For many corporate organizations, the Electronic Discovery (eDiscovery) function operates as a decentralized response mechanism. This trend has persisted since the phrase “Electronically Stored Information” (ESI) was wedged between the terms “documents” and “tangible things” in the 2006 amendments to the Federal Rules of Civil Procedure (FRCP).[1] The 2006 FRCP updates were essential to maintaining transparency in the American legal process as business organizations experienced a drastic increase in digital information,[2] but the complexity, cost and volume of the resulting duty to disclose ESI exceeded and continues to exceed the capacity and capability of many organizations. Recovering control over an extemporaneous eDiscovery function remains challenging given the continued exponential growth of data volumes and associated technology offerings. However, companies can mitigate eDiscovery risks and control costs by implementing ongoing change similar to how these same institutions address traditional regulatory transformation. 

Regulatory Change Management requires an evolving understanding of the procedural interaction between business, compliance and internal audit functions in order to satisfy requirements in a constantly changing regulatory environment. eDiscovery Management, a tangential if not intersecting process, often lacks similar qualities of maintenance and adaptation, which leads to a higher risk profile and cost structure. The incongruence in the way institutions administer eDiscovery is largely due to Legacy discovery models and the rapidity of change in the eDiscovery industry.


The case-centric Legacy approach to discovery exists where an organization’s internal legal function engages a law firm based on experience in a specific area of law and defers the discovery process to counsel. The law firm’s litigation and support teams traditionally handled the labor intensive discovery and review process but eDiscovery has increased the need for specialist vendors where the time and scope of the discovery obligation even exceeds the capacity of the law firm’s own technology solutions. The secondary and tertiary use of vendors has introduced three primary limitations:

  1. Client organizations lose direct control over discovery budgeting,
  2. Potentially unverified vendors increase the organization’s overall risk portfolio, and
  3. Decentralized operations create inconsistent processes across cases.

The decentralization of eDiscovery has created an industry expected to nearly triple between 2016 and 2021[3] and, although law firms responsibly mitigate the costs of litigation, it is imperative that organizations proactively seek control over the policy and procedure for the full eDiscovery lifecycle in order to maximize efficiencies between firms, cases and functions. After all, the duty to disclose ESI is an obligation that belongs to the organization. 

To satisfy these obligations, both ongoing and impending, an internal response mechanism requires cohesion between the Business, Legal, Technology and Governance, Risk & Compliance (GRC) functions. The eDiscovery Change Management framework is therefore a continuous discussion that accomplishes the following missions:

  1. Gaining a detailed understanding of fundamental business operations.
  2. Determining regulatory and litigation requirements arising from all business activities.
  3. Assessing the current institutional environment for managing risks and assets associated with ongoing obligations.
  4. Defining effective and reasonable action plans for addressing eDiscovery needs of the firm.
  5. Establishing a centralized eDiscovery leadership function that can unite contributors from various departments.
  6. Documenting and implementing policies and procedures for meaningfully managing the entire process from inquiry through production.


As previously stated, the discovery obligation is that of the business organization. More particularly and depending on the regulatory requirements of the industry, the obligation may personally belong to C-suite executives,[4] and various business functions and associated employees on a case-by-case basis. Therefore, an intimate understanding of the business is paramount to the success of the transformation process. This effort may include internal interviews and industry research, as well as providing metrics outlining the overall business impact of inadequate or inefficient eDiscovery workflows to gain support from the business. 

Regardless of the organization’s industry or business practices, and for the purposes of this discussion, there is always a duty to disclose according to the FRCP. Organizations have an ongoing obligation to retain ESI,[5] an impending obligation to produce ESI,[6]and an internal obligation to review ESI.[7] This is the baseline for any eDiscovery assessment. 


The assessment should be an honest discussion about how the organization currently manages eDiscovery requests. The organization may be in Legacy mode utilizing law firms as trustees of the eDiscovery process. Conversely, the firm may have a seemingly more advanced vendor-centric model primarily concerned with controlling the budgetary impact of discovery. This latter method is a Delegation approach to discovery where a firm identifies manageable tools and consistent pricing through a Request for Proposal (RFP) and law firms are delegated use of the vendor pool. Each scenario has merit but also contains known inefficiencies. The Legacy approach is suboptimal for reasons discussed above, but that is not to suggest that the Legacy model is indefensible. In many instances, the Legacy model may be one of necessity due to the cost-prohibitive nature of industry technologies. Outsourcing management of vendors to the law firms may be the most reasonable process. Similarly, the Delegation approach is more proactive in controlling vendors and costs but still decentralizes the majority of eDiscovery processes. It is the context and control in which these models are implemented that determines the defensibility of the process. The growing discussion of proportionality arising out of the 2015 modifications to the FRCP[8] affirms that eDiscovery solutions vary and a change program must remain cognizant of this notion when determining an organization’s true capacity for eDiscovery. 


Ideally, a firm could license all potential software utilities, incorporate the tools into a seamless user interface, and actively pre-cull data to only relevant, non-privileged information prior to collection. Nor does this solve the problem of efficiency, only thoroughness. Change managers must therefore meaningfully consider factors such as the size of the organization in terms of both revenue and resources and relevant data sources,[9] and do so while considering the industry expectation and need of a similarly situated firm with a comparable litigation portfolio.[10] The goal, regardless of needs relative to the business, is to develop a process-oriented approach to eDiscovery that is consistent, collaborative and accountable.

An Ownership model is focused on developing an integrated, internal practice group with an experienced eDiscovery leader. The issue really becomes who owns the process where personnel and assets from Legal, Technology and GRC are required for success. The presumed solution would be for an individual in legal to own the process as the FRCP obligations are inherently a legal requirement directly related to the prospect of litigation. However, it may be that the sophistication of the current response mechanism lies within Technology and it would be efficient to leave ownership with a member of that department due to their level of experience.

Ultimately, we want to unite Legal, Technology and GRC functions to provide full oversight of the eDiscovery process. The policies and procedures established by the eDiscovery working group will extend beyond the traditional and limited ownership of Litigation Hold, and provide standards and oversight for law firms, software vendors and outside consultants throughout the eDiscovery cycle. Accordingly, all parties, internal and external, will operate ostensibly and collaboratively as agents within a centralized and defensible framework with customary processes for preservation, review, analysis, validation, production and trial. Consistency will empower the firm to harness valuable cost-avoidance capabilities such as retention and repurposing of work product as well as regulate processes for implementing culling analytics such as Technology Assisted Review (TAR). By owning the full process, regardless of eDiscovery model, the organization will establish a cost-efficient eDiscovery function that satisfies discovery requirements and avoids spoliation[11] claims in a repeatable and controllable manner. 

[1] For example, the Duty to Disclose currently states, “[A] party must, without awaiting a discovery request, provide to other parties … a copy – or a description by category and location – of all documents, electronically stored information, and tangible things that the disclosing party has in its possession, custody, or control and may use to supports its claims or defenses[.]” F.R.C.P. Rule 26(a)(1)(A)(ii).

[2] Global data creation is estimated to have grown from 1 zettabyte in 2010 to 7 zettabytes in 2014. International Data Corporation. “Big Data: What It Is and Why You Should Care.” Matthew Eastwood, Carl Olofson, Richard L. Villars. June 2011.

[3] The eDiscovery market, including both services and software, will grow from nearly $8 billion in 2016 to nearly $23 billion by 2021 – “a Compound Annual Growth Rate (CAGR) of 23.4%.” Markets and Markets. “E-Discovery Market Worth 22.62 Billion USD by 2021.” November 8, 2016.

[4] Section 404 of the Sarbanes-Oxley Act (SOX) required management to take responsibility for “establishing and maintaining an adequate internal control structure[.]” 15 U.S. Code § 7262(a)(1). For financial institutions, the control structure inherently includes an adequate document preservation policy and process as per The Securities and Exchange Act of 1934 requirement for broker-dealers to retain “originals of all communications received and … sent … relating to business as such.” 17 C.F.R. § 240.17a-4(b)(4).

[5] “Once a party reasonably anticipates litigation, it must suspend its routine document retention/destruction policy and put in place a ‘litigation hold’ to ensure the preservation of relevant documents.” Zubalake v. UBS Warburg LLC, 220 F.R.D. 212, 218 (S.D.N.Y. 2003).

[6] “A party may serve on any other party a request within the scope of Rule26(b) … to produce … any designated documents or electronically stored information … stored in any medium from which information can be obtained[.]” F.R.C.P. 34.

[7] Parties have a personal obligation to review and categorize data in terms of responsiveness and privilege, at a minimum, prior to production so as to avoid over inclusive disclosure because “[p]arties may obtain discovery regarding any nonprivileged matter that is relevant to any party's claim or defense and proportional to the needs of the case[.]” F.R.C.P. Rule 26(b)(1).

[8] “Unless otherwise limited by court order, the scope of discovery is as follows: Parties may obtain discovery regarding any nonprivileged matter that is relevant to any party's claim or defense and proportional to the needs of the case, considering the importance of the issues at stake in the action, the amount in controversy, the parties’ relative access to relevant information, the parties’ resources, the importance of the discovery in resolving the issues, and whether the burden or expense of the proposed discovery outweighs its likely benefit. “ F.R.C.P. Rule 26(b)(1).

[9] We must determine whether existing data sources are not only relevant to potential litigation but that those sources and access to those sources are proportional to “the needs of the case.” The court found that it was not enough to simply request relevant information from a third party where the requesting party “never attempt[ed] to demonstrate that the discovery is in any way proportional to the needs of th[e] case, considering such things as … whether the information can be obtained from other and more convenient sources.” Noble Roman’s, Inc. v. Hattenhauer Distrib. Co., No. 1:14-cv-01734-WTL-DML, 2016 WL 1162553 (S.D. Ind. Mar. 24, 2016).

[10] We learned In re Biomet M2A Magnum Hip Implant Products Liability Litigation that a party seeking additional relevant data may not impose an additional expense on another party where the producing party executed a reasonable discovery process and there would be undue burden on the party to produce additional data “[e]ven in light of the needs of the hundreds of plaintiffs in this case, the very large amount in controversy, the parties’ resources, the importance of the issues at stake, and the importance of this discovery in resolve the issues.” In re Biomet. 2013 WL 1729682, 3.[11] “If electronically stored information that should have been preserved … is lost because a party failed to take reasonable steps to preserve it … the court, upon finding prejudice to another party from loss of the information, may order measures no greater than necessary to cure the prejudice; or …upon finding that the party acted with the intent to deprive another party of the information’s use in the litigation may…dismiss the action or enter a default judgment.” F.R.C.P. 37(e).