Subscribe / Renew
October 30, 2014
Your company is finishing up a large project on a site that used dozens of subcontractors and you start closing out the project as you have done dozens of times in the past. As part of the closeout process, you wipe the hard drives from workstations and laptops from the site and archive all the servers to backup tapes.
This seems like a pretty standard workflow that companies go through, but what happens when two years later your company is sued for breach of contract and accused of deleting relevant electronic data?
This is a common occurrence in the world of electronic discovery or eDiscovery.
EDiscovery is the use of electronic information related to a litigation matter, internal investigation, or government request.
After a lawsuit is filed there is usually a discovery request for relevant documents pertinent to the case that includes both paper and electronic documents. Those who are inexperienced at handling these types of matters can inadvertently put your company in jeopardy by taking the incorrect course of action.
Where should you start to make sure you’re not hurting your company?
Luckily, there is an industry-standard workflow to help you understand the things you need to do for the eDiscovery process. As eDiscovery became more of a common occurrence, thought leaders from corporations, law firms and vendors came together to form the Electronic Discovery Reference Model (http://www.edrm.net) and outlined the process for dealing with eDiscovery.
This is a great place to start, but make sure you’re talking to your attorneys about eDiscovery so that everyone is on the same page. As part of the litigation process, the parties are required to “meet and confer” about topics relevant to the discovery process, which includes eDiscovery. At this important meeting, the attorneys on both sides should discuss who, what, when and how the data will be preserved, collected and produced in the case.
The biggest challenge inexperienced companies face is the proper preservation and collection of electronic data or, as it’s sometimes called, electronically stored information. There are many different types of data to collect, including email and Microsoft Office documents (Word, Excel, PowerPoint). In some cases, data on mobile phones or social media sites such as Facebook and LinkedIn may be relevant to a particular case as well.
When dealing with construction and architecture companies, among the most important data types are design and CAD files. These are difficult to print out and require extra attention when it comes to eDiscovery.
It’s important to discuss all of these types of data at your “meet and confer” or else you run the risk of not preserving information, which can get you into trouble with the courts or government in the event of an investigation.
There are several different approaches to collecting data and both your attorneys and IT organization should be involved in the discussion. You may want to consult with an eDiscovery specialist as well since they have the most experience dealing with eDiscovery challenges.
The first method is self-collection, where the individual or the IT organization collects the data from the enterprise systems. This method is common but must be done with care, as it runs the risk of altering critical meta-data, which may have an adverse impact on the case.
In eDiscovery, the meta-data (data about data) can be a critical component of the state of mind of a user when creating the document. Simply copying and pasting data from one folder to another will alter the meta-data about when the file was created from a file level perspective. Most file types now have internal meta-data that can be reviewed and extracted, but that requires specialized eDiscovery and forensic tools.
There are ways to copy the data in a manner that doesn’t change the data, but it requires some special knowledge of how to copy data in that manner.
The second method is the forensic approach. Computer forensics is a well-established process where specialists can gather data in a manner where nothing is altered from the system by creating a forensic image of the media. This is a virtual representation of the media such as a hard drive, USB drive, or mobile device that can be authenticated by other forensic experts. This allows the forensic experts to testify to the veracity of the data and provide their opinion about what happened with the files on the system.
Computer forensics is necessary when there is a concern about whether data may have been intentionally deleted to hide the facts from the requesting parties.
The forensic approach is tried and true, but it can be expensive.
So which approach is the best? It will depend on the case and the type of data involved.
In employment cases or government investigations, it might be worth the expense of using computer forensics because the cases commonly hinge on the authenticity of the data. Generally, I recommend a hybrid approach that uses computer forensics to preserve the data for the key individuals in a matter and then a self-collection (with the appropriate guidelines). Again all of this should be discussed in the “meet and confer.”
EDiscovery can be challenging, but manageable, if you have the right people involved in the process. This includes your IT organization, outside counsel, and possibly an eDiscovery specialist. Getting good advice will help save your company money and heartache in the long-term.
Some companies have developed eDiscovery playbooks that outline the manner of how they handle eDiscovery issues. Having a playbook will ensure you have a reasonable approach for preserving, collecting and producing electronically stored information that can be defended by your attorneys.
Having an eDiscovery playbook in place allows companies to focus on the merits of the case rather than focusing all the attention and billable time on how they are going to execute discovery.
Jason Velasco, director of consulting at Seattle-based Lighthouse eDiscovery, has more than 15 years of experience in electronic discovery issues and forensic investigations. He has conducted more than 350 computer forensic examinations and more than 700 classes on the subject.
comments powered by Disqus