Case Study: Making E-discovery an Internal Function

NBC Universal saw requests for e-discovery services soar in just a few years. The company's CISO, Jonathan Chow, knew there had to be a more efficient and cost-effective way to handle it

NBC Universal is one of the largest media and entertainment companies in the world. Chief Information Security Officer Jonathan Chow and his team manage information security for several business lines within NBCU, including its broadcast and cable television to film production, online ventures and its two theme parks in Hollywood, California and Orlando, Florida. Among one of the biggest challenges in the last few years has been the incredible explosion in demand for e-discovery services, according to Chow.

Since different legal teams handle the needs of each line of business, the workflows associated with managing electronic discovery vary as well, adding another layer of complexity. And because of the growing number of cases, and increases in both the amount of electronically stored information and hours spent supporting the process, demand for e-discovery services has increased 30 to 50 percent annually. The costs were spiraling out of control and this sent Chow looking for a way to manage the process internally.

Also see Rules of Evidence: Digital Forensics Tools

Chow spoke to CSO about how NBCU tackled the costly and time-consuming process and turned it into a cost-effective and more efficient system that has seen a 40-45 percent gain efficiency since its implementation.

What was the electronic-discovery process like at NBCU when you first took over the CISO role?Jonathan Chow:Back when I took over the job in 2004-2005, the demand for e-discovery was actually pretty low. I would say we handled a handful of cases each year. It was mostly ad hoc. If it were something really small, we would tell our legal team: 'Sure, this is something we can help you with.' But more often than not, back in those days, the collections were done by our external counsel.

But with an organization our size; the sheer number of locations, the sheer numbers of people and the volumes of data we process, anytime one of these outside firms would come in and say: 'I've got to do a collection,' I would have to dedicate one of my resources to sit with that person and provide them with credentials and say 'Ok, you have to get this off of this server, here are a couple of machines, here's how to obtain this email.' (Read about how one organization took on data mapping to make e-discovery easier)

After doing this a few times, and anecdotally hearing how much it cost from our legal team, we thought to ourselves 'We've been sitting with these people, we've seen what they do and it doesn't look very complicated. All we need is a bit of training for process purposes and we need the right tools. '

Between 2004 and 2007, we saw the demand for these services was rising at an incredible rate. So we said 'We can do this much more efficiently and in a cost effective manner if we do it in-house. We are using a resource anyway to babysit the external guy.'

What kind of costs were you incurring for a collection prior to taking it in-house?

The people we were getting to do this back in those days charged around $300-$400 an hour to do this work. So for one case it would cost us between $20,000- 30,000 just to do the collection.

And why were the requests increasing so dramatically?

I don't think it was a function of us as a company. In the market place, there was just more litigation. And the overall, general use of electronic equipment to process and create documents has really matured. Back in the early 2000's, I would walk into Starbucks with a Blackberry and be the only one that had one. Now most of the kids at my son's school have a Blackberry. It's just so much a part of life now that everything is done on the computer.

The litigation we were handling in '04-'05 may have been dealing with business deals from '02-'03. There was still a bigger mix of electronic and paper documents back then. But now everything is electronic, so litigation is just catching up with business use of technology(See also e-Discovery: Costly Backup).

So you decided to take e-discovery in-house. What was your first step? Safe Document Transfer: How to Secure the Paper Chain)

We enjoy, internally, a very good relationship with our litigation teams. We can talk to them about demands and ROI based on buying a half-million-dollar suite of tools. How long would it take us to realize that benefit? Pretty much everyone on the legal side all agreed that we'd seen increases in e-discovery requests year over year and only saw it continuing. So that was how we decided to take the plunge and make the investment into the tools and providing some rigor internally about our process and how to deal with that. Answering questions such as: Where is the front door? How do we handle requests? How do we manage the queue? How do we turn it back over and manage the chain of custody of evidence? And so forth. (See also:

When you spoke with vendors and examined products, what were you hoping to find?

We started looking at products in '07, when we realized we needed more rigor around what we were doing. There were very few vendors at the time. The e-discovery market was not as mature as it is now. We gravitated toward Encase Enterprise at the time, to get something all of the in-house lawyers who had come from external firms were familiar with. We would say 'Do you know of any products?' And they kept saying: 'Encase, Encase.' It was one of maybe two or three alternatives out there. We were looking for something that would help us with collection of data and also offer some searching and culling capability. We used it as our primary tool for about two and half years.

Now where do things stand?

We've seen double digit increases in our demands for providing e-discovery services in the last few years. We still use Encase today. It is still the first thing we turn to, especially for doing collections with remote images. It's good for doing that. But what we found in '08-'09 was the searching capability was a little bit slow. I can think of a few instances where we were backed up on work and it was because the searches we were being asked to do on litigation cases were just taking too long for Encase to process through the data it collected. That is when we started looking for a platform that was more efficient in terms of being able to process the data, cull out and be differentiate between what is relevant and not relevant.

We've tried to map our processes against the Electronic Discovery Reference Model (EDRM) standard. Encase is a jack of all trades, it can accomplish something out of most of the boxes in the EDRM workflow. But we couldn't keep working with a Swiss-Army-Knife-type tool. That is when we started looking for a best of breed product for each box.

What is the process like now if there is a request?

The basic steps are identifying, being informed of an upcoming request, clarifying the scope of how many people are involved, where they are, identifying my internal resources who can perform the collection. We usually do the collection through Encase.

But now we also use the Clearwell e-discovery platform, which can cull-down irrelevant data. The Clearwell platform performs the searches as the lawyers request, and then we turn it over to the lawyers once we cull down the information. Then they do what they need to with it.

The basic process hasn't changed over time. What has changed is all the surrounding parts. We have a weekly demand call with all litigation teams so we can forecast better. And that is something we had to do. A few years ago it was very ad hoc. A lawyer would call and say 'I've got a case coming up. I need ten people. Can you do this?' We would say 'Yes, let's go do it.'

Now there is so much work that we ask as early as we can. We are notified typically of cases about 4 to 6 weeks in advance where there is going to be some kind of e-discovery happening. We will negotiate between different litigation teams; whether it is for corporate litigation, or theme park litigation or film, or television, and say 'Here is what we are faced with. You are saying this is urgent' and let the lawyers help us out in terms of prioritization. So it's not first come, first serve anymore. It's a much more orchestrated dance.

It sounds like e-discovery has become a huge part of the security department. Would you say it has?

Yes. In 2005, this was handled as a second job for a few people. Now I actually have two full-time resources with the capability to overthrow to a third who is also properly trained, if necessary. Those two resources are completely utilized.

Keep in mind my industry, media entertainment, is very litigious. You read about it in the paper all the time; people suing someone else for breech of contract, for theft of idea, for not getting royalties. That is all the kind of stuff I deal with. That may not be a typical case in other industries.

Copyright © 2010 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)