It’s 10 p.m. Do you know where your client ESI is? IG to the Rescue!

By: In: Law Firms On: Apr 07, 2014

It’s 10:00 at night.  Tomorrow you have to return or destroy all copies of client-provided data for a big client.  Do you know where your client-provided data is?  Chances are if you are like most firms, you may not, especially when it comes to client-provided electronically stored information, or ESI.  So how can Information Governance (IG) help?

ESI is largely made up of many copies of client data, modified as it travels through the eDiscovery work flow.  A typical work flow may start with a drive full of client data, which is then processed, sorted, searched, culled, analyzed, reviewed and eventually produced, often on another drive, to an adverse party.  Through each of these stages, the client data is often duplicated and stored in different systems, some outside of the firm. The result is an ever-growing data set that poses risks and requires active management.

ESI is often handled by a firm’s litigation support resources and they often handle the brunt of IG-focused processes too. If you are in litigation support or eDiscovery at a firm, this probably sounds all too familiar.  What if you had some best practices for applying IG to your ESI data management?  Key areas for guidance might include direction on:

  • how to manage the many copies of ESI your firm intakes
  • what you can destroy
  • what you must retain
  • how you must secure the ESI
  • who must play what role enacting IG procedures, especially if those procedures differ from normal IG process.

In an upcoming Iron Mountain Law Firm Information Governance report a group of us will offer the industry suggestions for how to manage ESI with governance considerations.  We’ll offer insight on key roadblocks and opportunities like:

  • Client Data vs Work Product. The ESI client data lifecycle often should be handled differently than firm work product. This lifecycle is often more aggressive than the firm’s traditional retention periods. Firms also need to develop solid processes for gathering and triaging outside counsel guidelines, and other methods for identifying how clients want their data retained, returned and/or destroyed.
  • Information Security; Vendor Management. And because the nature of this data often poses extra risk to a firm, you must ensure information security and vendor management processes appropriately address this risk. 
  • Defining clear roles and responsibilities. Many firms will need to establish clear roles between parts of the firm that haven’t typically interacted.  For example, many firms will need to forge relationships between the litigation support department and the records management department.  In some cases, this will help firms challenged by scarce resources.
  •  “But, We Have to Keep it” Culture! For many lawyers and firms, keeping all litigation data is a standard practice to guard against the chance that the case could come back to life, no matter how slight. Firms’ business development departments might also be opposed to deleting client data since having that data may reduce client costs and give the firm an advantage when competing for litigation business.
  • System Complexities. When the time comes to dispose of or return that data, the process may be complicated, especially in systems that contain both client data and firm work product.  Those systems often don’t have the ability to be granular enough to treat firm work product and client data differently.

With all these challenges, where can a firm start?  A group of us in a Law Firm Information Governance Symposium task force are developing some best practices in this area.  Our findings will be available this summer with practical advice on how you can go to sleep at night knowing your client ESI is safe, sound, and managed.

Brian Donato is a guest blogger for Iron Mountain and the leader of the 2014 Law Firm Information Governance IG & eDiscovery Task Force. He is currently CIO at the law firm of Vorys, Sater, Seymour and Pease LLP.   

← A Christmas Story & Data Security

Leave A Comment


About the author

Brian Donato

Brian Donato has worked in the field of Information Technology for nearly 30 years. With experience ranging from software developer to process engineer to IT Director, Mr. Donato brings a broad technology and business background to his current position of Chief Information Officer at the law firm of Vorys, Sater, Seymour and Pease LLP, where he has worked for the last 17 years. Prior to that, Mr. Donato spent nine years at State Savings Bank. To help practice what he preaches, Mr. Donato currently serves as technical advisor for the Firm’s Privacy and Health Care practice groups, and has assisted on a number of representations involving forensic investigations. He is the firm’s Security Officer, and is responsible for authoring and implementing the Firm’s information security policy. He also led the effort to roll out the firm’s security awareness program. Mr. Donato currently serves on the Information Governance steering committee for the International Legal Technology Association (ILTA), is part of the ILTA LegalSEC steering committee, and is a Task Force leader for the Law Firm Information Governance Symposium work group.