Over the past decade, the posture of the legal industry has been that corporations were best situated letting vendors manage their downstream discovery operations via a managed services model. That mindset is changing; however, as more corporate legal departments are transitioning the management of their discovery operations back in-house.

What is driving this fundamental shift and desire to insource discovery operations?

There is no single compelling reason or driving force pushing legal departments to make this decision. The following are all contributing factors, enticing companies to consider insourcing parts or all of the discovery function:

• Organizations face continued pressure to lower costs
• Data footprints are growing
• Legal departments want better visibility and predictability into their spend
• Clients are demanding innovative and enhanced service delivery
• Cyber threats and data breaches are increasing the need to better protect company information
• The pool of talented discovery support professionals is higher today than ever before

Additionally, what’s making the insourcing model possible today (compared with three to five years ago), is the advent of reliable cloud-hosted discovery technology and storage. Legal and IT departments can now more easily add new technologies to their toolbox without the costs and burden of managing on premise infrastructure.

Going hand-in-hand with this is the maturation of the discovery technology market. No longer are complex processes or custom scripts required to achieve relatively simple tasks. The out-of-the-box functionality and usability of these tools have made great strides over the past few years to the point that many in-house resources can manage them on their own. Many of the leading tools even offer “self-service models” that are designed specifically for in-house adoption.

Collectively, these advancements are enabling companies to deploy internal discovery programs that span across the traditional in-house areas of identification, preservation, and collection, as well as downstream areas such as data processing, document review, and production.

Should my company insource its discovery operations?

The answer to that question is – it depends. Insourcing your discovery operations does not guarantee lower costs, better data security, or better service. For example, new software license costs combined with salaries for new discovery-support personnel could end up being higher than your current vendor processing and hosting fees. Along a similar vein, the time needed to export, perform quality control, and submit production sets could potentially go up. Not to mention, building a new internal discovery program requires significant upfront time, effort, and investment.

Your ultimate goal should be to create a cost-effective, repeatable, defensible, and practical discovery program that is tailored to your preservation needs, discovery profile, and resource capabilities. This can be accomplished by insourcing, outsourcing, or using a hybrid model.

To determine if insourcing is the optimal discovery model for your company, evaluate your department’s financial, legal portfolio and strategy, staffing, and data security goals against the risks, costs, and benefits of implementing this model.

Below is a robust set of questions to guide your evaluation.

Financial Management

• Are our discovery vendor rates competitive? If not, do we have the ability to renegotiate or are we locked in under a master services agreement (MSA)?

• Is there opportunity for consolidation of our vendors to capitalize on volume discounts?

• Are we able to lower vendor costs by moving to an “all-in” fixed-fee, tiered, or other alternative model with more cost predictability?

• How would we fund the initial and ongoing software license and upgrade costs associated with purchasing legal technology? What about the implementation and change management effort required to deploy an in-house discovery program?

• Could we “bill back” any portion of the discovery program directly to our matters or business clients that we support?

• Could we get other business units that benefit from our services to help fund this initiative, such as IT, internal investigation teams, compliance, information security, records, and information management?

• Have we calculated a return on investment (ROI) break-even point? Do we know how we would quantify costs to be in a position to quantify our savings?

• Have all deployment costs been accounted for (e.g., software licenses, physical hardware, storage, ongoing maintenance from vendor and internal IT resources, and support personnel salaries)?

Staffing

• Do we have personnel with both the skills and bandwidth to execute day-t0-day discovery processes? To support the infrastructure (if on premise)? Who will manage the overarching discovery program and these resources?
  
  
• Could any members within IT take on the day-to-day execution of discovery tasks and be dedicated resources moving forward?
  
  
• Do we have the budget and approval to hire new support personnel, if necessary? Could we leverage alternate legal service providers to fill these positions?
  
  
• What employee/salary band will discovery-support personnel be hired into? What business within the organization will they be hired into?
  
  
• How would we scale? Both in terms of our long-term plan as well as for point-in-time support when activity is at high demand? Will we require external resources to provide overage support?
  
  
• Does this model provide us flexibility to adapt to new data types, new technologies (e.g., enhancements to Microsoft O365), an influx of corporate data, or changes to best practices?
  
  
• How will we retain talent? Will there be a promotion track for discovery-support personnel? Will we invest in continued education and training?

Strategy / Culture

• What pain point(s) do we have with our current vendors? Are they cost-, technology-, expertise-, or service-related? Is it possible to derive better value under our existing agreement(s)?

• What will our legal portfolio/discovery activity look like three years from now? Do we expect growth, a decline, or to stay relatively flat?

• Has our discovery-related collection and processing activity increased during the past three years? Was this an increase in activity or simply an uptick in volume based on our increased corporate data footprint?

• Are there other business functions that could benefit from this (e.g., Compliance)?

• Are we willing to take on the added risk associated with processing and culling data in-house? What about the expectations set forth in our business client and outside counsel service level agreements (SLAs)?

• Would we feel comfortable having our discovery process or data security controls audited by an opposing third-party or government agency?

• Does our current culling strategy provide opportunities to reduce costs by insourcing data processing and eliminating vendor hosting fees? Or do we take a more cautious approach and push most data to review?

• What is our position on the use of early case assessment (ECA)? What about data analytics? Would we feel comfortable having our employees perform these more advanced workflows?

• How does storing additional data, on premise or in the cloud, align with our broader data management strategy?

• What level of change management will be required to roll out a new discovery program? Will attorneys and paralegals embrace this change or resist? How strong are the bonds between case teams and current providers? Will this create tension?

• What is our plan for ensuring that we keep our process current with legal standards?

Data Security

• Would IT/Information Security departments sign-off on this approach? Would they provide the permissions needed to install new technology (i.e., give access that allows the software to crawl across enterprise content repositories, such as network shares and email servers)? Would they allow us to transfer data between systems? Would they allow external users, such as outside counsel or experts, to access our systems?

• What new cyber threats are presented by storing our processed data on premise or in the cloud?

• Do we process data in regions outside of the United States? How does insourcing discovery impact our General Data Protection Regulation (GDPR) obligations?

• What impacts does this have to our: 1) backup policies, 2) disaster recovery plan, and 3) information security management models?

• What is our IT department’s posture on cloud-hosted technology? Do they have a preference to Amazon Web Services (AWS), Microsoft Azure, Google, another platform, or none at all?

• What data-encryption requirements do we have for data in-transit and at rest? Could we comply with these requirements (e.g., when transferring data to a cloud-hosted solution)?

• Would we migrate the data for our active cases into our new technologies or leave them to conclude with our existing discovery vendor(s)?

• Does this impact our coverage or costs related to cyber insurance?

The answers to these questions should inform your decision on whether insourcing your discovery operations is the right fit for you. A key tip to remember is that not all questions should be treated equally. Give additional credence to those that most closely align to your priority requirements and/or align to future goals. Furthermore, not all discovery operations need to be transitioned at the same time (if at all). Incremental changes in a controlled manner could serve as a better means for instilling defensible processes and strong user adoption.