Category Archives: eDiscovery & Compliance

The Traditional Workplace is Not Coming Back, with Major Implications for eDiscovery

By John Patzakis

The world has in many ways returned to life as it was prior to the pandemic. Restaurants and hotels are packed again. Children are all back in their classrooms. Rock bands and philharmonics are playing in front of full audiences. But this is not so for the office.

Only about a third of knowledge workers are back in the office more than once a week, but, according to CNN, only 5 percent of employers are requiring in-office attendance five days a week. And it doesn’t look like these trends are going to change dramatically any time soon. In fact, the trend toward remote work should continue as office leases continue to expire. The vast majority of knowledge workers prefer some form of hybrid or remote work, and executives are increasingly coming to accept that reality. Remote and hybrid work is here to stay. And this has major repercussions for eDiscovery practices.

This is because the legacy manual collection workflow involving travel, physical access and one-time mass collection of custodian laptops, file servers and email accounts is a non-starter for the new era of remote and distributed workforces. Manual collection efforts are expensive, disruptive and time-consuming as many times an “overkill” method of forensic image collection process is employed, thus substantially driving up eDiscovery costs.

When it comes to technical approaches, endpoint forensic crawling methods are now a non-starter. Network bandwidth constraints coupled with the requirement to migrate all endpoint data back to the forensic crawling tool renders the approach ineffective, especially with remote workers needing to VPN into a corporate network. Corporate network bandwidth is at a premium, and the last thing a company needs is their network shut down by inefficient remote forensic tools.

For example, with a forensic crawling tool, to search a custodian’s laptop with 20 gigabytes of email and documents, all 20 gigabytes must be copied and transmitted over the network, where it is then searched, all of which takes at least a day or so per computer. So, most organizations choose to force collect all 20 gigabytes. But while this was merely inefficient and expensive pre-pandemic, it is now untenable with the global remote workforce.

Solving this collection challenge is X1 Enterprise Collect, which is specially designed to address the challenges presented by remote and distributed workforces. X1 enables enterprises to remotely, quickly and easily search across up to thousands of distributed endpoints and data servers from a central location. Legal and compliance teams can perform unified complex searches across both unstructured content and metadata, obtaining statistical insight into the data in minutes, and full results with completed collection in hours, instead of days or weeks. The key to X1’s scalability is its unique ability to index and search data in place, thereby enabling a highly detailed and iterative search and analysis, and then only collecting data responsive to those steps.

X1 operates on-demand where your data currently resides — on desktops, laptops, servers, or the cloud — without disruption to business operations and without requiring extensive or complex hardware configurations. After indexing of systems has completed (typically a few hours to a day depending on data volumes), clients and their outside counsel or service provider may then:

  • Conduct Boolean and keyword searches of relevant custodial data sources for ESI, returning search results within minutes by custodian, file type and location.
  • Preview any document in-place, before collection, including any or all documents with search hits.
  • Remotely collect and export responsive ESI from each system directly into a Relativity or RelativityOne® workspace for processing, analysis and review or any other processing or review platform via standard load file. Export text and metadata only or full native files.
  • Export responsive ESI directly into other analytics engines, e.g. Brainspace®, H5® or any other platform that accepts a standard load file.
  • Conduct iterative “search/analyze/export-into-Relativity” processes as frequently and as many times as desired.

To learn more about this capability purpose-built for remote eDiscovery collection and data audits, please contact us.

Leave a comment

Filed under Best Practices, ECA, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, Preservation & Collection

Relativity and X1 Publish Updated Joint Legal Whitepaper on ESI Collection Best Practices

By John Patzakis

Relativity and X1 have published an updated joint legal whitepaper addressing full-disk imaging as a disfavored collection practice in civil litigation, with Relativity eDiscovery attorney David Horrigan as the lead author. This paper is a substantive update from the original published a year ago, adding discussion of important and relevant new case law published in the past 12 months. The paper notes that “if the preliminary data from the first five months of 2022 are any indication, we may be seeing that the law of proportionality is becoming more settled — and that courts continue to disfavor full-disk imaging.”

The paper delves into all the legal reasons, including detailed analysis of case law, the Federal Rules of Civil Procedure, and the Sedona Principles establishing why forensic collection is not required in civil litigation. The paper primarily focuses on the principles of proportionality in its legal analysis as well as case law issued prior to the 2015 amendment to the Federal Rules of Civil Procedure, which gave greater prominence and clarification of the proportionality rules.

One of the recent updated cases included is Besman v. Stafford, where the appellate court reversed and remanded a trial court’s order of a forensic examination of a law firm computer, holding the trial court erred in failing to take precautions to protect the privileged and confidential information on the device. “Generally, courts are reluctant to compel forensic imaging, largely due to the risk that imaging will improperly expose privileged and confidential material contained on the hard drive,” Judge Anita Laster Mays wrote for the appellate court.

This is an important topic as a key problem in eDiscovery that drives inefficiencies and higher costs is that default collection methods often involve full-disk imaging—a forensic examination of an entire computer—when searching for responsive data. As the whitepaper notes, “it turns out full-disk imaging is not required for most eDiscovery collections. In fact, courts often disfavor the practice.”

A copy of the whitepaper can be found here.

Leave a comment

Filed under Best Practices, Case Law, collection, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, proportionality, Relativity

Industry Experts: Proportionality Principles Apply to ESI Preservation and Collection

By John Patzakis

Under Federal Rule of Civil Procedure 26(b)(1), parties may discover any non-privileged material that is relevant to any party’s claim or defense and proportional to the needs of the case. Lawyers that take full advantage of the proportionality rule can greatly reduce cost, time and risk associated with otherwise overbroad eDiscovery production. In a recent webinar, eDiscovery attorney Martin Tully of Redgrave LLP, addressed how to use processes and best practices to operationally attain this goal, particularly in the context of preservation and collection. In addition to being a partner at the Redgrave firm, Tully is currently the chair of the Steering Committee of the Sedona Conference Working Group on Electronic Document Retention and Production (WG1), providing additional import to his comments on the subject.

During the webinar, Tully noted that the “duty to preserve is directly aligned with what is within the scope of discovery….so if something is not within the scope of discovery – that is its either not relevant or its not proportional to the needs of the case — then there should not be an obligation to preserve it in the first place.” Tully discussed at length the recent case of Raine Grp. v. Reign Capital, (S.D.N.Y. Feb. 22, 2022), which holds that under FRC 26(a), parties “have an affirmative obligation to search for documents which they may use to support their claims or defenses.” In meeting these obligations, the court provided that a producing party may utilize search methodologies, specifically mentioning search terms. Tully explained that the court—in addressing the concept of reasonable, proportional discovery under the Rules – provides that producing parties are obligated to search custodians and locations it identifies on its own as sources for relevant information as part of its obligations under Rule 26, but that such identification and collection efforts should be proportional.

Further to these points, Tully weighed in on overbroad practice of full-disk imaging, noting that it should not be the default practice for eDiscovery collection: “Too often there is a knee jerk approach of ‘let’s just take a forensic image of everything – just because.’” According to Tully, alternative and more targeted search and collection methods were more appropriate for eDiscovery and can better effectuate proportional efforts: “Indexing in-place is key because it doesn’t just preserve in-place and reduce costs, but it can give you insight (into the data) to further justify your decision not to collect it in the first place, or if you need to, you are in much better shape to go back and collect the data in a tailored and focused way.”

Co-presenter Mandi Ross, CEO of Insight Optix also provided keen insight, outlining her typical workflow applying the aforementioned proportionality concepts through custodian and data source ranking and keyword searching performed in an iterative manner to identify key custodians, data sources, and the potentially relevant data itself. To effectuate this, Mandi noted that the enterprise eDiscovery collection and early data assessment process should enable a targeted, remote, and automated search capability, with immediate pre-collection visibility into custodial data.

In fact, both Tully and Ross emphasized in their comments that none of the cost-saving, targeted collection efforts permitted under the Federal Rules can be realized without an operational capability to effectuate them. Ideally, the producing party can employ a defensible, targeted, and iterative search and collection process in-place, prior to collection to effectuate the proportional discovery process approved by the court in this decision. However, without such a capability, the alternative is an expensive, over-collection effort, where the data is searched post collection. Enabling the search iteration and targeted collection upstream brings dramatic cost savings, risk reduction, and other process efficiencies.

A recording of the webinar on proportionality can be accessed here.

Leave a comment

Filed under Best Practices, Case Law, Case Study, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, Information Management, Preservation & Collection, proportionality

Case Law Update: Federal Court Endorses Targeted Search Term Based ESI Collection

By John Patzakis

A recent decision from the Southern District of New York provides that the parties’ have obligations to conduct reasonable searches during discovery, but such searches may be targeted. The court invoked the proportionality concepts within the Federal Rules of Civil Procedure, which govern the production of Electronically Stored Information (“ESI”). In Raine Grp. v. Reign Capital, (S.D.N.Y. Feb. 22, 2022), the plaintiff, “a merchant bank with over 100 employees,” sued defendant “Reign Capital LLC, a two-person real estate development and management firm, for trademark infringement and unfair competition based on Defendant’s” name. After unsuccessful meet and confer efforts to negotiate an ESI protocol, the Court ruled on two key issues in dispute—the scope of the plaintiff’s search and collection obligations and the formulation of certain search terms.

The court, in its written decision, first articulated a party’s general obligations under the Federal Rules of Civil Procedure, noting that Federal Rules of Civil Procedure 26 and 34 “require parties to conduct a reasonable search for documents that are relevant to the claims and defenses.” The court further noted that under Rule 26(a), “Parties have an affirmative obligation to search for documents which they may use to support their claims or defenses.” In meeting these obligations, the court provided that a producing party may utilize search methodologies, specifically mentioning search terms. The court observed that, “in this instance, the producing party must include and utilize search terms it believes are needed to fulfill its obligations under Rule 26 in addition to considering additional search terms requested by the requesting party.” The court—in addressing the concept of reasonable, proportional discovery under the Rules—continued: “In other words, the producing party must search custodians and locations it identifies on its own as sources for relevant information as part of its obligations under Rules 26 and 34.” Importantly, the court noted that “an ESI protocol and search terms work in tandem with the parties’ obligations under the Federal Rules…”

Additionally, the court advised the plaintiff to search not only the relevant custodians’ direct data sources, but also “other sources of data such as shared drives that are not particular to a specific custodian that should be searched as part of Plaintiffs’ obligations under Rule 26. Plaintiff is expected to conduct a reasonable search of such non-custodian sources likely to have relevant information.” The court here is making an important point about shared network drives, and that the parties have a duty to search them for relevant information. We have previously blogged about the importance of network file shares and how to effectively conduct eDiscovery on those critical data sources.

In regard to the formation of search terms, the court, explained that “[s]earch terms, while helpful, must be carefully crafted. Poorly crafted terms may return thousands of irrelevant documents and increase, rather than minimize the burden of locating relevant and responsive ESI. They also can miss documents containing a word that has the same meaning or that is misspelled.” The court further correctly advised that overly broad search terms “are typically not sufficiently targeted to find relevant documents. Modifiers are often needed to hone in on truly relevant documents.” This decision is very important as the court endorses the concept of utilizing highly targeted search terms and other parameters to defensibly collect and preserve potentially relevant ESI.

Additionally, this decision illustrates the necessity of an iterative, in-place search and collection process. None of the cost-saving, targeted collection efforts outlined by the court can be realized without an operational capability to effectuate them. Ideally, the producing party can employ a defensible, targeted, and iterative search and collection process in place, prior to collection to effectuate the proportional discovery process approved by the court in this decision. However, without such a capability, the alternative is an expensive, over-collection effort, where the data is searched post collection. Enabling the search iteration and targeted collection upstream brings dramatic cost savings, risk reduction, and other process efficiencies.

Leave a comment

Filed under Best Practices, Case Law, eDiscovery & Compliance, Enterprise Search, Preservation & Collection

ILTA eDiscovery Survey Highlights Targeted ESI Collection as the Preferred Methodology

By John Patzakis


The International Legal Technology Association (ILTA) recently published a very informative and comprehensive law firm eDiscovery practice survey, “2021 Litigation and Practice Support Survey.” ILTA received responses from litigation support professionals from 82 different law firms ranging in size from medium to large, on a variety of subjects, including eDiscovery practice trends and software tool usage. While the survey addresses a variety of aspects of legal tech and litigation, the survey reveals a couple of very notable insights regarding ESI collection in the enterprise.

The first important insight reflects that targeted ESI collection is the clear preferred method over forensic collection for litigation support purposes. Fifty-nine percent of respondents preferred “targeted collection (non-forensic)” as their standard methodology, while 13 percent still preferred forensic imaging. Forensic collection is rightfully on the decline as a method of ESI collection, as legal counsel seeks to leverage proportionality concepts that greatly reduce cost, time and risk associated with otherwise inefficient eDiscovery.

However, attaining the benefits of targeted collection requires the ability to operationalize workflows as far upstream in the eDiscovery process as possible. For instance, when you’re engaging in data over-collection, which in turn runs up of a lot of human time and processing costs, the ship has largely sailed before you are able to perform early case assessments and data relevancy analysis, as much of the discovery costs have already been incurred at that point. The case law and the Federal Rules provide that the duty to preserve only applies to potentially relevant information, but unless you have the right operational processes in place, you’re losing out on the ability to attain the benefits of proportionality. That is why we see forensic imaging, the epitome of data over-collection, on a steep decline.

The second notable takeaway was that network file shares and “loose files” were the most common form of collection data sources, even outpacing email. Network file shares are a significant challenge with data volumes, typically 10 to 20 terabytes, but can be much higher. Nearly every company and government agency maintains such large file shares, sometimes hundreds of them, depending on the size of the organization. Large network file shares can be found on premise or in a company’s cloud environment.

Traditional eDiscovery collection methods fail to efficiently address these large file shares, due to significant logistical challenges. The data cannot simply be searched in-place by traditional forensics tools or other crawling methods. Consequently, the data is typically copied in bulk and then migrated to another location for processing, where the data is finally indexed and then searched and culled. This approach does not enable the targeted, proportional collection methods preferred by law firms, as noted above.

To accomplish the goals of both targeted collection and addressing large file shares, index and search in-place technology should be utilized. Indexing and search in-place in this context means that a software-based indexing technology (as opposed to an expensive and cumbersome stand-alone hardware appliance) is deployed directly onto the file server or an adjacent computing resource. This indexing occurs without a bulk data transfer of the data. Once indexed, the searches are performed in a few seconds, with complex Boolean operators, metadata filters and regular expression searches. The searches can be iterated and repeated without limitation, which is critical for large data sets.

These capabilities supporting targeted and proportional collection of loose files, emails, and large network file shares are uniquely provided in the X1 Enterprise Platform.

1 Comment

Filed under Best Practices, eDiscovery, eDiscovery & Compliance, Enterprise eDiscovery, ESI, law firm, Social Media Investigations