The Greatest Resource is Also the Greatest Risk
A year ago, blissfully unaware of the looming global crisis, organizations were busy developing their 2020 strategies on growth, direction, and initiatives—often paying less attention to areas such as IT and legal spend. Since then, organizations have been turned upside down, dynamically adapting each day, and finding new ways to operate in a similar capacity to their norm.
It isn’t difficult to see how this crisis will impact global markets for years to come, or that economic downturns of this magnitude directly relate to an increase in litigation. Organizations have begun examining existing liability and indemnity protection clauses, attempting to negotiate new contractual terms where appropriate, and following every methodology they can to better position themselves for the potential legal challenges ahead.
The bottom line? Whether you are grappling with business interruption, supply chain issues, or employment disputes, there has never been a better time to revisit your litigation readiness strategy.
Litigation readiness is the state of being fully prepared with a repeatable, defensible plan for how to respond to the initiation of a lawsuit or investigation. To help you evaluate your readiness, let’s examine three ways the current crisis is changing the way we operate, the impact these changes may have on your litigation strategy, and how best to arm yourself with solutions moving forward.
1. Cloud Data Governance and Discovery
The onset of pandemic-related restrictions directly inspired unquestionable recognition of the value that cloud technology delivers. There has never been a stronger need for instant availability and flexibility in IT resources as under the duress of a global pandemic.
It is difficult to imagine how large, growing global businesses could adapt to remote working environments in the absence of cloud technology. Electronic data is at the core of any litigation readiness strategy, with information governance and data preservation forming the first vital pillar. Data mapping—documenting IT estates, different types and classifications of data, the locations where data is stored, and which departments or individuals interact with such data—can be overwhelming in any landscape. Overlay this with the mysteries of “the cloud” and confusion ensues.
The first step is to demystify the cloud: In short, it is simply a data estate managed outside of your premises. With off-premises data comes adherence to stringent information security protocols, generally consisting of a large contractual agreement which holds all the valuable information you need to start your information governance journey.
The next layer of complexity to unravel is the application layer. Understanding the data classifications held in each of the applications used by your organization is the first step.
Understanding to what extent data can be made available and the level of effort required to obtain such data is next. It is critical not to underestimate the importance of a well-executed legal hold.
On that subject, it’s noteworthy that dramatic migrations to cloud-based SaaS tools put pressure on organizations to be very clear on their personal discovery obligations as a company, knowing that the data retention triggers and functionality built into enterprise software solutions like Microsoft 365 cannot be assumed sufficient.
Consequentially, it is imperative to align your discovery obligations to what is already available in your current software stack, identifying areas of risk and taking action to fill any gaps—whether that be in the form of supplemental data archiving or more extensive e-discovery software.
2. Corporate Flexibility and the Virtual Workforce
The global pandemic is accelerating a transformation in business operations. Office spaces will likely undergo changes to reflect a shift in focus toward building interaction and communities, with priority given to video technology.
Such changes, as well as widespread adoption of collaboration platforms such as Microsoft Teams, have uncovered a number of additional data sources that fall under discovery obligations. Whether it’s messaging between individuals, a departmental group conversation, or collaborative files shared therein, the ramifications for data retention policies, and how a company adheres to a policy and its defensibility position, should be addressed.
The stored communications of recorded content such as audio and video provide an added layer of complexity to your discovery obligations. Collaboration software has accelerated some of these data capture obligations, often unbeknownst to the users themselves. This may include facial content and similar identifying information, so it must be considered a privacy issue—especially in remote working environments.
Unfortunately, the savings secured through flexible working arrangements do not come risk free.
For instance, with the use of personal devices and computers for business, data privacy lines are easily blurred. Employees should be made aware of the e-discovery implications of using family devices for work-related tasks such as email or document sharing. Additionally, the increasing use of mobile messaging applications such as WhatsApp for teams to communicate should also be monitored.
A review of IT policies can be useful in managing these and other emerging risks.
3. Identifying the Right Technology and Vendor
Naturally, answering these questions—and executing on those answers—may require the assistance of specialized technology and outside experts.
In this case, when selecting appropriate vendors, it is important to understand that these businesses may also have been impacted by the current economic downtrend.
Understanding the vendor’s economic stability and financial position is as vital as understanding their technology capabilities, pricing structure, and global outreach.
Furthermore, a suitable vendor will prioritize and actively consult on integrating into your existing legal workflows in order to establish themselves as a trusted, long-term business partner and an extension of your team.
Given the travel restrictions expected to continue well into 2021, assessing a vendor’s remote capabilities is crucial, as is establishing communications protocols between your team and theirs.
When it comes to bringing in a vendor, forecasting and accommodating legal spend in these areas may be difficult given exponentially increasing data volumes. However, there is one relatively straightforward solution: Harnessing technology to reduce costs has and will continue to be a game changer for modern organizations.
AI in the form of machine learning can be very effective for organizations looking to enhance their ability to identify information pertinent to a legal response. Whether you have recurring regulatory responses, litigation, or investigative matters, your data remains the same—it’s just a matter of understanding it in these contexts as quickly as possible. Harnessing machine learning, you can effectively build models that remove completely irrelevant content, home in on content from example documents, and even leverage models that you can engineer to look for issues that you have previously identified. For larger global organizations, models can even be created for specific regions where languages differ.
Using AI and data analytics to drive efficiencies in a review exercise, for example, can be an effective method to manage costs. Organizations should seek advice from vendors and consultants on implementing these technologies within existing legal workflows.
This scale of pandemic will no doubt serve as a catalyst in global economic shifts, highlighting deficiencies in global market sectors and ultimately making them stronger and more sustainable.
On that path forward, however, stringent legal planning and positioning when exposed to heightened levels of dispute resolution are essential. This amplifies the need to have a defensible, robust data governance and preservation strategy—one that is clearly documented, closely followed, and regularly updated.
If you’re taking on the task of building this strategy, you’ll be well served by keeping the above considerations in mind.
Amardeep Thandi (Control Risks) is an associate director at Control Risks, in London's compliance, forensics, and intelligence practice, specialising in forensic and legal technology optimisation within e-discovery.