E-Discovery in Crisis Mode: Collaboration is Key During Incident Response and Recovery
The e-discovery profession has evolved tremendously over the past two decades, and the rate of change is accelerating rapidly. Just as the scope of ESI we now must navigate has expanded, so has our role expanded beyond traditional document review for litigations and regulatory investigations. E-discovery practitioners today are required to conduct complex search and analysis relating to data privacy issues, investigate IP theft, uncover key facts relating to a data breach and so much more. For many, the unofficial job description now includes crisis response.
In crisis situations—such as a security incident, an unexpected regulatory probe or dawn raid, a highly publicized class action or a whistleblower accusation—e-discovery does indeed serve the critical function of determining what happened, when and who was involved. E-discovery workflows and technologies are used to find key facts and inform early incident response decisions as quickly as possible. But for e-discovery professionals and forensic technologists, effective crisis mitigation and recovery involves more than fact finding and smart technology implementation. It requires strategic collaboration, planning and coordination across numerous stakeholders, including the legal team, compliance leaders, IT, security, business users, communications and regulatory authorities.
A well-handled crisis can mean the difference between business survival and irreversible reputational or financial damage. With the stakes so high, legal, investigatory and e-discovery teams need to be prepared in advance for how to respond to high pressure situations effectively and how to partner throughout an organization to minimize the damage of a major incident. Below are several best practices teams can follow to ensure smooth collaboration among multiple teams during crisis response and recovery:
- Establish a detailed crisis response plan in advance, so that when an incident occurs, teams know exactly what to do and who to inform. Crisis plans should address numerous possible scenarios (accounting for likely security, privacy, regulatory, legal and operational crises) and incorporate input from legal and compliance, IT, security, communications professionals and executive leadership. Build bridges and relationships across these groups early on, so that the key players understand each other’s priorities and have a sense of familiarity in working together.
- Maintain a robust technology stack that has the capabilities to conduct e-discovery and investigations workflows for the most likely crisis scenarios. For example, organizations that have operations and employees dispersed across numerous jurisdictions should be prepared to deploy remote data collection across key custodians at a moment’s notice; or organizations that store a high volume of personally identifiable information should have access to analytics tools that can quickly search for instances of sensitive data within a system that has been compromised. Key stakeholders should be aware of the core tools and processes in place and understand which teams are responsible for utilizing them in the event of an urgent matter.
- Ensure that IT is prepared to empower investigators with the access and permissions they may need to begin searching and collecting data across any impacted or relevant systems.
- Map the global footprint of the organization so that the crisis response team understands the scope of data across jurisdictions, regional leaders or stakeholders that may need to be brought into the crisis response team and the scope of regulatory bodies that may require notification.
- Partner closely with experienced crisis communications professionals to develop clear and concise messaging for internal and external audiences. Communications teams can strategize about how to inform employees about what has happened, when and how to notify customers that may be impacted and the extent of information that must be shared with government authorities. Clear communications will play a particularly important role in rebuilding public trust after a data breach, cyber-related service disruption or environmental, social, governance (ESG) violation.
Many legal experts around the world are currently expecting an uptick in fraud-related matters and greater scrutiny over organizations’ compliance with ESG standards. At the same time, data privacy legislation and security threats are ramping globally, presenting organizations with an increased risk for experiencing a crisis. E-discovery professionals have an opportunity to support their organizations and their clients with these high stakes matters by preparing to every extent possible and working in a spirit of partnership with their counterparts in other key groups.
The views expressed herein are those of the authors and not necessarily the views of FTI Consulting, Inc., its management, its subsidiaries, its affiliates, or its other professionals. FTI Consulting, Inc., including its subsidiaries and affiliates, is a consulting firm and is not a certified public accounting firm or a law firm.
FTI Consulting is an independent global business advisory firm dedicated to helping organizations manage change, mitigate risk and resolve disputes: financial, legal, operational, political & regulatory, reputational and transactional. FTI Consulting professionals, located in all major business centers throughout the world, work closely with clients to anticipate, illuminate and overcome complex business challenges and opportunities. ©2021 FTI Consulting, Inc. All rights reserved. www.fticonsulting.com