UK: An Introduction to eDiscovery

eDiscovery in the UK 

eDiscovery, or eDisclosure, is an essential phase of not just litigation, but also investigations, regulatory enquiries, compliance assessments and increasingly arbitrations. Data is the lifeblood of most modern-day organisations, and although it is not the only source of information relevant to an investigation, data can provide an un-biased, un-altered and accurate reflection of historic events, unlike other sources. Data can be more reliable than the human mind, especially given the history of disputes, and tends to be more pervasive and persistent than paper documents.

Data 

Given the use of technology throughout the workplace and beyond, data exists in many different forms but can be grouped into four categories: unstructured, structured, semi-structured and social.

Unstructured data refers to information where the content does not exist within a pre-defined form, is generally text-heavy and typically comprises emails, documents, spreadsheets and presentations.

Structured data is the opposite of unstructured data, in that it refers to information where the content does have a pre-defined form and is generally in the form of “databases”; for example, financial and accounting systems or customer relationship management systems.

A hybrid of structured and unstructured data, referred to as semi-structured data, can also be prevalent within an organisation. This is where the content tends to be unstructured, but it is bound by a more solid structure. A typical example of this would be chat or instant messenger messages—which are becoming more widely used and pertinent in certain industries—and therefore should not be overlooked in the context of a dispute or investigation.

Social data refers to data that is shared publicly or shared within a more restricted context within an organisation or a circle of friends, for example. Social data is stored within a central repository and includes not only the content but also information that is linked to this content, such as “shares”, “likes”, location, time posted, etc. Although the most recognisable sources will be external to an organisation (e.g. Facebook, LinkedIn, etc.), organisations are introducing these technologies internally via enterprise social networking services, used for private communication within organisations, and thus they need to be appropriately considered.

Managing data 

When dealing with data in respect of a dispute, the exact way that data is managed and implemented will vary from case to case. However, there are various models available which set out some of the key stages of such exercises. The most widely used, and referenced, is the Electronic Discovery Reference Model.

Although this model was designed to meet the requirements of legal discovery under U.S. litigation, it has equal applicability in the U.K. and globally.

eDiscovery is as interesting a place as ever as new technologies try to keep up with the challenges industries are facing in the prolific growth of and dependency on data. Not only are data volumes increasing but the range and diversity of software and applications that are used to create data are also increasing—especially in the current working environment with so many people working from home, remotely or in a hybrid environment. This has complicated the situation from an eDiscovery perspective as there are now more systems that need to be considered. For instance, the use of collaborative tools which facilitate file sharing and instant messaging, such as Microsoft Teams, Zoom and Google Hangouts has increased dramatically. These may not be relevant in every case but need to be considered when mapping out the IT landscape and deciding what data to collect or not, and why.

But as technology provides challenges, it also continues to provide solutions that can be used throughout the eDiscovery process. For example, the use of remote imaging solutions and software is enabling data to be successfully captured without an on-site visit; the continued use of data reduction processes such as email threading, near deduplication and clustering conceptually similar documents; and the increased use of advanced analytics and assisted review technology, such as Continuous Active Learning (CAL), which, in addition to the traditional model, can also now “learn” from coding decisions in real time and use those insights to promote documents more likely to be relevant to the top of the review queue.

These aren’t particularly new, but their usage and legal recognition continues to grow with the challenges discussed above. Similarly, none of these provide a panacea. It is through the intelligent application, and other more traditional techniques, that eDiscovery specialists can help reduce and prioritise the volume of documents to be reviewed, provide data-led insights into a case, and enhance quality control procedures.

Managing risks 

The added range and diversity of software and applications in use, in addition to remote working, is leading to increased risk from data leakage, breaches due to human error, corporate policy compliance breaches and a lack of technical security measures. Examples range from employees saving documents to cloud-based storage systems to communications with colleagues and clients being channelled through internal instant messaging platforms, as well as external applications such as WhatsApp. Therefore, when considering an eDiscovery project, these varied data sources need to be fully considered and incorporated into the process where proportionate and appropriate.

UK law on data is also changing. The General Data Protection Regulation (GDPR) is now well-embedded in organisations, or should be, and will continue to be a factor as data breaches continue to occur and enforcement activities start to ramp up. The GDPR and related laws are relevant to eDiscovery matters. The requirements of the laws must be considered, and any decisions made should be fully documented, covering international transfers and the seven principles of processing personal data including: lawfulness, fairness and transparency; purpose limitation; data minimisation; accuracy; storage limitation; integrity and confidentiality; and accountability. All of these data principles should embody data protection by design.

Similar to the GDPR, there has also been an increase in the number of countries with laws restricting the cross-border transfer of data, unless the recipient country offers similar protection in its laws or additional measures are put in place. With the increasingly popularity of cloud-based hosting and data services, this has led to the offering of “data residency as a service” and the growth of local or regional data hosting options.

Disclosure Pilot Scheme 

The way data is being managed in UK courts has also continued to change as working practices and judgements reflect Practice Direction 51U, which came into effect from 1 January, 2019. This Practice Direction intends to reform various aspects of the document disclosure process in the Business and Property Courts of England and Wales. The Disclosure Pilot Scheme (DPS) redefines disclosure duties and introduces five extended disclosure models.

At its core, the pilot aims to introduce new processes and choices for legal practitioners, and other relevant stakeholders in an effort to make the disclosure process more “proportionate and efficient,” in the words of the Disclosure Working Group (DWG). Whilst the pilot has had successes, it is evident that flaws still exist which continue to cause uncertainty and misunderstandings.

Finding agreement on the right disclosure model presents another decision in the eDiscovery process to be made and potentially another dispute to resolve. Based on the existing model structure, it is possible that parties may opt for a different model to address the same issues and could even find themselves being two or more models apart initially. Also, there may be instances where the issues of a dispute do not completely fit into a specific model. Even when a model is selected, as the matter progresses, significant developments can occur that can lead to inefficiencies in having to constantly adhere to the requirements of a model chosen earlier on in the matter and that were made based on consideration of the documents that were likely to be held at the start of a dispute.

Communication and cooperation among all parties involved, including the court, is key to agreeing to the issues for disclosure, setting the parameters of disclosure and completing the Disclosure Review Document (DRD), all in line with the intention of the DPS.

Technology promises to drive continued benefits for parties on both sides of the disclosure process, helping to reduce costs and obtain results more quickly. Earlier involvement of technologists is beneficial in assisting with thoroughly identifying potential current and historic data sources (including data held by third parties), understanding company data retention policies, more accurately estimating data handling costs and translating complex technology-related concepts for the purposes of a DRD. Furthermore, expert advice is necessary in getting the most out of technologies—both when using existing products more efficiently, and when it comes to exploring new and developing technological discovery and analysis solutions that may be better suited for a particular matter.

The DPS aims to manage the increasing costs of litigation. With more time spent in scoping, identifying issues and choosing an appropriate disclosure model, the present trend sees that initial costs have increased. The DPS’s intended result is for cost savings later, as the scope of review efforts is more proportionally defined. However, managing matters that don’t completely fit into a specific model or having to consistently adhere to the requirements of a chosen model has led to unnecessary, disproportionate costs at later stages as processes around disclosure for matters with many issues can become overly complicated.

All in all, it appears that the success of the pilot will depend on whether parties are able to cooperate, effectively communicate and use the various models and technological tools available in an applicable, proportional manner and not in a manner that exacerbates an adversarial environment in the litigation process.

Despite how the DPS evolves and prior to the pilot, parties wanting to use advanced analytics, predictive coding, assisted review and other technologies had to convince the court of why it was needed. Now, parties must justify why they may have decided to not use technology. The DPS, supported by recent judgements, encourages the use of appropriate technology, further acknowledging the relationship between technology and disclosure.

The DPS was originally designed to run for two years, through January 2021, but has since undergone two extensions with the DPS due to finish at the end of 2022. Many anticipate that there will be a further consultation with court users and the judiciary before the scheme finishes.

The future of eDiscovery: 

•Ever-growing data volumes– Data volumes are inevitably going to increase year-over-year. However, this growth is now higher than previously expected, having been accelerated by the COVID-19 pandemic. In response, the way data is stored and the technologies and/or methodologies available to analyse that data will continue to adapt to help address the effect of increased data loads.

•Increased adaptation of cloud services– Faster than previously forecast, and likely due to the COVID-19 pandemic, businesses continue to move towards digital transformation, allowing added flexibility and scalability needed in a hybrid working environment. Many employees now require the ability to access work documents from multiple locations, a primary advantage of cloud technologies. However, the added flexibility comes with additional data security risks.

A practical example of the impact that cloud-based storage is having includes how attachments are described and handled by disclosure rules. Many employees share documents via links to a file (with the file sitting in the cloud) instead of attaching the file to the email itself. A document shared by a link would still be important to a disclosure process and would want to be collected as part of the eDiscovery process but currently is not described as an “attachment” by disclosure rules.

•Increasing use of collaborative communication technologies– With the shift to a remote or hybrid working model as the “new normal,” businesses will continue to rely on new collaborative workflows as people continue to work from varying locations. Instant messaging and document repositories from these collaborative tools will continue to be key data sources going forward.

•Varied data sources and emerging technologies– Emerging technologies, including the Internet of Things, autonomous vehicles, biowear, smart appliances and the increased use of social data, have the potential to increase the complexity of collecting data for discovery purposes. Structured databases are a data source usually considered for collection and new structured data structures like Blockchain will require consideration.

•Specialist courts and practice directions for increasingly digital and complex issues– With the introduction of new data sources and emerging technologies as described above, courts will need to be prepared for disputes that centre on increasingly digitalised and complex issues. As a stepping stone, the DPS in the UK has modernised the way practitioners and judges think about complex disclosure issues, setting out clear guidance on what is expected. Moving into the future with disputes that may revolve around Blockchain transactions or Non-Fungible Tokens (NFTs), courts such as the newly announced “Specialised Court for the Digital Economy” by the Dubai International Financial Centre may become more common.

•Intuitive technology– The first generation of what is widely termed artificial intelligence (AI) has now become embedded within the eDiscovery market. The sophistication and ability of these AI tools will only increase. Technology will continue to become more intuitive, utilising multiple sources of data to enrich existing data and continually learning from previous decisions in a more granular and intelligent way. These technologies are now being used in a proactive manner in certain industries, for example to flag potentially fraudulent transactions or to monitor an employee’s communication for sentiment or behavioural changes. The technology will continue to become embedded and trusted in the eDiscovery and legal markets and potentially, in the long-term, being used at the point of creation. This would enable the automation of documents, emails, data categorisation and assessment, with appropriate processes managing onwards to the appropriate legal teams. Think of it as an automated application of information governance at the source.

•Ethical, privacy and data protection concerns– Ethical, privacy and data protection concerns will continue to clash with the desire to use more and more data in an increasingly automated and insightful manner. Already, we are seeing the signs of this now. The development of data protection and privacy concerns and laws, such as the GDPR, could also limit the way technology is implemented. While lawyers will be key to determining how that is managed, technologists will continue to devise processes and methodologies to operationalise those decisions.

Companies seeking to validate and maintain their environmental, social and governance (ESG) credentials must also address the privacy, digital ethics and data protection as part of their ESG assessments and give due consideration to their global digital supply chains. Companies should adopt a proactive, forward-looking approach to ensure responsible data usage and to identify and manage compliance risks. These measures will enable the wave of new corporate digital strategies and technology transformation in the new working environment.