Every eDiscovery Use Case Has an Investigation Component

Written by Doug Austin, Editor of eDiscovery Today

It’s common for eDiscovery professionals to talk about the “additional” use cases – beyond litigation – that have emerged in recent years for eDiscovery technology and workflows. Those use cases include data privacy compliance and responses to Data Subject Access Requests (DSARs), responses to audits, and even responses to Second Requests resulting from mergers or acquisitions as specified under the Hart–Scott–Rodino Antitrust Improvements Act of 1976 (HSR Act).

Investigations are another use case to which eDiscovery and Information Governance technology and workflows can be applied and we’re seeing it happen routinely in many organizations today. But all eDiscovery use cases – whether they’re officially considered “investigations” or not – have an investigation component to them.

Types of Investigations

There are several types of investigations that benefit from eDiscovery and Information Governance technology and workflows today, including:

Internal Investigations

There are several types of potential issues that can lead to internal investigations, including:

  • Employee theft/misappropriation of company property.
  • Harassment and/or discrimination, leading to creation of a hostile workplace.
  • Theft of trade secrets or other intellectual property.

The applications of eDiscovery technology to internal investigations are numerous. For example, basic entity extraction can identify instances where an employee is sending intellectual property to a personal email address, sentiment analysis can identify potential harassment speech in communications, anomaly detection can help flush out potential instances of discrimination, and concept clustering or technology assisted review (TAR) can help identify more instances of evidence that uncovers fraud.

Data Security Incidents

According to IBM, it takes an average of 287 days for security teams to identify and contain a data breach. Understanding your data and where it’s located through strong Information Governance best practices and technology can help you quickly identify potential data security incidents and whether any data has been breached.

Regulatory Investigations

These often begin with a regulatory agency’s detection of an irregularity in financial statements or other required reporting, or they can begin with a whistleblower allegation.

Remember Enron, the most famous eDiscovery case ever? Accounting irregularities that ultimately brought down Enron via special purpose entities used to hide Enron’s debt – with names like JEDI and Chewco (after Star Wars characters), LJM (the first initial of each of Enron CFO Andy Fastow’s three kids) and Raptor (named after the velociraptors in Jurassic Park) – could be detected today through “dark” language detection of code words in a collection.

Due Diligence

Investigations of a company’s internal processes often accompany an HSR Second Request. So, processes ranging from deNISTing, deduplication, or email threading to eliminate redundant or system data, optical character recognition (OCR) to identify content that would otherwise be missed, and concept clustering or TAR would help focus efforts on content likely to be important for due diligence investigations.

Proactive Investigations

Sometimes, the investigation may be performed to avoid issues in the first place, such as conducting early case assessment (ECA) processes to test the strength of a potential case before deciding on a course of action, and possibly avoid costly litigation for a case unlikely to wind up in your favor.

Other eDiscovery Use Cases Are Investigative Too

Even if the use case isn’t officially considered an investigation, it still has an investigative component to it. For example:

  • Litigation: Identifying evidence that can help win your case (or avoid costly litigation by settling sooner) is an investigative process. The use of tools such as ECA, concept clustering, entity search and extraction, and more can help you investigate the evidence and uncover the facts necessary to make key decisions about the case.
  • DSARs: The ability to understand where sensitive data is within your organization through strong Information Governance best practices and technology and apply AI and machine learning technologies to help identify key personal data can enable you to efficiently respond to DSAR requests.
  • Audits: Essentially, an audit is just a financial investigation, clustering and TAR to locate similar documents and anomaly detection to find issues are examples of key investigative tool to support responses to audits.
  • Second Requests: As noted above, due diligence investigations are a key component of any response to an HSR Second Request. Given the accelerated time frames associated with Second Requests, any eDiscovery mechanism that automates those investigations are key to your ability to respond.


As you can see, every eDiscovery use case – whether officially considered an “investigation” or not – has an investigative component to it that can benefit from eDiscovery and Information Governance technology and best practices. So, if you’re an eDiscovery professional, that makes you an investigator!

IPRO recently released a white paper titled The State of Corporate Investigations in 2022, which summarizes the current state of internal investigations and lays out the key challenges that organizations face when it comes to managing their data during an investigation. It also reports (in much more detail than I can in a single blog post) how organizations are currently using eDiscovery technology to overcome those challenges and proposes additional ways that organizations can leverage eDiscovery tools and techniques to complete investigations quickly and efficiently across several use cases. Check it out here!

For more educational topics from me related to eDiscovery, cybersecurity and data privacy, feel free to follow my blog, eDiscovery Today!