eDiscovery Evolves In Response To COVID-19.

Updated: Dec 16, 2020










The process of collecting and reviewing electronically stored information (ESI) has had to evolve in response to unprecedented international and domestic travel bans


The coronavirus (COVID-19) pandemic has disrupted the global economy, forcing governments to impose lockdowns that have sent companies scrambling for operational solutions.


Travel bans coupled with social distancing requirements have upended traditional business structures, with corporations embracing technology on an unprecedented scale to ensure they could continue to operate as smoothly as possible while staff shifted to working from home (WFH) on a full or part-time basis.


These changes will have far-reaching consequences for years to come as businesses adapt to the “new normal”, with many employers opting to draft permanent WFH strategies. This corporate revolution is creating a whole new set of challenges, risks and rewards, not least around data management and eDiscovery obligations.


The eDiscovery process consists of a broad spectrum of phases, ranging from data identification and collection to processing, analysis and production before finally reaching the presentation stage. International travel bans and social quarantine conditions, which vary from country to country and even city to city, have affected some phases more deeply than others.


The more collaborative end of the spectrum – data gathering and review – has seen the greatest impact, with law firms and eDiscovery service providers not only having to weigh up local and international travel restrictions but also their ability to connect with a scattered workforce.


A greater reliance on remote collections and reviews has arisen, which while leading to concerns about long-term challenges to data integrity has also created new growth opportunities for the eDiscovery industry.



"The collection process frequently feeds back into the identification stage. Clients may not have identified the full scope of material collection or are not fully aware of all the devices where data could be stored. Custodians may have stored data on laptops at home, mobile phones, etc. We’ve found that the collection process often expands beyond the initial expectations set out in preliminary conference calls."

Sandeep Jadav, senior managing director and regional lead for technology in Asia at global business advisory firm FTI Consulting



Time of transition


Data collection, the process through which electronically stored information (ESI) is gathered from the various custodians’ devices and stored on a separate repository, is far from a simple procedure. The ESI needs to be removed from its original source – stored on local computers, in the cloud or on collaborative platforms spanning multiple devices – in order to be prepared for processing and analysis.


Sandeep Jadav, senior managing director and regional lead for technology in Asia at global business advisory firm FTI Consulting, said that prior to the pandemic ESI collections had traditionally been carried out in person, with bespoke teams created to address the needs of a specific case.


Jadav said cases often required “boots on the ground”, given the dynamic nature of data collection. He added: “The collection process frequently feeds back into the identification stage. Clients may not have identified the full scope of material collection or are not fully aware of all the devices where data could be stored. Custodians may have stored data on laptops at home, mobile phones, etc. We’ve found that the collection process often expands beyond the initial expectations set out in preliminary conference calls.”


However, government-mandated quarantines imposed worldwide in the wake of COVID-19 have disrupted international and domestic travel. This has been particularly felt in Asia, where the region’s fractured nature – geographically, politically and linguistically speaking – has made data collection especially tricky.


China, for example, launched a system that revolves around the use of coloured health QR codes, with green signalling that citizens’ movement is unrestricted while yellow or red requires self-isolation. These codes govern access to almost all forms of public infrastructure – from shopping malls and office buildings to the subway.


Chinese President Xi Jinping has advocated rolling out the system on a global level to ensure the “smooth functioning” of the world economy.


“China has proposed a global mechanism on the mutual recognition of health certificates based on nucleic acid test results in the form of internationally accepted QR codes. We hope more countries will join this mechanism,” the official Xinhua news agency quoted Xi as saying during the virtual G20 leaders’ meeting on November 21.


In Australia, meanwhile, various state and territory governments are slowly reopening the country’s domestic borders, with no clear timetable in sight for when an easing of international travel restrictions might arrive.


Jadav said: “We were already moving towards remote collections for smaller and simpler cases, given the cost benefits associated with reduced travel requirements and speedier data collection. But the pandemic forced us to scale up our capabilities for larger, more complex cases.”


"The traditional model of having lawyers and vendors on the ground allowed us to ensure that collections were forensically sound and that the chain of custody was intact and well-documented. How do you achieve that when you can’t get your team to the client’s premises? Often, you need to count on technology solutions you might not have otherwise considered."

Timothy Blakely, Hong-Kong based partner at international law firm Morrison & Foerster



Remote collections can either be software-led, with applications remotely run from external hard drives or similar devices, or led by vetted third-party providers.


Timothy Blakely, a Hong-Kong based partner at international law firm Morrison & Foerster, said that with the traditional paradigm of ESI collection having been “thrown out of the window” his team has more heavily leaned on leveraging support from technology providers such as FTI.


Blakely said: “The traditional model of having lawyers and vendors on the ground allowed us to ensure that collections were forensically sound and that the chain of custody was intact and well-documented. How do you achieve that when you can’t get your team to the client’s premises? Often, you need to count on technology solutions you might not have otherwise considered.”


He pointed to a recent case in which his firm needed to collect data from the WeChat account of a client’s mainland China-based employee. Blakely said: “We couldn’t physically or digitally access the info, so the solution was to work with a technology partner to send a blank mobile phone to the employee with a data transfer app pre-installed. The employee could then be guided through the transfer process over a live video feed, which both facilitated the collection and provided a basis to support the chain of custody for the data collected.”


Collection, however, is not the only aspect of the eDiscovery process that has been disrupted by the pandemic, with logistical challenges also popping up in the review stage.

Document reviews are typically managed onsite in a single location, led by teams of legal professionals contracted specifically for this purpose. Using a single location to host review teams not only assists in the communication and collaboration process it also allows for greater data security. Given the centralised nature of the process it is easier to control how teams of contractors – no matter their size – interact with sensitive case material.


The pandemic, which has driven a constant evolution in social distancing requirements, has meant the traditional review method is no longer a guaranteed option. The alternative if for the process to be carried out remotely, which carries its own set of data security risks.


"Remote collections have become more commonplace out of necessity, and clients have come to appreciate the advantages of cost and time. However, these processes have not been tested and it’s still too early to say what challenges might arise in the future and how well these processes will fare when put under a legal burden."

Sandeep Jadav, senior managing director and regional lead for technology in Asia at global business advisory firm FTI Consulting



A question of integrity


The shift toward remote collection and review raises some troubling questions about whether these processes are forensically sound and whether they will open the door to challenges further down the line. The ability to send digital forensics professionals to a client’s office negates any uncertainties arising from remote collection. Centralised data review, meanwhile, allows eDiscovery managers to limit contractor access to data while enhancing the ability to monitor their workstations via software and security cameras.


One of the concerns expressed by FTI’s Jadav was that the independence or integrity of either process could be called into question in the future. Whether these issues are real or whether they are just a conduit to dismiss evidence remains unknown, as these practices have not been tested in a litigation setting.


Jadav said: “Remote collections have become more commonplace out of necessity, and clients have come to appreciate the advantages of cost and time. However, these processes have not been tested and it’s still too early to say what challenges might arise in the future and how well these processes will fare when put under a legal burden.”


He said it was important for clients to understand the potential risks associated with remote collections and reviews, with questions of forensic soundness representing a possible point of influence over the final judgement.


Jadav added: “Collections are sound if the hash values of the images match. In that sense, remote collections are similar to traditional collections. However, remote collections flounder when our teams are faced with weird and esoteric data sources. We don’t have the same level of flexibility in dealing with nontraditional mediums as when we’re in the room.”


FTI recently conducted remote operations on behalf of a client in Thailand after stringent border closures removed other options. While the Bangkok government’s move to close borders has allowed the country to weather the pandemic better than most others, it has also derailed traditional ESI collection methods. As such, FTI organised the delivery of hard drives – containing applications designed generate image copies of the laptops in question – to the client’s offices while using video conferencing to guide their legal and IT teams through the collection process.


Despite the client’s satisfaction with the process, Jadav noted that the complex nature of digital forensics meant having representatives on the ground remained an advantage.


He said: “Collections always carry the possibility of being more complicated than simply imaging a hard drive. With high-stakes cases you may not know what you’re looking for. It can take weeks of planning to ensure that all custodians and all their equipment are in the office ready for remote collection and, even then, nothing is guaranteed.”


With this in mind, FTI stands by the use of vetted and trusted third-party providers where it can and has formed such partnerships in Thailand.


Moreover, physical collections are expected to remain necessary despite the rise of technology, owing to regulatory restraints in Asia’s various jurisdictions.

"When operating on a remote basis you’re more likely to run into cross-border data transfer issues. Taking China as an example, before the pandemic you could choose to collect and review data and conduct interviews on the ground in China without the need to transfer unscreened data across the border. Conducting that work remotely in the current environment requires careful planning to avoid falling into any regulatory or data transfer pitfalls."

Timothy Blakely, Hong-Kong based partner at international law firm Morrison & Foerster


Here to stay


China is a prime example, with the country’s Cybersecurity Law requiring government agencies to conduct a security assessment on the transfer of “citizens’ personal information and important data” offshore.


Blakely said: “When operating on a remote basis you’re more likely to run into cross-border data transfer issues. Taking China as an example, before the pandemic you could choose to collect and review data and conduct interviews on the ground in China without the need to transfer unscreened data across the border. Conducting that work remotely in the current environment requires careful planning to avoid falling into any regulatory or data transfer pitfalls.”


The ever-changing nature of technology means it can be hard for firms to accurately track and identify necessary data prior to the collection phase, an issue that teams on the ground can return to a dynamic manner.


However, these issues do not mean that remote collection is without its key advantages. Indeed, if anything, remote collection is likely to come to dominate the landscape going forward.


Remote control


Remote collection’s most obvious advantage is that it cuts down on client costs, given the lack of international travel. Instead, domestic third-parties, cloud-based software or FTP programmes, and couriered hardware can bridge the gap; all of which also reduce the amount of time it takes to receive and start processing the data.


Jadav said: “Beyond the obvious travel restrictions, remote collections are increasingly attractive to clients in the current economic climate. Cost is often king and the prospect of not paying for flights and hotels can be appealing.”


There is also the human element to consider. Remote collection not only removes the health risks associated with international air travel it also sidesteps the issues of quarantine requirements while cutting down on potential disruptions to custodians. As companies look to a future in which office spaces are smaller – owing to greater employee uptake of WFH operations – the attraction of eDiscovery software solutions that minimise operational disruptions is set to grow.


Unified cloud-based eDiscovery platforms could ease some of the concerns surrounding the integrity of data collection and review. Traditional document collection can see the chain of custody broken multiple times as data is migrated between different programmes, while a single platform can track and trace every piece of documentation and associated interaction.


Outlook


COVID-19 has sparked a technological revolution, perhaps not in terms of software advancement but certainly in the sheer scale of uptake of current offerings. Companies have embraced WFH strategies as never before and there is little expectation of returning to 100% office capacity.


At the same time, as financial pressures mount in the coming years new legal disputes and litigation will arise and demand for eDiscovery will spike.


While there are plenty of centralised software platforms to choose from, the reality is that Asia remains a fractured ecosystem with a myriad of technologies striving to replace one another. Communications platforms are increasingly being used in unexpected ways and preserving the data they hold for later extraction will become essential to avoid a collection nightmare in the coming years.


Digital forensic specialists may see greater competition from software offerings that are more tightly integrated with cloud databases, but shifting regulatory and infrastructure environments ensure that physical interactions are here to stay.


Blakely said: “We’re moving to a hybrid future of eDiscovery. Law firms have been forced out of their standard playbooks and have innovated in response. When a vaccine arrives and business regains a semblance of normality, then we’ll see decisions around ESI collections driven by an informed cost-benefit analysis that considers a broad array of potential options, instead of simply defaulting to the way things had always been done before.”


For clients eager to embrace remote collection in order cut costs, these options will increasingly become the norm. But in pursuing this route they also need to be aware that – to some extent – this remains uncharted territory and a thorough analysis of the associated risks is essential to prevent costly mistakes from being made.


This article was written by Andrew Kemp for Conventus Law in association with FTI Consulting.


For further information about FTI Consulting in Asia, please contact:


Sandeep Jadav, senior managing director and regional lead for technology in Asia, FTI Consulting

sandeep.jadav@fticonsulting.com






FTI Consulting is an independent global business advisory firm dedicated to helping organizations manage change, mitigate risk and resolve disputes: financial, legal, operational, political & regulatory, reputational and transactional. Individually, each practice is a leader in its specific field, staffed with experts recognized for the depth of their knowledge and a track record of making an impact.




Register here for your monthly Asia legal updates