are most important to data storage administrators. Listen to what Christine has to say about the EDRM and the e-discovery process, or read the transcript below.
You must have Adobe Flash Player 7 or above to view this content.See http://www.adobe.com/products/flashplayer to download now.
Download for later:
• Internet Explorer: Right Click > Save Target As
• Firefox: Right Click > Save Link As
The EDRM is a way of looking at a standardized e-discovery workflow. It's not a technical standard by any means. EDRM is now is a bit outdated because e-discovery technology is moving so fast in developmental terms that it's changing the stages of the workflow. But it's still useful in terms of vendors being able to talk to customers and achieve some common level of understanding about what they are [doing].
Let me briefly introduce the stages because IT will become less involved the farther to the right of the EDRM you move. Let's picture a line moving from left to right. The first stage is called information management. That's the practice of good data hygiene in the storage infrastructure. When a request hits from e-discovery or compliance or any kind of related business process, the better you have your storage infrastructure organized, the faster you're going to be able to serve up the information to the request.
Identification is the next stage. In terms of e-discovery, what that means is being able to identify potentially relevant data that might be involved in a legal matter.
Preservation and collection are the next two stages. They sit on top of each other because you cannot really separate them in terms of timing. What preservation is really refers to the ability to secure data against modification or deletion. And the process is referred to as a legal or litigation hold.
Those four stages in general are referred to as the left-hand side of the EDRM. And that's where IT should be most intensely involved.
The right-hand side of the EDRM is really where the attorneys play, and that is processing. Along with this stage are also the review and analysis stages. This is simply the attorneys being able to either manually or with some software help decide how relevant any given piece of data is to the legal matter at hand. After that, follow the production and presentation stages where relevant data is produced in a form that the opposing counsel or judge can see.
The left-hand side is where IT is going to have the most impact and the most demands. I am going to break this down into two concerns or processes. The first one is the need for attorneys to have IT support. The attorneys might not know how important this is until the corporation gets slapped with sanctions. But if IT is aware of what kind of pressures and challenges the attorneys are operating under, then IT can suggest software technology that will help them to do this, and will tremendously aid that particular business process.
The very same software products that can help IT support the attorneys can also help with data retention and management. The reason being that the main claim early on for these left-hand side software products is indexing.
The vendor might call it mapping, but the basic idea is that [this software allows] you to build a dynamic index, or map, of all electronically stored information (ESI) that's running on a network.
What IT can do with this is not only provide that level of support to the attorneys, but it can use the dynamic indexes to do policy-driven data-retention management.
The left side of the EDRM is typically broken down into three stages: the information management, identification, and preservation and collection stages of the e-discovery process.
Information management is the practice of good data hygiene, in terms of keeping your storage infrastructure efficient, minimized, compressed and searchable. You need specific technology tools that are available in today's market to do this.
Now, there are two ways of doing this. Frankly, the most common way that people adopt these software tools is called a reactive deployment. That's when something big has come down the pike, usually a very large or demanding e-discovery where there is a lot of risk involved. At that point, both attorneys and IT know that they have to put in some sort of software help or indexing software to do this.
The best practice, however, is proactive, so you can build the business case for having these active, dynamic indexes in place already. Not only does this help to quickly fulfill e-discovery and compliance requests, a pro-active deployment of e-discovery software can also help you to practice good data retention.
Keyword is still the king. This is because the courts still take keywords as the standards of searching. Keyword search is easy and you can use almost any enterprise search mechanism to do it. However, this is generally inadequate and it takes a long time to do a purely keyword search. So what you need is software that searches on keywords while performing other tasks.
6. What best practices are there for the preservation and collection stage of the e-discovery process?
Of these three stages, I think preservation and collection is really the one that's most important to legal, and it's the one where IT can strongly support legal. When attorneys search for the data that they need, they have to be able to prove preservation, they have to be able to prove security.
What you need to think about, therefore, particularly as IT, is how to preserve potentially large sets of information, how to do it quickly, how to prove that you've done it, and how to do it without interrupting business processes because you can't go around freezing data willy-nilly that business processes are depending on.
Now there are two ways to do this depending on what you need. The first way is data-in-place. The second way is moving the data to a secure repository. You can do both. It really depends on what software you are using and what your needs are.