UK: An Introduction to UK-wide
Alvarez & Marsal
View firm profile
e-Discovery in the UK
e-Discovery, or e-Disclosure, is an essential phase of not just litigation, but also investigations, regulatory enquiries, compliance assessments and increasingly arbitrations. Data is the lifeblood of most modern-day organisations, and although not the only source of information relevant to an investigation, data can provide an un-biased, un-altered and accurate reflection of historic events, unlike other sources. Data can be more reliable than the human mind, especially given the history of disputes, and data tends to be more pervasive and persistent than paper documents.
Given the use of technology throughout a workplace and beyond, data exists in many different forms but can be grouped into four categories: unstructured, structured, semi-structured and social.
Unstructured data refers to information where the content does not exist within a pre-defined form, is generally text-heavy and typically comprises emails, documents, spreadsheets and presentations.
Structured data is the opposite of unstructured data, in that it refers to information where the content does have a pre-defined form and is generally in the form of ‘databases’, for example financial & accounting systems and customer relationship management systems.
A hybrid of structured and unstructured data, referred to as semi-structured data, can also be prevalent within an organisation, this is where the content tends to be unstructured, but it is bound by a more solid structure. A typical example of this would be chat or instant messenger messages – which are becoming more widely used and pertinent in certain industries, and therefore should not be overlooked.
Social data refers to data that is shared publicly or shared within a more restricted context, e.g. within an organisation or a circle of ‘friends’. Social data is stored within a central repository and includes not only the content but also information that is linked to this content, such as ‘shares’, ‘likes’, location, time posted, etc. Although the most recognisable sources will be external to an organisation (e.g. Facebook, LinkedIn, etc.) organisations are introducing these technologies internally via enterprise social networking services, used for private communication within organisations, and thus they need to be appropriately considered.
When dealing with data in respect of a dispute, the exact way that it is managed and implemented will vary from case to case, however, there are various models available which set out some of the key stages of such exercises. The most widely used, and referenced, is the Electronic Discovery Reference Model.
Although this model was designed to meet the requirements of legal discovery under US litigation, it has equal applicability in the UK and globally.
e-Discovery is as interesting a place as ever as new technologies try to keep up with the challenges we are facing in the prolific growth and dependency of data. Not only are data volumes increasing but the range and diversity of software and applications that are used to create data are also increasing – especially in the current working environment with so many people working from home, remotely or in a hybrid environment. This has complicated the situation from an e-Discovery perspective as there are now more systems that need to be considered – for example, the use of collaborative tools which facilitate file sharing and instant messaging, like Microsoft Teams, Zoom and Google Hangouts has increased dramatically. These may not be relevant in every case but need to be considered when mapping out the IT landscape and deciding what data to collect or not, and why.
But as technology provides these challenges it also continues to provide solutions that can be used throughout the e-Discovery process. For example, the use of remote imaging solutions and software is enabling data to be successfully captured without an on-site visit due to the varying social-distancing measures; continued use of data reduction processes such as email threading, near deduplication and clustering conceptually similar documents; and the increased use of advanced analytics and assisted review technology, such as Continuous Active Learning (CAL), which in addition to the traditional model can also now “learn” from coding decisions in real time and uses those insights to promote documents more likely to be relevant to the top of the review queue.
These aren’t particularly new, but their usage and legal recognition continues to grow with the challenges discussed above. Similarly, none of these provide a panacea to all ills: it is through the intelligent application of these, and other more traditional techniques, that they can help reduce and prioritise the volume of documents to be reviewed, provide data-led insights into a case, and enhance quality control procedures.
Managing some of the risks
The added range and diversity of software and applications in use, in addition to remote working, is leading to increased risk from data leakage, breaches due to human error, corporate policy compliance breaches and a lack of technical security measures. Examples range from employees saving documents to cloud-based storage systems; to communications with colleagues and clients being channelled through internal instant messaging platforms as well as external applications such as WhatsApp. Therefore, when considering an e-Discovery project, these varied data sources need to be fully considered and incorporated into the process were proportionate and appropriate.
Within the UK, the law is also changing in respect to data, the GDPR is now well embedded in organisations, or should be, and will continue to be a factor as data breaches continue to occur and enforcement activities start to ramp up. GDPR and related laws are obviously relevant to e-Discovery matters and therefore, the requirements of it must be considered and decisions made fully documented, covering international transfers and the seven principles of processing personal data (which is almost unavoidable): lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity & confidentiality; and accountability, all of which should embody data protection by design.
Similar to the GDPR, there has also been an increase in the number of countries with laws restricting the cross-border transfer of data, unless the recipient country offers similar protection in its laws or additional measures are put in place. With the increasingly popularity of cloud-based hosting and data services, this has led to the offering of “data residency as a service” and the growth of local or regional data hosting options.
Disclosure Pilot Scheme
The way data is being managed in UK courts has also continued to change as working practices and judgements reflect Practice Direction 51U, which came into effect from January 1st, 2019. This Practice Direction intends to reform various aspects of the document disclosure process in the Business and Property Courts of England and Wales. The Disclosure Pilot Scheme (DPS) redefines disclosure duties and introduces five extended disclosure models.
At its core, the pilot aims to introduce new processes and choices for legal practitioners, and other relevant stakeholders, in an effort to make the disclosure process more “proportionate and efficient,” in the words of the Disclosure Working Group (DWG). Whilst the pilot has had successes, it is evident that flaws still exists which continue to cause uncertainty and misunderstandings.
Finding agreement on the right disclosure model presents another decision to be made and another dispute to resolve. Based on the existing model structure, it is possible that parties may opt for a different model to address the same issues and could even find themselves being two or more models apart initially. Also, there may be instances where the issues do not completely fit into a specific model. Even when a model is selected, as the matter progresses, significant developments can occur that can lead to inefficiencies in having to constantly adhere to the requirements of a model chosen earlier on in the matter, based on consideration of the documents that were likely to be held.
Communication and cooperation between all parties involved and with the court is key to agreeing to the issues for disclosure, setting the parameters of disclosure and completing the Disclosure Review Document (DRD), all in line with the intention of the DPS.
Technology promises to drive continued benefits for parties on both sides of the disclosure process, helping to reduce costs and get results more quickly. Earlier involvement of technologists is beneficial in assisting with thoroughly identifying potential present and historic data sources (inclusive of data held by third parties), understanding company data retention policies, more accurately estimating data handling costs and translating complex technology-related concepts for the purposes of a DRD. Furthermore, expert advice is necessary in getting the most out of technologies – both when using existing products more efficiently, and when it comes to exploring new and developing technological discovery and analysis solutions that may be better suited for a particular matter.
The DPS aims to manage the increasing costs of litigation and with more time being spent in scoping, identification of issues and choosing an appropriate disclosure model the present trend is that initial costs have increased with the intended result being cost savings later, as the scope of review efforts is more proportionally defined. However, managing matters that don’t completely fit into a specific model or having to consistently adhere to the requirements of a chosen model has led to unnecessary, disproportionate costs at later stages as processes around disclosure for matters with many issues can become overly complicated.
All in all, it appears that the success of the pilot will depend on whether parties are able to cooperate, effectively communicate and use the various models and technological tools available in an applicable, proportional manner and not in a manner that exacerbates an adversarial environment in the litigation process.
Despite how the DPS evolves, prior to the pilot, parties wanting to use advanced analytics, predictive coding, assisted review and other technologies had to convince the court of why it was needed. Now, the tables have turned, and parties must now justify why they may have decided to not use technology. The DPS, backed up by recent judgements, encourages the use of appropriate technology, further acknowledging the relationship between technology and disclosure.
The DPS was originally designed to run for two years, up to January 2021. In 2020, Professor Rachael Mulheron of Queen Mary University of London published a Third Interim Report, which recommended a 12-month extension to the duration of the pilot. As such, the pilot is presently set to run to the end of 2021. A round of changes also took effect in April 2021 and further changes are expected in late 2021.
What is coming down the road?
• Ever growing data volumes– Data volumes were inevitably going to increase year on year, however this growth is now higher than previously expected having been accelerated by COVID-19. In response, it is anticipated that the way data is stored and the technologies/methodologies available to analyse that data will continue to adapt to help negate the effect of increased data loads.
• Increased adaptation of Cloud services– At faster than previously forecasted pre-COVID-19 rates, businesses continue to move towards digital transformation, allowing added flexibility and scalability needed in a hybrid working environment. Many employees now require the ability to access work documents from multiple locations, an advantage of cloud technologies, but with that added flexibility comes additional data security risks.
• Increasing use of Collaborative/communication technologies– With the shift to a remote working or a hybrid working model now being the “new normal” businesses will continue to rely on new collaborative workflows as people continue to work from varying locations. Instant messaging and document repositories from these collaborative tools will be key data sources going forward.
• Varied data sources and emerging technologies– Just think of the Internet of Things, autonomous vehicles, biowear, smart appliances and the increased use of social data. Emerging data sources have the potential to increase the complexity of collecting data for discovery purposes. Structured databases are a data source usually considered for collection and new structured data structures like Blockchain will require consideration.
• Intuitive technology– We are seeing the first generation of what is widely termed artificial intelligence embedded within the e-Discovery market. The sophistication and ability of these tools will only increase. Technology will continue to become more intuitive, utilising multiple sources of data to enrich existing data and continually learning from previous decisions in a more granular and intelligent way. These technologies are now being used in a proactive manner in certain industries, for example to flag potentially fraudulent transactions or to monitor an employee’s communication for sentiment or behavioural changes. They will continue to become embedded and trusted in the e-Discovery and legal markets and potentially, in the long-term, being used at the point of creation. This would enable the automation of documents/emails/data categorisation and assessment, with appropriate processes managing onwards to the appropriate legal teams. Think of it as an automated application of information governance at the source – although this is certainly not in the near-future.
• Ethical, privacy and data protection concerns– These concerns will continue to clash with the desire to use more and more data in an increasingly automated and insightful manner. We are seeing the first signs of this now, for example where prejudice becomes built into a machine-learning platform, thus reinforcing and strengthening the prejudice. The development of data protection and privacy concerns and laws, such as the GDPR, could also limit the way technology is implemented, and whereas lawyers will be key to determining how that is managed, technologists will continue to devise processes and methodologies to operationalise those decisions.