Observations on Off-Site, On-Site, Outsourcing & Ownership

j0438776Seems to me there are a lot of companies selling data & e-discovery services with the attitude of, “Place your data responsibilities with us, then sleep well at night”.  Hardware and software are offered in-house, SaaS, appliance, off-site…anything you want can be provided.

My personal opinion; before you start relinquishing responsibility to others, keep one thing in mind – it won’t matter.  You’ll ultimately be responsible in the eyes of the law.

I blogged about this before in my ‘Hot Potato‘ post, among others.  The instinctive thing to do – especially with the added complexity of the e-discovery rules hanging over you – is to contract out and make it someone else’s problem.  Heck, I get that.  I’m a Contractor!  Only thing is, in this case…it won’t work.  Good-faith won’t be enough.

I’m not living in a fantasy world.  Some companies have so much data – including ones I’ve consulted with – it would be virtually impossible to manage in-house.  If I said “Don’t do it!” I would expect you to laugh me out of the room (which would be difficult, since none of you know where my ‘room’ is, exactly).  All I’m suggesting is, before you consider outsourcing data management; whether it be on-site, off-site or a combination of both – or even if you’ve already done so – think about all the risks, especially in these difficult economic times.  Do you have a contingency plan in place?

These are the items I’d be including in a checklist (order of preference is up to you):

Hold on a second.  Let’s begin by answering a fundamental question.  Who will manage this?  You?  The Vendor?

Rural Road from a Car

I know.  Some of you are asking what that means?  After all, regardless of how you proceed, somebody representing the company will be responsible for managing this or serving as liaison, right?  Yes and no.

If you don’t know your ‘stuff’, then aside from serving as liaison, you’ve relinquished your ability to make decisions in the best interests of the company.  Essentially, the Vendor will be advising you, and their interests may conflict with yours – especially if litigation arises.  In the alternative scenario, if you’ve educated yourself – or have hired a knowledgeable representative in-house – you’ll be advising them.

Think this is a distinction without a difference?  Take a look at my checklist and see what you think:

  1. Does the Vendor handle backup, restore, disaster-recovery and/or e-discovery services?
  2. Are all of their products integrated?  (Many Vendors acquired other Vendors to stake a presence in the e-discovery field; it doesn’t mean their products integrate well).
  3. What if the Vendor goes bankrupt?
  4. How will the Vendor respond if/when they’re served with a subpoena as a 3rd-party?
  5. Does the Vendor have their own legal representation?
  6. Who will be responsible for managing the retrieval of data?
  7. How quickly can/will the Vendor respond to a request?
  8. Does the Vendor subcontract any services?
  9. Will an additional Vendor be needed for e-discovery if the 1st Vendor doesn’t have that capability?  Do they already have a secondary Vendor in place?
  10. As we expand – including to other countries/continents – how will the Vendor handle it?

I realize this is a ‘macro’ view.  The list above should open up several more questions, such as how are they backing up your backups?

I would think it would be very important to instruct the Vendor about what you expect, rather than rely on the Vendor to tell you what they’re going to do for you.  There’s no room for ambiguity where e-discovery in concerned.

Alliteration always assists attorneys acting as authors…