At Legaltech in New York, I interviewed Roger Miller, Senior Vice President leading the compliance and investigations group at Consilio. Our subject was the use of technology in investigations and about the growing and changing imperatives in global eDiscovery.
The skills and tools developed for litigation eDiscovery are being repurposed and applied to regulatory and other investigations. While this is not a new development, Roger Miller said that this kind of use is increasing considerably, and extending to the far left of the EDRM so that organisations can identify compliance issues ahead of investigations. For example, he says, new technology, particularly the use of artificial intelligence in contextual searches, is being used to find out quickly if a complaint has merit so that the organisation can anticipate problems.
As I observed, this can make discovery deadlines look relatively relaxed.
Much of the use of this new technology lies in the highly-regulated verticals such as finance and pharmaceuticals which, as Roger Miller points out, have to deal with the regulatory environments in multiple jurisdictions.
The area attracting most attention, perhaps, is the growing need to identify private information for compliance with privacy and data protection regulations. This is (or should be) not just a reactive function, but one involving constant monitoring.
The multinational element, with its differing regulatory standards, is part of what has driven the consolidation of the eDiscovery industry. Roger Millar says that you need a certain scale to be able to host data and comply with local regulations in all the countries where multinational corporations operate or have dealings.
Clients, he says, take it for granted that those who work for them will have a footprint which matches theirs, and instruct those who can supply services globally.
Privacy implications require that data must be separated within jurisdictions and not just between them, with data centres and review teams in country.
There is an increasing need to cross-cut data – not just for relevance and privilege but also to segregate various kinds of protected data. Defensibility now extends to showing why you have (or have not) collected data of particular kind or from a particular place.
In the old days, you have to prove that you have looked everywhere; now you also may have to show that you did not look in particular places, and explain why.
This inevitably increases the need to apply different rules in different jurisdictions can increase costs which makes it more necessary than ever to take a proportional view on how much must be done.