Client
Global IT services company

Background
The client faced allegations of fraud and corruption under the Foreign Corrupt Practices Act and, arising from that, issues relating to the mis-statement of accounts.  As part of the planned response to the Department of Justice in the US, the client appointed an independent firm of lawyers to conduct an investigation.

Task
To enable an efficient review of all relevant documents that might be pertinent to the investigation.

Challenges
Multiple levels of inquiry in multiple jurisdictions; the need to protect data privacy whilst still meeting the requirements of the regulator; a constantly increasing list of custodians; encryption of data; concerns over staff integrity; technical and logistical issues; some matters were classified and governmental security clearance was required.

Overview
Due to data privacy and national security requirements, the team initially had to collect and process data and conduct an early case assessment in several jurisdictions across Europe. They did this by visiting each jurisdiction alongside the in-house team and external lawyers and conducting interviews with key custodians to gain an understanding of how they used data, where the data resided and who was responsible for it. Discretion was key as the client had concerns about the integrity of some staff (which were later borne out).

Not all data could be directly removed to the UK, some had to be processed and reviewed on-site for various reasons.  For example:

  • In one jurisdiction, the client was involved in classified projects for the government and, accordingly, all documents had to go through a security review before they could be reviewed by anyone without the sufficient level of security clearance;
  • In some jurisdictions, documents had to be reviewed and filtered on-site due to privacy requirements.

All documents that were able to be removed directly to London were kept in a centralised document review database where they could be reviewed locally and internationally.

The number of people involved in each jurisdiction was impossible to estimate in advance and the list of custodians lengthened almost daily. This meant that an accurate record had to be kept of exactly what had been done, where, when and on whose behalf. The team also had to ensure their collection and processing procedures were identical in all jurisdictions.

There was also a lot of encryption at mail box and document level where data had to be identified and then recovered so that all documents could be put forward for review. Added to this was the fact that many documents were located in non-mail Lotus Notes databases and, in such instances, the team had to define a process and a script to extract them in a manner that allowed them to be read by the processing software so that they could be reviewed.

Outcome
All relevant data was successfully processed and made available for review to the lawyers whilst abiding by all relevant local legislation.