We open with a note of solidarity and acknowledgment to the current global health crisis through which we are collectively living. This touches almost everyone on this planet, and we implore everyone to remain vigilant and safe in stopping the further spread of this deadly virus through social distancing. We will survive this and rebuild our communities and economies, but it will take time and require us to come together in doing so.

Our last article began the discussion on a reaching a balance between technology selection/use and effective legal project management strategy/workflow for different business-use cases. This article furthers that discussion through an exploration of the roles/skill sets needed for the team to succeed.

Ready, Fire, Aim

Let's start with some intrigue and espionage: A suspiciously similar drug appears on the market, and the company received a tip from a whistleblower that someone may have stolen the company's proprietary small molecule formula. This can mean huge losses if it's true, and we need to know yesterday. Time to get to work.

Most companies have protocol(s) when responding to an investigation or litigation in terms of what data may be responsive and with whom/where does that data live. We can either reinvent the wheel for process (which may end up feeling like a fire drill) or focus on the details and design a repeatable process for when this type of matter arrives on our doorstep.

The first things we need to know are: (1) what is the scope of the matter at hand; (2) where the company's data resides (otherwise known as a data map); and (3) who are the key players. Know these and you have a leg up on most organizations.

Breaking it down:

• Know your history. Spend the time and effort to document key timelines for past mergers/business combinations and the employees that were involved with the deal or ongoing related business thereafter (particularly those with access to sensitive data systems). Knowing this history can swiftly point discovery in the right direction to avoid chasing down dead ends and wasting time and resources.
• Define key sources of data and how to export from those systems in bulk.
• Ensure business or IT applications can efficiently export data in an e-discovery friendly format. This means creating solutions for corporate data systems to enable straightforward extraction of key electronically stored information (ESI) items.
• Maintain and refresh updated lists of key custodians responsible for parts of the business that are your go-to contacts for background or institutional knowledge.

How big is the breadbox? To answer this, we need to narrow the relevant timeframe, the cast of characters during that period, and the likely sources of information we have as the basis to plan for our collection. Understanding the heart of the matter quickly allows for an efficient marshalling of resources needed to address the ESI request.

These Pants Don't Fit

Rinse, wash, repeat may be great advice for a shampoo commercial, but one-size-fits-all does not work for legal project management. While a proven process will save time and energy, not all matters can follow the map from point A to B to C. This exercise requires both flexibility and the ability to pivot, including designing processes that can accommodate fluctuations which may present themselves along the way.

The prospective substance and nature of any particular investigation dictates the path we should follow to gather potential sources of probative information. In our IP theft investigation, access to any data sources containing the company's proprietary formularies, and communications around the same, appear to be among the most obvious first steps in our process.

Take the time to develop a more detailed understanding of the company's data sources, and interview the line level employees who manage them. The people lower down the chain of command live and breathe this work daily. Don't be afraid to ask them about the matter to ensure your data scoping plan is comprehensive.

Can't We All Just Get Along?

As you develop your process, include specifics as to what departments, groups or teams need to be involved. Again, maintaining lists of key contacts reduces the need to hunt down information when time is of the essence.

The key players in any matter are your attorneys, legal analysts/paralegals, e-discovery team, IT, data custodians and most importantly, the potential subjects we will investigate. Add to this list (as appropriate) outside counsel, e-discovery providers and expert witnesses.

Prioritize their roles and responsibilities to establish an orderly flow of the investigation, and make this your protocol for the matter at hand. This script should then evolve within the matter-type buckets in which they live. The possible IP theft in our present matter example requires a "need to know" level of confidentiality within and outside the company, given how sensitive the nature of the investigation itself can be to the company. This means the subjects of investigation cannot learn they are being investigated until that time becomes ripe (for obviously reasons).

Storming the Castle

Time to put the process into action. Let's start with intake of the matter and assignment of the attorney and paralegal, and then move on to identifying key custodians. Through custodian interviews, we may identify additional data sources (whether personal, departmental or at the corporate level).

At this point, consult the e-discovery team to assess how to most effectively collect from the targeted data sources. Considerations in scoping our collection needs should include the following:

• The matter details and time period in question.
• How soon ESI collection is to begin, and what metadata must be gathered.
• How will data be processed.

Consider involving a reputable e-discovery provider to handle the left side processes of the Electronic Discovery Reference Model (EDRM) if bandwidth of your internal team is potentially an issue (or could become one if the matter blows up). Best-in-class e-discovery providers can be instrumental for the data collection, ingestion, processing, hosting, analytics, review and production, inclusive of search term consultation, under time compressed circumstances. Understand their level of expertise and whether they can consult on data scoping prior to collections (most of the top e-discovery companies have a deep bench of core competency on the same).

Think ahead as to who will review the search results following when a collection must be complete (or alternatively if collections through production can be completed on a rolling basis). Once this has been considered, a project kickoff call should be attended by all essential parties to the matter to finalize the workflow needed. On this call, ensure everyone understands and weighs in on considerations for what is going to happen with the ESI and how it is to be reviewed, organized and produced. This is the time to get questions answered upfront and develop a formal communications protocol for the working group.

Following the kickoff call, it's time to execute upon our collections plan, inclusive of reasonable date ranges and well-crafted initial search terms to avoid boiling the ocean. By this I mean we want to eliminate noise in our data including duplicate data, system files and other irrelevant data (referred to as: "Denysting and Deduping"). In our case at hand, we need to know who had access to the formulary data and what communications did they have preceding and proceeding that access. What we mine from this initial collection will lead us to where we go next.

Once the ESI is gathered and sent securely to the e-discovery provider, followed by their ingestion, use of analytics, and promotion to a review platform, first-pass document review and quality control (QC) can begin. This often involves a team combination of a chosen full service e-discovery provider (with core competency in managed document review) under supervision and additional QC from both internal and outside corporate counsel. Second pass review (which can extend into redactions and/or privilege issues) can occur after the output of first pass is assessed by the same teams. The output of these processes most frequently results in some sort of production (in our case likely to law enforcement authorities and possibly opposing counsel). Time to let the attorneys do their jobs and assess what is learned, in this case whether or not we have an IP theft.

When the Dust Settles

When the matter is resolved, what do we do with our data? Could this ESI be useful down the road (likely litigation, appeal or data reuse potential)? What does your records retention schedule say about how long you need to keep the ESI? Consider all of these questions carefully. At a minimum, get a final copy of the review platform's load file on encrypted medium and hold on to it according to your records schedule. This file will have preserved the attorney work product and decisions made about each piece of ESI that was processed. Why pay for that again if the data is useful in a later matter? Finally, ensure your data is removed from storage at your outside counsel and e-discovery provider. Now you can close the book on this matter.

Next Steps

Now that we've opened the discussion on methodology to identify and apply the skill/role each team member needs to have for us to design and implement an effective legal project management strategy/workflow for different business-use cases, our next article will dig deeper into codifying those processes as part of a standardized playbook.

 

Dan Panitz, UnitedLex SVP, Strategic Accounts, is an experienced attorney based in New York with more than 25 years of combined legal, technology and corporate advisory experience. Having worked with SEC Enforcement and NASD (now FINRA) Arbitration, Dan also holds Anti-Bribery & Corruption specialty certifications for the PRC, UK and the US.

Bruce (HB) Gordon, EnCE, is the Manager of eDiscovery in the Office of the General Counsel for The Vanguard Group. HB's career spans over 20 years of ESI response management and as an IT Manager/Liaison to legal departments including Teva Pharmaceuticals, AmerisourceBergen Corporation and the Rohm and Haas Company.