What’s the first thing you think about when you hear about a government investigation? Personal harm? Social impact? The 24-hour news cycle? Political impact? Penalties? “What can the data tell us?” is one of the first questions I’m always asking when I hear the government is knocking. During the Government Investigations and Civil Litigation Institute’s (GICLI) third annual meeting, I found every prevalent theme aligned with the types of data-driven concerns I have in mind.
The 2017 GICLI conference, which aims to provide in-depth education regarding the dramatic surge in regulatory enforcement activities and related civil litigation that burdens the corporate legal department, was held October 9-11 in Dove Mountain, Arizona.
Throughout my one-and-a-half days at GICLI, I enjoyed the privilege and intellectual rigor of attending nine out of 13 panels collectively available during plenary and breakout sessions. The agenda was loaded with highly relevant, informative and meaningful content presented by and for an exceptionally sophisticated, collaborative and down-to-earth group of more than 120 practitioners from leading law firms, corporations and government agencies. Reflecting on all the great information, I walked away wishing that I had access to this type of forum 15 years ago and certain that not only would I come back, but also encourage others to participate in the GICLI community, come to next year’s meeting, continue learning and exchange insights. With that inspiration in hand, I’m happy to share some of the highlights that left a lasting impression with me, along with the data-driven implications you should be considering.
First and foremost, who cares?
Every industry should care, but especially highly-regulated, publicly-held organizations. Further, international organizations, public or private, need to focus on potential regulatory risks and underlying data-driven concerns. Putting aside some of the most exceptional fines and disgorgements that cost international corporations billions of dollars, dozens of new FCPA investigations are opened each year and the average case lasts four years. The U.S. government and its counterparts worldwide have established agencies to oversee most aspects of our lives. Today, consumer protection authorities are increasingly concerned with products that collect, compile and rely on data. Dolls, watches, vehicles and thermostats are among the myriad of products that are connected to the internet and streaming or storing information somewhere. Of course, the more obvious and traditionally heavily-regulated arenas like finance, healthcare, automotive and energy sectors need to recognize that the FBI and SEC are leading authorities with increasing ability to conduct sophisticated data analysis on grand scales. Further, there is significant international cooperation among regulators and sophisticated surveillance, with agents embedded in other countries. Consider what your organization is doing: what else can you do to more proactively monitor, detect and prevent issues in-house?
Everyone likes a diagram
To navigate the complexities of a government investigation, a common operating framework is particularly helpful. Many organizations that face regulatory inquires never have before but are then likely to face them again and certainly need specialized, experienced support and representation. Hats off to Patrick Oot, David Greenwald and Ashish Prasad for releasing version 1.0 of the Government Investigations Reference Model (GIRM) during GICLI’s 2017 annual meeting. The model provides an exceptionally helpful diagram to align the many activities and stakeholders that come into play throughout the lifecycle of a matter, from the time it emerges to the time it’s resolved. This will undoubtedly be in broad circulation soon and go through healthy community feedback and iterative enhancement. Other models that have emerged over the years, such as the Electronic Discovery Reference Model (EDRM) and the Information Governance Model (IGRM) effectively prove the utility of a common frame of reference. This new model is complimentary and can nearly be used in parallel to the EDRM as a substantive legal framework. Considering the two models together is important to enable practitioners to consider how, where and when they can identify, contain, interrogate and disclose potentially relevant data for optimal representation through the course of any investigation. Further, many of the reactive elements of the GIRM will serve to inform the types of proactive measures emphasized at GICLI, which could be incorporated into the model, as well.
There are inherent tensions between cooperation with authorities, credit for cooperation, disclosure of privileged information, company representation, impacts associated with downstream civil litigation and over retention of electronic data. The fallout from an investigation and the high likelihood of spin off litigation is costly and time consuming. The answers for many (if not most or all) of the questions that arise through the course of an investigation can be answered through the absence or presence of electronic evidence. Early and constant case assessment was a prevalent theme among panelists at the GICLI meeting. While there are many work streams running hot during the course of these projects, building fact patterns and disclosing findings based on actual, underlying data is sensible, especially when coupled with findings from witness interviews and sound strategy. Meanwhile, it can take time to put the relevant information together and additional findings tend to emerge later, thus enhancing the tensions. Even in these urgent circumstances, counsel needs to pause and carefully consider the best search, retrieval and analytics strategies to identify and triage factually relevant data, data sets that need to be compiled to prove the negative (i.e., when there’s no real infraction) and potentially privileged information. Of course, this further illustrates the logic in carefully examining potentially relevant data. Much can be accomplished through holistic, high-level and mid-level data analysis. Early data analysis often reveals key players, timelines and tranches of useful or irrelevant data.
As the tentacles of an investigation spawn and the scope of potential civil actions are defined, so too should the scope of legal holds and data preservation. Some of the basics and details of these often-mentioned issues go unattended at a surprising rate. It is also apparent from GICLI meeting attendees that an equal amount of consternation can be attributed to over-retention of data. Precise, content retention and disposition appears to remain elusive to many organizations, even with comprehensive policies in place. The large “data lakes” that spring up are especially challenging. Pools of legacy data that remain unmanaged on file servers or under the custody of outside counsel occasionally become the vehicle for cases to proceed simply because data was still available, despite expiration of retention and legal hold obligations.
Keeping up the momentum
These were just a few of the big themes and underlying issues that were covered in depth at GICLI 2017. I’m optimistic that future meetings will prove to be as informative. So, I look forward to the fourth annual GICLI meeting in Ft. Lauderdale, Florida on October 8-10, 2018 and hope to see many new and familiar faces.
One of my goals is to keep the conversations started at GICLI going over the next 12 months. If you have any ideas or questions about the prominent role of data in government investigations, please don’t hesitate to reach out.