Chelsea Perez, a paralegal at the Humane Society of the United States, came on board specifically to help the nonprofit formalize and streamline its ediscovery process.
She’ll be speaking at this year’s PREX, the Portland-based in-house ediscovery conference, to talk about when to bring ediscovery in house and when to outsource it. We sat down with Chelsea to hear about the challenges and rewards of in-house ediscovery, the importance of good information governance, and factors to consider when hiring outside counsel and vendors.
How did you get started with ediscovery in general and with the Humane Society’s ediscovery process in particular?
I actually got my start with data management and ediscovery in Canada! I started out in a law firm before switching over to government work. I made my way through all the levels of government in Canada, ending with the Competition Bureau, which is the country’s antitrust agency. Then I came to the States about five years ago, and at that point, I decided I wanted to do something that had personal meaning.
At the same time, the Humane Society’s legal department had been through a few cases with demanding ediscovery. They’d tried to produce data and not been prepared or adept with it. Because of that, they’d relied on many different vendors, which had significantly run up their costs. So, they were looking for someone to set up a whole set of policies and procedures for ediscovery and get all of their systems on board. The timing lined up well for both of us.
What types of litigation is the Humane Society typically involved with?
The Humane Society is routinely involved with both offensive and defensive litigation. We have two departments in legal: 1) the office of the general counsel (OGC) with eight lawyers; and 2) the animal protection litigation (APL) section with 28 lawyers.
Half of the litigation is standard corporate litigation typical of most in-house legal issues, such as employment issues, contract disputes, trademark infringement, and standard IRS audits/regulatory issues.
The other half are cases that are unique to our advocacy work, such as defamation cases stemming from publications, civil rights cases – we get sued for a lot of the same things that police departments get sued for. In addition, we bring lawsuits, or help other organizations bring lawsuits, on animal issues.
The nature of the case will affect the ediscovery. It differs from case to case and lawyer to lawyer. OGC is mostly federal and activist work is a mix of federal and state. Civil rights cases are always federal and defamation and regulatory cases are state. In third party cases we are neither the plaintiff nor the defendant.
You mentioned costs — were there other drivers behind the push to in-house ediscovery, or was that the primary motivation?
I wouldn’t say it was primarily about costs, but costs certainly were a part of it. Three incentives were pushing the Humane Society to limit outsourcing: costs and budgeting, data security, and general information governance.
With costs, the problem wasn’t just the final dollar amount. It was that no one knew what ediscovery would cost for any particular case or in total. They couldn’t budget for ediscovery or predict their costs at all. They were using a variety of different vendors, each of which had its own billing scheme. And for an organization that didn’t understand all the details of ediscovery, it was difficult to figure out from that information what any case was truly going to cost.
Data security was another major issue. The Humane Society ended up with data all over the place, housed with multiple vendors and multiple law firms. They didn’t know how secure their data was in part because they just didn’t know where their data was! And getting vendors to delete data at the end of a case was a real challenge.
That ties in directly to information governance: the organization was ready to get control over its data, and no one could do that when data was housed in six different locations. They were transferring everything over to Office 365 and replacing their old email archiving system and disaster recovery system. With that change, they had no idea where they were going to keep data or how they were going to get to it.
Once you’d assessed the landscape, how did you tackle your analysis and set objectives for the ediscovery changes that they needed to make?
For me, the first step wasn’t even about ediscovery: it was creating an information governance plan. At that stage, all of our ediscovery was skipping that major front-end step. So I’ve been largely focused on changing people’s thoughts and ideas about information management, particularly retention of information.
Historically, the Humane Society just kept everything. They had emails going back to 2004, every old hard drive they’d ever used, backups of everything — even backups of their backups! It was a lot of data, a good deal of which was redundant and not relevant to anything. Most of that information, thankfully, isn’t very sensitive or legally regulated, aside from standard data like employee personal data and donation information. But, for most of our data, we don’t have a government agency declaring, “You must do this with this information.” That meant that people were using all kinds of external systems for data storage.
We’re now moving toward centralizing data: getting everything out of those external third-party platforms like Dropbox, Google Docs, or Gmail accounts. Ideally, we’ll get all of our organizational information consolidated within Office 365 so everything can stay under the umbrella of the organization. We want to be able to protect and access all of that data so we can better identify discoverable information.
When we’ve accomplished that, we’ll move on to handling our small cases entirely in house, all the way through review, analysis, and production. I expect we’ll still send out review for our big cases, but we want to have better control over our data and our process even when we do that.
What are some of the biggest challenges you’ve encountered in managing ediscovery? How did you solve them?
The biggest problem and challenge has been the time burden on a small staff. Having relatively senior lawyers in-house drop all of their regular work to concentrate on ediscovery creates a time and financial burden for the organization. A lawyer might spend 25% of their time on ediscovery all year but often that has to happen all at once. Regulatory or congressional issues often have tight deadlines that cannot be changed. This was solved by outsourcing. It has been the biggest solution to the time challenge and has given legal and ethical cover.
Outsourcing everything has exposed some new challenges. When each lawyer selects their own vendor, or the external counsel selects a vendor, it spreads our ESI over multiple locations. This creates security concerns. Having employee data copied and housed in multiple locations with varying cyber security protocols is not ideal and should be avoided. It can be difficult to close projects with some vendors after the case has closed and we have several closed files with external data that has not been deleted or returned appropriately.
The lack of transparency in ediscovery vendor contracts causes a lot of variance in cost on a case by case basis. This makes it very difficult to come up with a case budget. Even if you have a couple of contracts to compare side-by-side it is difficult to know what you are looking at. The average lawyer on a case would not be able to navigate the billing.
In addition, the costs can easily get so high that it affects the decision to litigate. There are scenarios of potential cases that can really help animals that don’t move forward due to the ediscovery cost issue. We had a third party subpoena for a case with just under 20 custodians identified. The total file size for all custodians was around 400GB of data. This case did have outside counsel and they wanted to use their preferred vendor. The cost was going to be approximately $62,000 to ingest the data and $11,250/month to host. For an all-inclusive package including review it would be $96,600 plus the $11,250 hosting cost. This is just for the ediscovery portion and as a third party.
In contrast, we responded to another third party subpoena in house and using Zapproved we were able to conduct searches and narrow the list of custodians and conduct further searches and reduce the amount of responsive data from the original 250GB to 1.8GB. We could then send the 1.8GB to the law firm and be within their 5GB included limit – alternatively, we could have provided them login access to Zapproved and had them to the review there. This is a much more reasonable approach and took very little internal resources and no additional cost.
Regarding your PREX session, what are some of the main points you’d like to make about how companies can balance their ediscovery needs when determining insourcing versus outsourcing decisions?
One of my main takeaways is that organizations — not some vendor or outside counsel — are best suited to know where their data is. If an organization doesn’t take control over its data by bringing at least some of its ediscovery in house, then every case is going to be managed differently. And that reduces consistency, which impairs defensibility.
So much of ediscovery comes back to good information governance. You want to have someone in the organization who knows where everything is and how to access it. We have 28 lawyers in our active litigation section and another eight in our general counsel’s office. Each one of those lawyers would probably look in a different place for data and would have a different idea of who the relevant custodians are. That sort of inconsistency is not very defensible! And in the long term, it costs way too much money and takes way too much time to manage.
Companies need to be aware and proactive about their data on the front end. It isn’t enough to wait until you need to collect data for ediscovery and then start trying to find it. A key part of that proactive approach is education. Employees don’t come in the door with any concept of ediscovery, so you have to provide resources and give them the tools they need to defensibly manage data.
To learn more about ediscovery insourcing considerations, consider attending PREX in Portland this September 25-27. You can find session and registration information here.