Read time: 4 minutes
By adopting best practices in 2023, you can significantly reduce discovery and privacy risks and costs arising from data proliferation and new data sources. In today’s hybrid work environments, all data from non-traditional data sources – such as texts from employee cellphones, data maintained by third-party providers and information from Teams, Slack and Zoom – can be subject to litigation discovery, whether the information is on company, employee or third party devices. Preserving and producing data from those sources can be difficult and expensive, but the consequences of failing to do so when required are much worse. Accordingly, it is critical to take proactive steps now, including updating your information governance practices, remediating obsolete data and preparing to use the latest technology tools to manage information and discovery demands.
New data and new data sources
Managed care data and its governance has changed significantly in recent decades, and continues to evolve at a rapid pace due to four contributing factors.
- The rise in electronic claim processing has dramatically increased the amount of data held by managed care companies, and this data often includes protected health information of members.
- The uptick of new technologies has changed the way that we communicate and what kinds of records we have, while also resulting in the proliferation of new data. For example, only a few years ago there was limited use of collaboration tools like Teams and Slack or communication tools like Zoom and WhatsApp, but now those tools are significant sources of documents that are becoming increasingly important in discovery.
- The COVID-19 pandemic led most companies to move to remote work and, for many companies, that will not be completely reversed – remote or hybrid work is here to stay. As a result, there is more data on personal devices like home computers and smartphones, not all within the direct control of the company (e.g., texts sent from cellphones).
- Data increasingly is stored “in the cloud,” whether on company networks using Microsoft 365 or Google Enterprise, or in the control of outsourcing providers.
All four of these factors complicate data preservation and production that may be required for litigation or investigations.
Becoming “discovery ready”
Here are the five key elements to “discovery readiness”:
- Know where your data is. Keeping an updated data map or inventory can give you a great head start, while also assisting with privacy compliance.
- Maintain updated information governance policies. This includes: (i) an updated retention policy and schedule; (ii) an updated electronic communications policy; (iii) an updated disaster recovery policy; (iv) an updated legal hold policy (including standard procedures and forms); and (v) updated bring your own device (BYOD) and work from home policies. Such policies should not only ensure that data is kept as long as needed (and no longer) for business, compliance and legal holds, but also should specify what data is or is not within the company’s control.
- Implement training, enforcement and tracking that maximize compliance with policies. This should include legal hold tracking that allows the company to quickly identify records and custodians that are or are not subject to legal holds.
- Remediate (i.e., delete or otherwise properly dispose of) obsolete documents and data no longer needed for business, legal compliance or legal holds. This includes old hard copy archives, old emails, “orphaned” data from departed employees or business operations, legacy data, backup data, SharePoint data and data from other data sources, including the new data sources identified above. Discovery costs and risks (as well as privacy risks) are directly correlated with the volume of data an organization maintains. Retaining only what is necessary is the biggest key to slashing associated costs.
- Be prepared to act quickly and efficiently through existing relationships with experienced e-discovery counsel who are fully conversant with the latest legal technology, including early case assessment (ECA) and technology assisted review (TAR) tools. This approach should result in efficient, consistent and defensible processes rather than abdicating control of e-discovery to counsel or service providers that may follow differing procedures, fail to follow “best practices,” fail to minimize costs or otherwise have varying levels of experience and competence with regard to handling e-discovery.
- Discovery is evolving with the rise of new data sources and proliferation of data.
- Companies that fail to properly prepare for discovery demands face substantial additional liabilities, burdens and costs.
- By taking proactive steps now, companies can significantly reduce e-discovery and data protection risk exposure.