Finding Key Players in Legal Hold Notification, Preservation and Collection

As a practitioner, I have had many conversations and discussions recently on leading practices and trends related to litigation hold notifications and preservation orders.  Organizations routinely have the need to effectively manage preservation for litigation, internal investigations and for varying regulatory purposes.

Since the amendments to the Federal Rules of Civil Procedure there has been much discussion on this topic, but limited practical solutions to the problem.  The Pension Committee decision has made notifying & managing custodians & “key players” effectively a core requirement for most legal departments.

The challenge with the legal hold notification, preservation & collection processes for most organizations is the “ad hoc” nature of defining systems of record, ESI & custodians & executing preservation in a defensible manner.  Notifying custodians a timely manner and keeping an audit trail to defend (more…)

FCPA Compliance and Good Governance

There has been a lot of discussion & electronic chat surrounding Regulators leveraging internal investigations in recent FCPA enforcement actions.  The key message is that the Regulators are looking to rely on the organization’s internal controls, monitoring & reporting capabilities when possible…when an effective GRC program is operating.

There are inherent efficiencies to both the organization & the Regulator when the internal control environment and the internal investigation are defensible. This is the right mix of “People, Process & Technology”…effective key controls should indicate need for further investigation & then the right resources should be engaged.

Self-management & reporting of potential infractions indicates the ability to self-regulate as apposed to being an organization with more systemic issues.

FCPA is somewhat unique in that it is typically intertwined with Finance, SEC Reporting & the organization’s Books & Records. In an organization subject to SOX the key controls of the financial reporting process should have identified some failure in accounting if the alleged event was completed or may indicate systemic issues in financial reporting….other business functions are typically impacted providing early warnings of an issue like travel & expenses, cash distributions etc…

If an organization can proactively manage & report on FCPA related issues this would be more cost effective & less of a burden on external & internal resources…proactive management includes having the right resources & expertise engaged.

I believe there are several factors that will contribute to systemic organizational changes to current practices of dealing with FCPA compliance…a more proactive approach to identifying risks based on sound GRC execution:

COST – The cost of reacting to various legal & regulatory issues as “one off” situations is expensive. Looking at this more holistically usually shows patterns & synergies of efforts to comply with the various requirements…Faster, Better, Cheaper!

RISK – Choice Computing – The end-user will drive the next generation of business tools like the I-pad, I-phone, web tools & cloud, social networking etc & the organization’s needs to retain certain information and Books & Records will need to adapt. This impacts the entire business.

VISIBITY – The systemic need to manage, monitor, secure, report on & control global assets that span the business, IT, Security, legal/regulatory, T&E, HR etc. already exists for most organizations. To gain efficiencies & mitigate potential risks this requires a top-down strategy & sound eGRC processes.
Understanding all these different elements of the People, Process & Technology in your compliance process is the key to controlling costs & mitigating risks.

Our team has developed an easy-to-use “eDiscovery ROI Calculator”, which is now available for the iPad.

If you would like to discuss this topic further…please comment below or send an email @ ted.oneil@emc.com.

The Hidden ROI in eDiscovery…Faster, Better, Cheaper…Part III

Part III: The Legal Profile

An often overlooked link between the IT footprint and the FRCP is the notion of “source mapping” or “mapping of sources” for the Rule 26f “Meet & Confer Conference” where the parties need to discuss & disclose potentially responsive ESI by “category or type”…if the organization understands what systems and repositories contain potentially responsive information, that ESI can be managed appropriately for the matter at hand and as an indicator as a source for future eDiscovery…most organizations have certain types of legal & regulatory challenges like employment, Intellectual property or other types of litigation and key regulatory issues which form a pattern of a “Profile”.

If these systems and applications are identified or “mapped” a categorization & classification of systems, data & ESI can be developed and used as an early assessment tool and a strategic tool to ensure proper preservation of ESI and notification of potential custodians.

Put another way, employment cases and Intellectual Property cases may share some common sources of ESI (email, file shares, collaborative spaces), but typically also have systems & repositories for business information related to the particular business function that is subject of the legal inquiry. It is rare that all systems or applications would contain responsive ESI.

Here is an opportunity to move away from the “Hold All” order and develop a defensible response protocol for legal and regulatory matters and target responsive ESI and manage the non-responsive ESI according to standard business practices. If you can’t find the handful of relevant ESI in the terabytes of data, then “retain all” may look like the “best option” in a bad situation.

Here is some hidden ROI:

Once Responsive ESI is identified, preserved & collected, it is a reasonable assumption that the non-responsive ESI is not subject to legal hold…but subject to ordinary lifecycle management (RM) or part of the organization’s GRC efforts within a sound Information Governance Program and only retained based on categorization & classification of information.

Leverage the opportunity to do some “house cleaning”…gain file visibility and perform file remediation…dispose of ESI that has outlived its useful life in a defensible, scalable manner.

Understanding all these different elements of the People, Process & Technology in your eDiscovery process is the key to controlling costs & mitigating risks.

Our team has developed an easy-to-use “eDiscovery ROI Calculator”, which is now available for the iPad.

If you would like to discuss this topic further…please comment below or send an email @ ted.oneil@emc.com.

The Hidden ROI in eDiscovery…Faster, Better, Cheaper…! Part II

The hidden ROI in eDiscovery…Faster, better, cheaper…!

Part II  Benchmarking: People, Process & Technology

Identifying all the key players in the legal & regulatory processes that request ESI (consumers) and why they need it…then find all the key players and stakeholders that identify, preserve & collect ESI and the tools currently in use to help to understand the processes and the level of effort associated with eDiscovery from an internal resource perspective as well as from the third party cost perspective…and to understand risk.

Each organization is unique…understanding who touches the process is (more…)

The Hidden ROI in eDiscovery…Faster, Better, Cheaper…! Part I

Faster, better, cheaper was the mantra at NASA as it set goals to improve quality, efficiency and better manage costs after several setbacks…it was a way to set goals and measure success from a “top down” approach of looking at it from all perspectives and seeking to better quantify risks & rewards in various programs…expect quality, but demand efficiency!!!

Faster, better, cheaper was clear theme from LegalTech 2011…good Information Governance makes good business sense!

The hidden Return On Investment in eDiscovery lies in understanding the entire spend…not just the obvious third party costs and understanding and quantifying risks in the current process.

I have been working with several clients in developing business cases and (more…)