A multi-part series discussing the realities of eDiscovery in the context of investigations
“I feel the need – the need for speed!”
– Jim Cash & Jack Epps, Jr., Top Gun
In the first Part of this series, we reviewed the categories of investigations in which companies are frequently involved and their general eDiscovery ramifications. In this Part, we dive deeper into the need for speed and secrecy in the conduct of an investigation.
As we noted in the first Part, investigations often function on even shorter timelines than litigation discovery and often require more-careful control of the flow of information.
Time pressure is great in most investigative scenarios. If you are working to assess an internal issue, you will want to identify and quantify risks to the organization as quickly as possible so that they can be appropriately mitigated. If you are working to respond to a regulatory agency’s information request, you will likely be facing a tight, agency-imposed deadline, in a context where you want to satisfy the agency, in which the potential for renegotiation is limited, and in which the option to appeal to an independent judge is generally unavailable.
The need to more-carefully control the flow of information arises from the reality that in many investigative contexts you will be looking for bad actors within your own organization. Failure to control the flow of information (or to move with sufficient speed) provides opportunity for bad actors to spoliate evidence to cover their actions and to coordinate their stories with each other before talking to you. In either case, your ability to assess organization risks or to respond accurately to an investigating agency would be compromised, and the cost and effort required would become greater as you worked to overcome the attempted spoliation or penetrate the deliberate deception.
Speed in eDiscovery is a challenge in any context, but there are steps that can be taken at each phase to ensure things are moving as quickly as possible when you are racing an investigation deadline:
Controlling the flow of information actually goes hand-in-hand with achieving speed, as speed during identification, preservation, and collection is one of the best ways to stay ahead of the flow of information within your organization. As soon as a detailed hold notice (in the case of an agency-directed investigation) is issued, or as soon as active collection begins, any bad actors within your organization will be put on notice that you’re looking for them and may take steps to destroy evidence or prepare for questioning. So, in situations where bad actors are suspected, certain collection steps may need to be taken before the hold notice is issued to all subject employees.
There are several collection strategies that can be employed to acquire key data without alerting suspected employees. For example:
In the context of an agency-directed investigation where a hold notice should be issued, the hold notice should still be created and issued immediately to relevant IT personnel, to other relevant systems owners within the organization, and to any relevant managers above the level of the suspected bad actor(s), with strict instructions about the confidentiality of the matter. Any unannounced collections, like the examples above, should happen as soon as possible thereafter, and then the hold should immediately be issued to the rest of the subject employees.
Upcoming in this Series
In the next Part of this series, we will discuss in more detail the challenges of nuanced analysis and review in investigations.