COVID-19 and the Dire Need for E-Discovery

Who would have predicted that a virus would alter the landscape of legal discovery? And yet COVID-19 has done exactly that. As the pandemic pushed many employees out of the office to remote work locations, new data sources have proliferated — creating new legal risks in the process. But collecting, preserving and reviewing this data has also become more challenging.

Will these data sources vanish once the pandemic is over? Likely not, which makes now a good time to evaluate the ramifications of the new landscape on your discovery requirements. And if you haven’t already embraced an e-discovery process, you may want to make this a priority.[1]

Remote Work Adds to the Discovery Burden

As COVID spread, state and local governments forced employers to send many non-essential workers home. Other companies took similar steps as a precaution. Either way, the decisions were often hasty and careful planning wasn’t an option. As a result:

• Data is being created and stored on multiple new devices. Employees working at home may no longer have company-owned equipment to work on, and even if they do, they may still be tempted to work on their personal laptops and smart phones. This means a single employee may now be creating and storing data in several places, making the data generated that much more difficult to track, store and safeguard.
• To stay connected, employees may also be using a range of communication tools, including Zoom, Skype and FaceTime. This makes it that much more challenging for employers to track, monitor and preserve their conversations and the data that they share.
• Employees may not know how to protect their data themselves, and the sudden impact of the pandemic left many employers with little time to draft new guidelines or provide training. Even as new rules are created, they may be difficult to communicate and enforce with employees working remotely.
• Informality poses new risks. Employees working in the comfort of their own homes may expose their employers to new liabilities. We’ve all heard stories of people that share too much during a video conference, for example. They may reveal things or express heated emotions via chat that they would never say in person. Yet, once that data exists, employers are obligated to track and preserve it.
• Cybersecurity at home is rarely as robust as what most businesses maintain. Home Internet access may not be as secure, and home computers may be infected with malware or viruses. Also, employees may share equipment with family members or roommates, or may not have a private spot from which to work, making it possible for other people to inadvertently see what should be protected data. None of this is lost on cybercriminals, who are trying to exploit these vulnerabilities. Remote workers are already facing a barrage of phishing emails designed to steal their credentials and install malware, leading experts to anticipate a sharp increase in data breaches.[2]

As if all that weren’t enough, businesses — particularly in certain sectors — may face additional risks. For example:

• Healthcare providers and manufacturers must always guard against negligence lawsuits, but their potential liabilities may be greater now due to new risks associated with COVID-19. Similarly, the pandemic may increase the legal risks faced by employers who fail to safeguard their employees’ confidential medical information.
• Employers may also face lawsuits if they are perceived to maintain unsafe workplaces. Likewise, businesses, particularly in hospitality and retail, may face claims they didn’t adequately protect their customers.
• Both the public and private sectors could be threatened with legal action if they are believed to have misled people about the impact of COVID-19. Legal challenges could come from the public at large or, for businesses, from angry shareholders.
• Finally, businesses of all kinds may find themselves embroiled in lawsuits over payment disputes, service interruptions and insurance claims.

COVID-19 Protocols Complicate E-Discovery

Runaway growth in digital data, together with growing regulatory requirements and workplace litigation, were already making e-discovery a ubiquitous requirement. But while the pandemic and remote work have made e-discovery capabilities more desirable than ever, they have also made it more difficult to implement. That’s because:

• Closed offices may make it harder, if not impossible, for forensic experts to obtain data from devices that can’t be accessed remotely.
• Many security protocols are designed to block remote data access. Those protocols may now impede efforts to gather data for e-discovery.
• Transferring large volumes of data generally requires some form of storage, such as an external hard drive. But loading data onto such devices may be more difficult if the people required to load, log and process the data have limited worksite access.
• Remote review of data isn’t as secure as when the review is conducted in a location designed for that purpose and managed on site.
• Document review is typically the most time-consuming aspect of e-discovery, and it may take even longer when reviewers must work remotely and collaborate through online tools.

This shift to remote document review is far from hypothetical. One expert notes that, prior to the pandemic, just 10% of discovery document reviews took place remotely; the figure now stands at 90%.[3]

Steps to Facilitate E-Discovery

Despite these difficulties, experts note that there are a number of steps legal departments can take to build a strong e-discovery process to help counter the fallout from COVID-19. These include:

• First and foremost, create a plan. Before making any COVID-driven adjustments, all concerned parties should work together to develop a plan that addresses their mutual requirements. At a minimum, these plans should address information security, remote staffing, training and workflow.[4]
• Establish work-at-home and telework policies. Determine which devices (such as personal laptops) employees should use and which ones they should not. Formulate guidelines for how employees should communicate. Then train everyone on those policies.
• Develop policies and workflows that are easy to follow and will appeal to employees. Otherwise, they are likely to resort to workarounds and undermine the whole effort.
• Save documents to a central location. Even when employees are working in multiple locations, they can still store documents and other data to a single, secure site.
• Use a custodian questionnaire. Already in use at many organizations, custodian questionnaires track how data custodians manage and share data. These questionnaires can be especially valuable when people are working remotely, particularly if they address video conferencing and other collaboration tools.
• Learn how to collect data from nontraditional sources — especially collaboration tools such as Microsoft Teams.

More may need to be done to ensure robust e-discovery in a post-COVID world. But these measures will provide the necessary foundation.

The Bottom Line

COVID-19 has led to many new data sources and heightened legal risks, and these are likely to remain in force even after the pandemic has ended. This has made the need for e-discovery, already a pervasive requirement for most businesses, more pressing than ever. But remote work and other safety measures have also made e-discovery more difficult to implement, necessitating more forethought and planning on the part of companies and their legal departments.

[1] “10 E-Discovery Challenges Caused By COVID-19,” Norton Rose Fulbright

[2] “eDiscovery Before and After COVID-19: What to Expect,” Legal Talk Network

[3] “The COVID-19 Effect: Trends and Observations in eDiscovery,” Innovative Discovery

[4] “Covid-19 and E-Discovery—Challenges With Remote Document Review,” Crowell & Moring