April 28, 2022 by Brian Schrader, Esq. | 6 min read

eDiscovery’s Role in Corporate Internal Investigations

Here’s why you should leverage eDiscovery for corporate internal investigations.
Too many organizations treat corporate internal investigations and eDiscovery efforts as two separate domains, but the simple truth is that internal investigations and eDiscovery processes are not all that different.

Both processes involve the identification, preservation, collection, review and analysis of data, with the primary difference being the overall scope. In general, corporate internal investigations tend to be more focused, while eDiscovery efforts cover a broader range of people, data sources and data amounts. But the core processes are in fact quite similar.

Using separate teams and separate tools for each means missing entirely the opportunities for substantial cost savings, institutional knowledge re-use, and other efficiencies that result from unifying the two efforts.

Whether it’s data preservation and collection or review and analysis, leveraging your eDiscovery spend and resources to meet internal investigatory needs creates a more defensible, efficient, and repeatable process.

Data Identification, Preservation & Collection for Corporate Internal Investigations
Whether you’re conducting a corporate internal investigation or addressing an eDiscovery need, both efforts start with identifying those who may have been involved in the underlying matter and/or who may have data relevant to the events in question. These parties are often called “targets” or “subjects” in investigations and “custodians” in eDiscovery.

The primary difference is that the number of individuals and systems involved in eDiscovery is usually larger and broader than those in internal investigations. Otherwise, the process of identifying key players, putting them and their data on legal hold, and then identifying, preserving and collecting that data is largely the same.

Given that, both efforts should follow the same basic procedures and leverage the same data preservation and collection tools. Because the goals of this step in either process are essentially identical, you should be leveraging the same standard operating procedures, workflows, checklists and even technology solutions to address the needs of both eDiscovery and corporate internal investigations.

Legal hold notice issuance is a good example here. Even if a corporate internal investigation may not require a legal hold notice, it’s best practice to issue one anyway, because the fact that you are doing an investigation may itself be seen by courts as a triggering event that ultimately does require the issuance of a legal hold notice.

When it comes to preserving and collecting data, aside from the number of individuals and the number of systems, the actual act of collecting the data is essentially identical for both investigations and eDiscovery. Thus, there’s no reason not to use a single solution (or group of solutions) to address both needs.

Data Processing, Review & Analysis for Corporate Internal Investigations
In either type of effort, once you’ve preserved and collected the data, the next step is to process, review and analyze the collected data. This step is where your efforts might diverge a bit for corporate internal investigations versus eDiscovery efforts, largely depending on the size, scope and severity of the matter.

Smaller, more focused internal investigations may be conducted utilizing existing IT resources, like Microsoft365’s Purview (formerly known as Compliance Center), which can be used to run basic searches and view common data types. On its own, this might suffice for minor investigations or provide a quick overview to determine whether an issue truly exists.

Microsoft’s Advanced Discovery option provides more capabilities, such as OCR, more powerful searching, review tagging, near-duplicate identification and other basic review features. Of course, you always have the option to export the data and load it into a full-fledged eDiscovery review tool like Relativity, Axcelerate, Reveal and many others.

The key here is to ensure that, regardless of where you start, you design a process that allows you to move from the more basic tools and solutions to the more advanced one with relative ease, and without losing any data, knowledge, or work product.

It’s not unusual for a small, internal investigation involving one or two subjects to turn into a large-scale litigation with comprehensive eDiscovery needs. So, you should design your process and select your technology solutions in a way that ensures work done in one place can be leveraged and migrated to other tools.

A Unified Approach Using eDiscovery Resources for Corporate Internal Investigations
Let’s take the example of an organization that has a qualified corporate internal investigation team and has Microsoft365 E5 licenses for all its employees. (E5 is the license level most inclusive of Microsoft365’s Purview and Advanced Discovery features). Now, say the organization receives a harassment complaint by one employee against another employee. In this scenario, the organization would likely start an internal investigation by placing both individuals on legal hold in M365 and collecting their data in Purview.

Once data is collected, the organization’s internal investigation team can then leverage both the Purview basic searches, and if needed, the Advanced Discovery features, to conduct their own internal investigation. In doing so, let’s assume they find evidence of a much broader problem involving multiple employees or departments. The scope of the matter quickly grows to include dozens of employees and hundreds of gigabytes—if not terabytes—of data. (This scenario is far from an imaginary one, and based on any number of real-world examples.)

Now, as the matter grows, perhaps it develops into a full-fledged litigation, possibly even a class action, requiring a much more comprehensive eDiscovery effort. What started out as a small internal investigation is now a major litigation involving outside counsel, subject matter experts, dozens of witnesses, and terabytes of data.

This quickly becomes untenable to continue within the M365 tools. Thus, all the data collected (and likely more from non-M365 systems) must now be exported out, processed in an external system, and then hosted on a more robust review platform like Relativity, Axcelerate, Reveal or the like.

The Advantage of a Unified Approach for eDiscovery and Corporate Internal Investigations
But when you export all that data out, what happens to all that early work done on the internal investigation? What about the documents identified by the corporate internal investigation team as key hot documents? What about all the knowledge gained, comments written, issue tags assigned, and more?

Well, that’s where the overall planning comes into play. If you’ve designed your processes correctly, you should be able to migrate all that earlier work product and leverage that knowledge gained into the larger systems and processes.

The overriding point here is that you never know when a seemingly small, isolated internal investigation may blossom into something much larger and more complicated. But, if you’ve created the right workflows, processes, checklists, and procedures – and made sure that the processes, systems and solutions you use in the smallest of efforts work seamlessly with the processes, systems and solutions you rely on in the largest of cases – you’ll be ready for anything that comes your way.