CC-E-Discovery Photo Credit: Pan JJ/Shutterstock.com

In Part I of this series, we presented an introduction to the current e-discovery landscape,
a summary of key 2015 amendments to the Federal Rules of Civil Procedure (FRCP), and an
overview of core information governance (IG) principles. In Part II, we explore how several core
components of an IG program can foster consistent e-discovery practices, with an explanation of how the changes to FRCP 37(e) make sanctions less likely in the face of demonstrated IG efforts.

The hallmark of a good e-discovery process is consistency. A robust IG program will
foster uniform practices in that it brings together the various business functions of an
organization to develop the best approaches for handling company information. Business
functions are more likely to follow agreed-upon, organizational approaches to IG because they
had a hand in the decision-making that resulted in the approach. This in turn supports the e-discovery function because consistent practices allow counsel to get to the facts of the case faster—especially when the information or data at issue are managed by several different areas of the business. For many organizations, it will not be possible to avoid litigation entirely.

Focusing on any of the core components of an IG program can improve the consistency of e-discovery practices, and thus achieve better e-discovery outcomes.

Several core IG program components support consistent e-discovery in an organization.
This article focuses on the benefits associated with (1) policies and procedures, (2) designated
roles and responsibilities, (3) data management, (4) training and change management and (5)
assessment and compliance.

Policies and Procedures

With FRCP 37(e)'s shift in focus from culpability to prejudice, organizations can be more
comfortable following routine policies and procedures as they relate to data, so long as both
litigation response and e-discovery protocols are in place to ensure that the organization is
meeting its duty to preserve. Policies and procedures that govern the creation, management,
retention and deletion of company data can help counsel understand what company information may be at issue in litigation, and what information is likely no longer available due to routine deletion in the normal course of business. When drafting record retention policies, companies should consider litigation needs and, in some cases, statutes of limitations in addition to business and regulatory requirements, to determine appropriate retention periods for company information. Counsel will also want to take steps to suspend any automatic deletion protocols in response to a duty to preserve, especially if the company has aggressive timelines for deletion of content, such as email.

Designated Roles and Responsibilities

Depending on the structure and size of the company, organizations may want to consider
designating one or more specific individuals to carry out certain protocols and procedures, such
as the issuance of legal holds or the management of exception requests related to retention or
deletion of company information. In addition to supporting good information governance, having designated individuals handle certain requests fosters more consistency in the way protocols and procedures are executed, which will be helpful to corporate counsel should the company's practices ever be called into question. The more consistent a company's practices, the easier it is to respond to e-discovery requests and explain what happened in the event that information is no longer available due to following routine protocols.

Data Management

While building an IG program, many organizations will look to automate the retention
and disposition of company information. These practices will help the organization follow its
own retention and disposition policies, which will reduce the amount of redundant, outdated or
trivial information e-discovery counsel must sift through. This allows for faster identification of
information that is relevant to litigation. E-discovery counsel should be heavily involved with the
development and deployment of automated functions to ensure that such functions can be
properly suspended in response to the duty to preserve. Organizations should also consider how suspension of deletion protocols could impact users. For example, if a custodian's email inbox is put on legal hold, and that email inbox is also subject to size limitations, that individual is more likely to hit the maximum mailbox size and, thus, experience a failure of email functionality.

Automating retention and disposition of company information can ease e-discovery counsel's
burdens, but such automated practices can also have the potential to produce headaches if the
protocols interfere with employee productivity or fail to satisfactorily support the duty to
preserve.

Training and Change Management

All good IG programs include a focus on employee education and training. To the extent
pervasive company practices are misaligned with new information governance policies,
procedures and/or protocols, training to support change management will be essential. IG
training should address all employee obligations as they relate to company information,
including the importance of preservation in response to company legal holds, the proper use of
company email and social media, and the expectation to protect company data regardless of
where the data resides. Improvements in these areas will streamline e-discovery efforts and lead to the achievement of better e-discovery outcomes.

Assessment and Compliance

E-discovery counsel can rely on verified compliance with IG policies and procedures to
help demonstrate that electronically stored information is properly retained in response to a
company's duty to preserve. To the extent an assessment highlights areas for improvement, the
results can be used to direct resources related to training and change management to improve
future e-discovery outcomes. Under the new sanctions framework of FRCP 37, the rules
contemplate that parties likely will not be subject to serious sanctions for information lost due to events outside of their control. Regular assessments demonstrate that the organization is seeking to identify deficiencies within their control so that corrective actions can be taken.

In Part III, the final installment of this series, we will explore practical approaches to
creating an IG framework within a company and include several initial IG-centered projects that
benefit e-discovery and litigation as a whole.

Yodi S. Hailemariam is an associate in the Information privacy, security and governance
group at Drinker Biddle & Reath. She focuses her practice on U.S. and cross-border
information governance, data privacy, cybersecurity, electronic discovery, legal analytics and the
internet of things. Hailemariam has experience in a wide range of industries, including technology,
health care, pharmaceuticals and life sciences, intellectual property, insurance and financial
services. She has extensive experience advising on cross-border data issues, particularly with
respect to Asia and the European Union.

Amy Ramsey Marcos is an associate in the Information privacy, security and governance
group at Drinker Biddle. She assists clients with identifying business, litigation and
regulatory obligations to optimize information governance practices. Marcos has broad experience
in several industry verticals developing and revising records retention schedules, supporting data
remediation initiatives, and building change management plans to successfully implement
information governance policies and procedures.