Our morning speaker for the seminar was Dr. Eugenia Brumm, Director of Huron Consulting Group. Her talk, “RIM’s Impact on Discovery,” gave lots of information about the processes involved in managing information, and how those processes affect and are affected by discovery.
The EDRM and IGRM
First, Brumm walked us through the steps of the Electronic Discovery Reference Model, or EDRM. This model was created to provide guidelines, standards, and a common language surrounding the eDiscovery process. According to the EDRM, there are six steps that businesses tend to follow to organize electronically stored information during eDiscovery. Through the progression of these steps, the volume of records decreases while their relevance increases:
- Information management
- Preservation and collection
- Processing, review, and analysis
The EDRM has become a widely-used standard to describe the workflow and processes of eDiscovery, and has led to a related model called the Information Governance Reference Model (IGRM). While the EDRM demonstrates a workflow specifically for eDiscovery, the IGRM provides a wider framework for effective information management programs as a whole. It also aims to address the issue of insufficient collaboration among key stakeholders, such as business users, IT, legal, and RIM departments within organizations. Information is at the center of the IGRM, and the various stakeholders perform different actions around that information:
- Create, Use
- Store, Secure
- Retain, Archive
- Hold, Discover
Each stakeholder must work together to ensure that information moves through all of these actions in an efficient way across the organization.
ISO 15489 and Discovery
After explaining these two models, Brumm discussed the relationship between good RIM programs and eDiscovery. She began this portion of the talk by explaining why organizations have difficulty with discovery:
- Information is created in the course of business for business processes – not for discovery.
- Discovery is an information process (identify relevant information, then collect and review it, then present it) – but the information found during discovery was not created for that process.
- Most organizations have problems with information retrieval in the normal course of business.
- This is magnified during discovery, when agents are searching for information for a different purpose and according to different parameters.
However, a good RIM program, as set forth in ISO 15489, should help organizations in the long run if they are ever subject to discovery. ISO 15489 is an international standard for records management policies and procedures. As the ISO 15489 introduction states, it was drafted to help “ensure that appropriate protection and attention is given to all records, and that the evidence and information they contain can be retrieved more efficiently and effectively, using standard practices and procedures.” Brumm identified twelve components in ISO 15489 that are relevant to eDiscovery:
- Determining which information to create and capture
- Form & structure of information
- Which technologies to use
- Metadata creation & management
- Organizing information
- Retention & regulatory requirements
- Retrieval, use, and transmittal of information
- Risk assessment
- Safety, security, privacy
- Destruction, expungement
- Migration, system change, conversion
- Long-term preservation
How the ISO 15489 elements affect discovery
The way that each step is executed can have an impact on discovery later on. For example, regarding step 1, determining which information to capture: It’s almost too easy to create records that are not really necessary. If you write an email to your colleague in the cubicle next to you (when you could have just talked to them), you’ve just created a record. Later on, that record might be subject to review during discovery. It might not seem like much, but all of those unnecessary records will add up and will cost time and money to manage later on. Having a policy in place that states what records should be captured and created can help cut down on the volume of records that your organization has to manage – and that would be subject to review in discovery.
Brumm then expanded on how the rest of the components, and particularly metadata creation and management, will facilitate discovery down the road. Therefore, as a RIM program matures, and information identification, capture, availability, retention, and disposition improve, the volume of records available for review during discovery decreases. That, in turn, means that the amount of time and money spent on discovery also decreases. The eventual goal is to demonstrate defensible destruction, which will stand up in court as reasonable and consistent. That basically means that if your organization is ever subject to discovery, then you will be able to show a judge that you have been retaining and disposing records in a legally defensible way, according to established policies.
Of course, as Brumm emphasized, being able to defend your records management program in court should not be the driving force behind your policy! Instead, it should merely be an added benefit. In the normal course of business, the purpose of a good records management is to allow your organization to function more effectively and efficiently – and hopefully, discovery will never be part of the picture!