We have recently been working with a number of clients regarding their response to Notices to Produce for major Royal Commissions. Initially, the Royal Commission sends a letter stating the types of information required on specific topics with a time period in which to produce.
The feedback we received from our clients was that they were struggling on two fronts; firstly, to identify the information they were asked to produce and secondly, to collect the information within the timeframe required.
Case Study One
Our client was required to respond to a Notice to Produce within a three week timeframe. As with most organisations, certainly large ones, they found themselves in a situation where they were unable to deliver a response according to the protocol within the timeframe without support.
As a first step, the client’s team needed to identify potential sources of data pertaining to their numerous sites across Australia. In initial project meetings with the client and experts from Law In Order, it was determined that all the data they required was stored in a centralised data repository.
We then partnered with our client, attending onsite and working alongside the client’s IT expert to further identify and collect the relevant data in a forensically sound manner - that is, in a way that ensures the metadata is not compromised or altered (for more information on this process, see Digital Forensics – You don’t know what you don’t know).
The collected data was then processed.
Essentially, processing is taking all the different forms of data and making it into a more reviewable format. For example, there may be emails, chat data and sales data, but the data is very difficult to review if the native platforms have to be used for all the different file types, eg. Outlook for emails, Adobe for PDFs or Microsoft Office for word documents.
Processing extracts all the text and gets everything into one review platform. Then it’s possible to step into the review stage where all the documents can be reviewed in one platform and everything is kept tidy.
Keyword searches were then applied for numerous purposes, identifying:
- Potentially relevant documents to be included in review;
- Documents to be excluded as irrelevant;
- Documents to be segregated for different review teams/levels e.g. materials from a CFO which should be reviewed by Partner/General Counsel, etc rather than First Pass reviewed; and
- Key custodians to be prioritised or removed.
Keywords were also linked to the relevant client sites which would also speed up the review.
At this point, the Royal Commission issued a ‘Table of Incidents’ based on a broad range of categories to add to the information our client was required to produce.
Our Forensics team did a single day of data collection to capture all the material needed to cover the extra requirements.
Case Study Two
We have also recently assisted a client with Notices to Produce for a different Royal Commission.
This client identified that their data was stored in hard copy in a number of locations across New South Wales and Victoria, and in storage in India.
They needed to identify the relevant documents in the boxes in storage in the various locations and then deliver the materials to us to digitise.
Digitisation is how information is transformed into computer-readable (electronic) format. Using scanning, the documents were changed into an image.
The documents, now electronic, were then coded. Objective coding involved our Legal Process Outsourcing team reviewing each document and preparing a computerised index of basic objective data for each document including information such as, for example - document date, author, recipient, document type, etc.
The benefit of using objective coding is that it over-rides any inaccurate metadata attached to the document, eg. the process of copying files onto a USB has the potential to change metadata. This could mean that the file creation data, modification date or accessed times could change which could create doubt in terms of the authenticity of the documents.
This process was very important in order to comply with the Royal Commission protocol for submission of materials in response to the Notice to Produce.
After this was completed, we then provided all the materials to our client who then gave it to their lawyers.
Most corporate counsels find themselves working reactively, but increasingly, they are moving toward preventative action to be ready when something hits. Information governance is the first step and the preventative part of the process.
Australia is starting to embrace governance. It is really about setting up processes and procedures to ensure the organisation knows where everything is and someone is enforcing the data governance protocols. Many large organisations now have an information governance officer either in their IT, legal or risk team. More corporations are investing to ensure their data is compliant with local law and is preserved or destroyed accordingly.
The quality of an organisation’s information governance protocols can have a dramatic impact on the time and cost associated with the review process. Ultimately, information governance is an investment that can have long term benefits.