Love it or loathe it, data is an intrinsic element of the practice of law. From eDiscovery and litigation to the business of law, attorneys are handling more data than dreamed possible just a few years ago.

There is some benefit from the volumes of data passing through the legal department: legal operations can glean valuable insights from data analysis allowing them to measure, monitor and drive down internal and external costs.

And the same insights can make a sizable reduction to risk exposure: understanding where your data resides means you can organize and secure it better and ensure that your retention policies are appropriate and followed. This, however, is not a simple task.

Legal departments must be able to locate specific information when needed, identify the legal obligations and risks associated with the type of information (e.g., employee personal data or trade secrets), set retention schedules and put extra levels of protection in place where necessary.

Unfortunately, this is not the reality in most organizations. The proliferation of data stored in multiple, seemingly random areas means that data and information governance generally is not at an optimal level.

This is especially the case when dealing with data used by third-party vendors such as eDiscovery service providers. In our experience, one of the big issues is that data multiplies throughout the eDiscovery process: one copy might remain in forensics and another in the processing tool, while others might reside in locations used for review and production.

Many chief legal officers often find their invoices do not reflect the same information regarding data size and storage as matter reporting reflects, making it difficult to account for costs that are higher than expected.

Getting more clarity on where data resides is important, but the transparency companies need so that they can make better decisions is not always made readily available.

Should a data breach occur, you will also want to know where your data resides within a service providers process, so requesting a data map from the provider should be a standard request.

Setting key performance indicators

Whether you want to compare one vendor to another or check how well a single vendor is performing, establishing KPIs gives you the power to measure specific, predetermined data points. Legal departments should demand that vendors report on data in a way that can be measured and clearly reported, in a format that works with a data visualization tool. 

Managing data requires a complex mix of processes and software that hinges on being able to tap into the right data sources. To set KPIs and compare one vendor with another, your system will need to draw the data into a format that supports a fair comparison.

It's a challenge, because there is not a standard methodology that providers must follow to report on their performance and legal departments may have differing opinions regarding what types of measurements are meaningful. We have found that there's no single answer: we draw on a stack of processes and tools that can be customized for clients.

Managing for better cost outcomes

Our recommendation for clawing back control of your data is twofold: first, develop KPIs that are meaningful for your organization; next, create a tech stack incorporating a visualization or dashboard tool that allows you to pull appropriate insights on your data from the service provider. 

Consistency in how data is handled by eDiscovery providers is vital, including how requests are processed and documented.

For example with processing, the specifications are extremely important from how you deal with deduplication to time zones. Our approach has been to develop a template form system that populates a searchable database allowing clients to track not just the data, but what’s been done with it.

Any organization using sound information governance techniques to locate and appropriately handle data will save money over time and reduce their risk.

There are many options to reduce data costs without leaving data sitting in an expensive holding pattern with an external vendor.

We often recommend that clients with large stores of data that must be retained, but do not need 24/7 access, use cloud storage options that allow access to the data only when needed. This has proven extremely cost-effective for a recent client that has two billion rows of data that’s only needed occasionally.

It’s difficult to get corporations to put time and effort into information governance. Factors like how and who's responsible for the way you track data when it leaves the organization, the processes and systems that ensure data is deleted appropriately, and developing KPIs that will provide insight into what’s happening with your data will allow you to improve the efficiency of your data management.

Very few providers offer pragmatic visualization tools or dashboards for this purpose, so it's up to you to insist that they report based on the KPIs that are important to you.

What to look for in a provider

When seeking out an eDiscovery provider, ensure they have appropriate security certifications, have systems that deliver appropriate information about your data and can give you more transparency if you ask for it. 

Are they willing to make their processes more efficient? Do they have the latest machine learning and analytics tools? Do they have the expertise to use them effectively?

Above all, I recommend digging into how a third-party vendor does their project management. 

Overall, remember that a service provider whose approach is one size fits all may not have the size that fits your organization. Your metrics, your cost parameters and your data are paramount, and their response to your needs should reflect that.

We are seeing enormous demand from corporate legal departments for ways to extract more clarity from service providers about how they handle their data. Don't hesitate to explore the options available to reduce cost, risk and anxiety, as the benefits can be substantial.