Coronavirus and E-Discovery: How COVID-19 is Testing Business Continuity for Service Providers

Every SaaS provider has a written business continuity and/or disaster recovery plan in place to ensure minimal service outage or downtime in the event of a global health emergency. These plans are reviewed periodically and may even undergo simulation testing, but now, the coronavirus (COVID-19) is putting SaaS providers to the test. The good news is that the e-discovery world is in many ways more prepared than ever to handle a global health crisis.

Software, datacenters and service providers are dependent on people. People manage infrastructure, run collections, image phones, process data and review documents. Due to the highly contagious nature of COVID-19, it is critical that we pay close attention to the evolving recommendations provided by the CDC and local governments. Quarantine and similar measures of precaution have the potential to disrupt the global economy, and e-discovery is no exception.

Software as a Service

Running a large-scale, highly available software environment requires a healthy, and, often onsite, IT team. IT personnel play a critical role in operational health, often putting out fires and solving critical issues that directly impact service delivery. However, while service providers are proud of their ability to support large-scale, sophisticated software environments, they typically invest more staff and resources in client-facing services than IT. When a server, or team member, is unhealthy, there is little the client-facing team can do to save the day.

When it comes to business continuity, the cloud offers key advantages over an on-premise model. First, working from home will likely pose a greater challenge for company IT departments than it will for Microsoft’s army of more than 40,000 IT engineers. More importantly, cloud deployments typically offer a largely automated ecosystem capable of identifying and solving problems without human intervention, auto-provisioning resources, cycling servers and alerting IT staff when necessary. Moreover, a cloud deployment is less vulnerable to interruptions caused by a pandemic, as it is inherently designed to be more self-sustaining (i.e., less human-dependent) than traditional non-cloud deployments.

Document Review Centers

At no point do more people congregate in the same room during the e-discovery lifecycle than during a document review. Dozens to hundreds of reviewers gather in large open spaces Monday through Friday, sitting in close proximity and often using devices shared by multiple shifts, making document review centers a perfect venue for the transfer of a highly contagious virus. Outside of a pandemic, there can be advantages to onsite (versus remote) review. Onsite review offers direct eyes-on oversight of people and technology, which is sometimes required for highly sensitive projects. However, during a pandemic, it would be difficult to design a better petri dish for the spread of COVID-19 than a large-scale review center.

As a result, it’s critical that companies transition their teams to a remote review model. Fortunately, remote-capable review environments are getting more affordable, and cloud security controls more robust. For example, industry-leading cloud platforms offer robust access management control, detailed audit trailing of user activity, and high-level encryption of data both in transit and at rest.

Even major health institutions, including Mayo Health Systems, have embraced remote review for medical coding and transcription services, which require HIPAA compliance. As an added bonus, remote reviews generally allow service provider to pass-on cost savings to their clients through lower hourly review rates.

Onsite Collection

Collection has historically been the most high-touch of all phases in the EDRM. In a typical scenario, one or more forensics experts, armed with their favorite portable imager, flies to a client’s office and harvests data from more than 50 desktops, email systems, cell phones and network shares. Then, he or she transports the data back to the lab for processing, review and production. COVID-19 presents two major challenges to onsite collections.

First, some employers have transitioned to a work-from-home model, although such measures have not yet been recommended by the CDC. As a result, the 50 target devices for collection could be located at 50 different personal addresses, making the project a logistical nightmare of coordinating meetings with each custodian. Second, many companies have put a moratorium on air travel until at least April 1, which limits the examiner’s ability to collect onsite.

Here, again, we as an industry are better positioned than ever to adapt to a remote model. While email and O365 are table-stakes for remote collection, targeted collections from desktops, network shares and even iPhones can also be performed remotely using commercial off-the-shelf imaging software. What once was an arsenal of physical collection devices, portable imagers and wire-harness kits, is now being replaced with centralized, enterprise-level collection software, remotely connecting to hundreds of endpoint devices across an organization.

In such deployments, collections can be performed by a remote examiner from his or her office, and can target custodial devices regardless of their physical location, at home or in the office. During a time of social distancing, when on-site collection may not be possible, a remote collection strategy is essential to keep data flowing downstream for review and production.

Takeaways

In an industry driven by automation, our human workforce has become more important than ever. Keeping our people safe from a global pandemic without interrupting service delivery is not an easy task. However, there are actionable solutions that can be put in place to enhance your business continuity and disaster recovery plan.

To future-proof your e-discovery operations, it is recommended that you: (1.) Leverage the cloud to increase resiliency and security, (2.) Utilize remote collection more broadly, and (3.) Promote remote review to your clients. Service providers are truly better equipped to handle a global health crisis than ever, as long as we are willing to adapt and embrace change. Oh, and wash your hands and stop touching your face!

Benjamin D. Sexton is Vice President of eDiscovery and Analytics at JND in Minneapolis, where he advises corporations and law firms on deploying the proper policy, process and technology to meet discovery goals and reduce risk. JND is a RelativityOne Certified Partner. He can be reached at [email protected].