Updated: Apr 20, 2020
While COVID-19 and remote work news abounds, one thing legal professionals may have not yet considered is how COVID-19 related changes may alter the eDiscovery process forever. In the wake of social distancing and isolation policies, remote work has become the new standard for offices and organizations of all sizes. This new way of working can present several challenges for employees unfamiliar with company policies and how to maintain security when working remotely. A valid fear companies have is that employees could mishandle or store data inappropriately if working outside of their usual environment. Down the road, improperly stored data could interfere with eDiscovery data collection and legal holds. There may also be some debate over identifying who has possession, custody, and control over data. Organizations should predict these eDiscovery complications and start developing strategies and implementing or amending policies surrounding remote work now to help limit future eDiscovery disputes.
Remote Work Communication and Data Management Challenges
One of the biggest issues that can result from the surge in remote work is data management and security. Many organizations are now using collaboration platforms like Microsoft Teams to facilitate virtual communication. Microsoft Teams offers tools like multi-user document collaboration, chat, file sharing, virtual meeting spaces, and integrated office applications.
While these are great tools to keep company communication flowing in a shared place, an issue that comes up is whether employees are accessing Microsoft Teams and other work-related applications in a secure manner. While some portions of the workforce are undoubtedly already familiar with their organization’s policies and procedures surrounding remote work, it is a new world to others. Also, the conversion to a remote workforce is happening so quickly that company leaders have little time to train employees on the expectations when working at home or to procure, configure, issue, and secure enough company devices.
All of these factors suggests there is a high likelihood that more employees will store data on their personal devices instead of on a company device or network, which creates a challenging environment for eDiscovery data collection in the future. Say an employee did not have access to a company device and was forced to work from home due to COVID-19 restrictions. They were told to use their personal laptop but not trained on how to secure and store data or access the company servers remotely, so the employee reverts to storing data in an insecure way, or maybe does not save data at all. Then, the company directs everyone to use Microsoft Teams for business functions and the employee begins sharing links on Microsoft Teams directly from their hard drive instead of a shared company server. An action like that increases the likelihood of lost or unprotected data, which will cause eDiscovery collection and disclosure problems if that data becomes subject to litigation. In this scenario, these seemingly benign choices from one employee reflect how complex eDiscovery data collection can be, especially if an organization has multiple users completing these types of ill-advised actions for several months. Another challenge will be learning how to collect data directly from the applications employees use during remote working, which will differ from simple data collection on company servers.
The Changing Landscape of Document Review
One of the ways the legal service providers are anticipating future demands of eDiscovery needs is with remote document review. While remote review is certainly not new, COVID-19 has shifted the review process to being mostly remote. To enable contract reviewers to work remotely, providers have had to put time and expense into creating effective security protocols to ensure data cannot be replicated, stolen, or breached from a home location.
On the security front, remote document review solutions are built to ensure secure remote work by using multi-factor authentication and verified https protocols that includes a complete set of safety measures ranging from disabled data redirection to automated data clearing on virtual desktops. Additionally, with an array of oversight options, including comprehensive reporting metrics, confidentiality agreements, and training, digital teams can be managed as if they were all in the same review center.
While not all organizations were initially comfortable with the remote review arrangement, many have tried, and ultimately liked this solution. There are several benefits to a remote review including the ability to rapidly create teams of document reviewers across locations to respond to the needs of clients. A review can be 24/7 using reviewers worldwide, and specifically, skilled contract reviewers will be far easier to plug-in as needed since they can be pulled from anywhere in the world. As organizations become accustomed to this arrangement and see the benefits, there will be a rise in remote review
Preparing for New Data Storage and Collection Challenges
Organizations need to prepare for the eDiscovery issues that may arise from the surge in remote work due to the COVID-19 pandemic. If organizations can illustrate that they made reasonable efforts to facilitate remote work in a secure manner and prioritize data preservation, then courts will likely give this significant weight during eDiscovery or legal hold disputes due to the surrounding circumstances of the COVID-19 pandemic.
Here are some tips on how to combat these challenges and prepare for future obstacles:
Update key policies and procedures surrounding remote work and device usage. Make sure all remote work and Bring Your Own Device (BYOD) policies are current. Important information to include are: what devices and applications the organization authorizes for business use, data storage practices, retention policies, and how to implement personal device usage. Ensure employees know that business data is always discoverable – whether generated at the office or at home. It also does not matter whether an employee creates data or uses an application for business purposes on their personal device; they still need to preserve this data because it can be subject to a legal hold or eDiscovery request. Best practices include distributing all policies to employees for review and signature, providing an open line of communication for questions, offering training courses, and conducting routine check-ins to ensure compliance.
Anticipate data collection challenges and learn how to collect from nontraditional data sources. If employees are using Microsoft Teams to collaborate, chat, and store data, there may be less email and text message usage. Organizations will need to become educated on how this tool, or other collaboration tools, operate and store data to aid with future collection efforts. For example, to collect information stored in Microsoft Teams where conversation threads and attachments remain together as a single data point, you will need to have employees use a “Teams Connector” to keep everything in one channel. By keeping everything in one channel, it will make for a successful and smooth data capture down the road. Other possible collection obstacles include sorting out what devices employees stored data on while working remotely (especially if they did not follow company policy) and handling disputes when they cannot locate requested data or an employee failed to retain documents. Again, reinforcing company policies and understanding unique efforts needed for nontraditional data collection will help overcome these challenges.
Perform routine compliance checks. During this remote period, supervisors should hold conference calls or virtual meetings to ensure everyone is aware of their data storage obligations and that employees are meeting company expectations. Make sure IT employees are available for any questions workers may have about remote work practices. Talk to document custodians about their collection and storage habits so leaders can pinpoint areas and behaviors that do not align with desired practices and can make changes going forward. Then, create a data map to help determine what is needed to migrate to a company server. Continue to perform these compliance checks even after going returning to a traditional workspace, as many people still work remotely or conduct business after leaving the office. All of this will enforce company expectations and make sure employees are following best data storage and preservation practices to help limit eDiscovery disputes.
While these new requirements, it will likely create extra efforts in the eDiscovery process, there is still time to prepare in order to reduce the fallout. Unfortunately, things will inevitably slip through the cracks. Employees will fail to follow BYOD, data storage, and remote work policies. Some key data may get deleted or lost. If that happens, make note of it and be forthcoming during any eDiscovery disputes surrounding the lost data. If an organization can show it was taking reasonable efforts to protect data during these messy times, courts will probably not be as harsh in their rulings.
We may not know how long COVID-19 related measures will be in place, but the effects will ripple outwards for many months. With several organizations switching to a remote work option, it is highly likely that some businesses will experience benefits from a mostly remote work force and will stick with it as a standard operating model. Other organizations will migrate back to a more traditional desk with florescent lighting model. Regardless of what the post-COVID 19 world looks like, it should be assumed the world will be substantially different than before. For legal professionals and practitioners, the implications can extend beyond eDiscovery considerations and into other issues like digital court hearings, remote representation, and permanent virtual offices. Whatever may arise, remember that communication, defensible policies with training, and documentation are keys to keeping the eDiscovery process as efficient as possible. Keep reading the Epiq Angle for the latest perspectives on how COVID-19 measures influence the business and practice of law.
For more information, please contact:
Caroline Woodman, Senior Vice President and Managing Director, Asia, Epiq