Compliance Technology

While corporations expect the amount of investigations and the volume of data they examine to increase, most are not currently using advanced tech to aid them, according to a new survey. 

E-discovery provider H5 teamed up with Above the Law for its "The Investigations Landscape: Findings From the H5/ATL 2019 Corporate Investigations Survey" released last week. The findings were based on the responses of 317 individuals from U.S. and non-U.S. companies. More than half of the respondents described their primary investigatory role as management and strategy, while 21% said they were nonlawyers.

Sixty-three percent of respondents said they expect their company to conduct more investigations over the next three years. H5 e-discovery services managing director Sheila Mackay said the reasoning behind the expected increase is fueled by the General Data Protection Regulation (GDPR) and California Consumer Privacy Act (CCPA) adding more regulatory requirements and the assumption that other states will follow California in implementing similar regulations. 

When asked about their current investigations, respondents said regulatory/governmental investigations generated the most electronically stored information (ESI) for review. At 31%, employee/workplace investigations generated the second-most ESI for collection. In contrast, respondents said cybersecurity investigation generated the least amount of ESI.

Mackay noted that while government investigations entail an intensive depth and breadth of data, there may be less overall cybersecurity incidents to investigate.

When faced with an investigation, respondents said they are more likely to leverage keyword search (31%) and manual review (28%) over analytics (17%) and AI technology (12%). However, companies with $50 billion-plus in revenue were more likely to cite analytics technology as a typical approach. Mackay described the overall hesitancy toward advanced technology as an opportunity for vendors to explain to clients how advanced tech can help them.

"I think that when there is something very sensitive within corporations there is still sometimes an idea that an attorney has to put eyes on everything, that's the quote 'golden standard,'" she said. Instead, she noted that companies want a "hybrid" of human and tech review to mitigate cost and risk. 

As companies inch toward advanced tech adoption, less than 10% of companies say their small investigations lead into larger investigations. However, the study highlighted companies with $100 million to $500 million in revenue were more likely to report that 26-50% of investigations grew. Mackay explained bigger organizations' investigations usually start small, but because of their larger volume of investigations, they are likely to grow. The survey noted initial investigations may unearth more information that expands the scope of the investigation.

As companies deal with various investigations, the total cost of ESI review is usually less than $1 million. But non-U.S. companies reported a higher spend, with 21% reporting their companies spend $10 million or more, compared to 2% of U.S. respondents that reported similar spending.

However, 27% of respondents said they didn't know how much their company spent on corporate investigations. Mackay said that lack of awareness could be fueled by companies tracking investigation costs as internal spend or because the costs might be spread across departments, making determining an overall price tag difficult.

For the respondents that were aware of how much was spent, outside counsel cost (86%), analytics technology (59%) and e-discovery service provider costs (53%) were the top areas of spend in a typical investigation.

A company's top considerations when choosing a provider includes cost/impact on budget (29%), its own prior experience (22%) and subject matter or industry-specific expertise (17%). Mackay noted companies place a high premium on vendors or outside counsel that have a proven track record.

"Corporations and law firms, when they find providers that give them really great service, they stick with them," she said.

When assigning outside counsel and vendors with tasks during an investigation, less than 25% of the ESI involves preserving and/or collecting employee data, according to the survey. However, 67% said their companies do proactively monitor data, such as email review or network monitoring, to identify potential wrongdoing, while 85% said their company leverages software to track electronic data.

Of those that don't monitor data, 61% said their company has no plans to proactively monitor data in the future, citing discouraging cost and privacy concerns. Mackay highlighted the GDPR and CCPA has made U.S. companies reluctant to collect and monitor employees' data, in fear they may violate a law.