This was the title of the second e-disclosure session at ILTA INSIGHT 2008 in London – the first was on Judicial training in e-Disclosure. George Rudoy of Shearman & Sterling, and UK e-disclosure consultant Andrew Haslam talked about risk management, with Sally Gonzalez of Michael Farrell Group as Moderator.
The disclosure of electronic evidence is becoming a major expense for corporates, and a major revenue stream for lawyers and providers of technical and related services. Forrester Research estimates that the business will be worth $4.8 billion by 2011, whatever efforts are made by the courts to contain this expense.
There is corresponding competition to capture this revenue as between the lawyers and the outsourced providers, with corresponding interest on the part of some corporates to keep as much of the work in house as they can.
We are not just talking of litigation here – regulatory compliance is a big driver. Nor, despite the big number quoted above, are we talking exclusively of big corporations with massive data collections – the principles apply equally to modest companies. Cost is not the only factor. A lot of this work must be done urgently, some of it is extremely confidential, and the risk – of missing something, of disclosing more than was intended, or of failing irretrievably to comply with some requirement – can be very high.
George Rudoy and Andrew Haslam batted these themes between them from their respective national standpoints. Although Shearman & Sterling are one of the leading firms in electronic discovery, they do not set themselves up as a provider of technical services. They have no significant client scanning or similar function in house and engage the appropriate expert providers for all but those few cases where urgency, or extreme confidentiality dictates otherwise or where the volumes are small. They are lawyers and want to concentrate on law.
Firms are often happy to let the clients do their own collections, whether actually by the hand of their own staff or by direct contract with suppliers. The lawyers may want input into how it is done, but if the client has the resources and is willing to assume the risk then such firms will not feel the need to get heavily involved.
The courts, however, are increasingly imposing duties on law firms – duties, that is, which are owed to the court – which are incompatible with such delegation. Apart from those who are EnCase certified, there is no formal qualification for handling electronic documents. There is no room for “enthusiastic amateurs” when so much turns on getting it right. This, plus the enormous revenues to be earned, encourages some firms to market their own collections and related services.
Andrew Haslam said that he had come across firms whose management said confidently that the time had not yet come for eDisclosure services and that the firm, whilst keeping an eye on developments, saw no need yet to get involved. Enquiries around the firm, however, might reveal a number of discrete cases where the lawyers had outsourced work to a provider of their choice. This was not just a lost opportunity to control costs by choosing preferred suppliers and negotiating master contracts with them, but was also a matter of risk management. It was, he said, often the risk management committee rather than the IT director who raised the question.
The perceived risk was not just the possibility of choosing the wrong supplier, nor was it just the way in which such individual adventures added modest batches of client data which amounted in total to Terabytes, all of which had to be stored, delivered and backed up. Someone in house should have an overview. IT departments were, or should be, part of the business of law, not just a matter of networks and backups.
There is much more to this subject than time allowed. My own view is that firms are missing valuable opportunities here, not so much to do the hands-on stuff themselves but to give proactive advice which will influence how their clients go about it. This, in the UK at least, is partly a matter of neglect but is also, anecdotally at least, because of nervousness as to unknown risks.
One area of risk is that a client will seek urgent advice which the firm is simply not qualified to give – I mean here not so much as to the law, but as to the mechanics where technical matters are involved. The dawn call from the client with the regulator at the door, the instructions to set about an urgent search and seize operation, the arrival of Gigabytes of data with urgent instructions to identify the problem and advise, may all need technical as well as legal input. Firms have a list of known barristers whom they can call on if they need legal input. They should also have at least one, and preferably two, preferred suppliers of technical advice and services upon whom they can call at a moment’s notice, and should have someone in house who, at the least, knows the known unknowns – the limits of the firm’s expertise.
The risk management committees might like to put that on their next agenda.