Three best practices for using e-discovery

By Michele Brancati

The introduction of regulations such as Europe’s General Data Protection Regulation, and new laws such as the California Consumer Privacy Act (CCPA) -- paired with the ever-growing volume and complexity of data -- have heightened the need to evolve how companies approach and prepare for litigation e-discovery and other legal requests for the disclosure of electronic data. Without adequate technology, processes and teams, companies run the risk of high fines, litigation costs and reputational damage. 

KPMG has identified the following three best practices that legal teams can follow to drive the efficiency necessary for today’s data-centric society:

  • Invest in new technology. Technology can play a vital role in helping companies address complex investigative and litigation requests. For example, by bringing discovery data and processes onto the cloud, companies can expedite the discovery process.

At KPMG, we recently invested in Relativity’s cloud-based e-discovery solution, RelativityOne, to better manage, utilize and protect discovery data by storing it in a single, secure Software as a Service (SaaS) platform. By moving discovery data to the cloud, global companies can achieve greater scale, and flexibility. 

  • Prioritize data protection. The prevalence of data protection and privacy laws around the globe has greatly increased over the past several years – and we don’t anticipate that to slow down anytime soon. With the growing need for data in investigations and litigations today, it’s important to securely maintain information.

“With the rise in data breaches across all industries, it is imperative that companies implement strong encryption protocols such as encryption at rest or customer managed encryption keys (CMK) to increase control over and protect data,” said Thomas Keegan, Principal, Forensic, KPMG. “To enable that added security, and full control over discovery data, KPMG added a CMK to our new RelativityOne offering - in fact KPMG is a pioneer among providers who opted for that added security layer.” Beyond the CMK, which provides cryptographic control of data stored in the cloud, KPMG added another layer of security with an edge authentication gateway. This gateway provides threat protection on top of the RelativityOne solution.  

  • Build a repeatable and defensible process. Software alone isn’t enough. Companies must have the right process and teams in place committed to delivering high quality results. To do so, companies should look to build repeatable processes supported by skilled staff capable of understanding what is required to comply with each specific request. Strong processes can help drive efficiency and by reducing data volumes at the source.

Collecting, reviewing, managing and protecting data for litigation and regulatory requests can be very time-consuming and costly. And the sheer volume of data and growth in cyber-attacks makes this process even more challenging. While these three tips are not meant to be a cure-all, they will help improve processes to make them more efficient and secure.


Michele Brancati is a member of KPMG's Corporate Communications team. Please contact her for additional information or to arrange an interview.




Thomas P. Keegan

Thomas P. Keegan

Principal, Advisory, Forensic, KPMG US

+1 212-954-7880

Related content