SaaS - Can Outsourcing be a Shortcut to Litigation Defensibility?

                Major public corporations are not nimble. They do not quickly change practices or corporate culture without a lot of resistance and persistence. In recent engagements with Fortune 100 clients, it has become clear that the major transformations required to become litigation ready must be sponsored at the C-level to have even a chance of success. In large companies, practices and general culture become ingrained and comfortable, even if inefficient or just blatantly wrong. Given that most public corporations will face hundreds of discovery events per year, one would expect a greater level of discovery maturity across the market. Instead, we see a lot of corporations engaging in cyclical RFPs, but not pulling the trigger on funding until a hot case gets attention from the Board of Directors.

                On the other hand, small-medium businesses (SMBs) do not have the same problems with momentum and high discovery burden. During a recent consulting engagement with a small, high-tech company, I realized the size and relative infrequency of discovery events reduces the need for internal discovery capabilities, especially if the SMB has outsourced significant IT infrastructure to a SaaS provider like Estorian LookingGlass.  Inside counsel and IT still need to understand the new FRCP requirements and are responsible for managing the internal response, but having a SaaS provider for your messaging, archiving, applications and even document management shifts the burden of documentation and change management to the provider.

                More importantly, it disarms accusations of deliberate spoliation or designing a system to deliberately destroy critical evidence. This is one of the hidden benefits to SaaS that few companies factor into their ROI calculations. When selecting a provider, companies should understand and document the provider's procedures, technology and data integrity practices. Most importantly, they should make sure that they can provide Chain of Custody information to authenticate ESI that is searched and restored from the provider's systems. The good news is that any SaaS provider with a decent customer base and at least two year's of historical ESI should have already been through this fire drill. Having done an initial fire drill, the legal department can now focus on the comparatively simpler job of documenting their hold decisions, searches and other discovery actions. Depending upon the outsourced system, legal may be able to handle discovery without putting the preservation burden on the business users. There will always be custodian interviews, paper and local documents to collect, but inside/outside counsel are well prepared for this.

                Overall, SMB's have a potential shortcut to 'Litigation Readiness' through SaaS outsourcing of the primary messaging and file storage systems. Legal definitely needs to be involved in the provider selection and RFP process, but IT should welcome another sponsor to the project. Legal should request documentation on system capabilities (search/culling for Rule 26 disclosures and Meet & Confer), Chain of Custody, exception reporting, deposition fees for authenticating evidence (Rule 30(b)(6)), SLA's for retrieval rates, physical/electronic security and the actual storage format of the ESI. The last is particularly important in case the requesting party makes arguments for using alternative search engines on the ESI. Governmental agencies are required to store records in an open format like MSG files for email, so any SaaS provider who has public sector clients should utilize an open format storage system. With a little research and diligence, SMB's can leverage SaaS to achieve litigation readiness in a cost effective manner.