User:Antonymous/sandbox

Electronic discovery (or e-discovery, eDiscovery) refers to discovery in civil litigation which deals with the exchange of information in electronic format (often referred to as electronically stored information or ESI).^[1] This data is subject to local rules and agreed-upon processes, and is often reviewed for privilege and relevance before being turned over to opposing counsel.

Data is identified as potentially relevant by attorneys and placed on legal hold. Evidence is then extracted and analysed using digital forensic procedures, and is reviewed using a document review platform. Documents can be reviewed either as native files or after a conversion to PDF or TIFF form.^[1] A document review platform is useful for it's ability to aggregate and search large quantities of ESI.

Electronic information is considered different from paper information because of its intangible form, volume, transience and persistence. Electronic information is usually accompanied by metadata that is not found in paper documents and that can play an important part as evidence (for example the date and time a document was written could be useful in a copyright case). The preservation of metadata from electronic documents creates special challenges to prevent spoliation. Electronic discovery was the subject of amendments to the Federal Rules of Civil Procedure (FRCP), effective December 1, 2006, as amended to December 1, 2010.^[2] In addition, state law now frequently also addresses issues relating to electronic discovery.

Individuals working in the field of electronic discovery commonly refer to the field as Litigation Support. ^[3]

Stages of Process

Identification

The identification phase is when potentially responsive documents are identified for further analysis and review. Custodians who are in possession of potentially relevant information or documents are identified. To ensure a complete identification of data sources, data mapping techniques are often employed. Since the scope of data can be overwhelming in this phase, attempts are made to reduce the overall scope during this phase - such as limiting the identification of documents to a certain date range or search term(s) to avoid an overly burdensome request.

Preservation

During preservation, data identified as potentially relevant is placed in a legal hold. This ensures that data cannot be destroyed. Care is taken to ensure this process is defensible, while the end-goal is to reduce the possibility of data spoliation or destruction.

Collection

Once documents have been preserved, collection can begin. Collection is the transfer of data from a company to their legal counsel, who will determine relevance and disposition of data. Some companies that deal with frequent litigation have software in place to quickly place legal holds on certain custodians when an event (such as legal notice) is triggered and begin the collection process immediately. Other companies may need to call in a digital forensics expert to prevent the spoliation of data. The size and scale of this collection is determined by the identification phase.

Processing

During the processing phase, native files are prepared to be loaded into a document review platform. Often, this phase also involves the extraction of text and metadata from the native files. Various data culling techniques are employed during this phase, such as deduplication and de-NISTing. Sometimes native files will be converted to a petrified, paper-like format (such as PDF or TIFF) at this stage, to allow for easier redaction and bates-labeling.

Modern processing tools can also employ advanced analytic tools to help document review attorneys more accurately identify potentially relevant documents.

Review

During the review phase, documents are reviewed for responsiveness to discovery requests and for privilege. Different document review platforms can assist in many tasks related to this process, including the rapid identification of potentially relevant documents, and the culling of documents according to various criteria (such as keyword, date range, etc.). Most review tools also make it easy for large groups of document review attorneys to work on cases, featuring collaborative tools and batches to speed up the review process and eliminate work duplication.

Production

Documents are turned over to opposing counsel, based on agreed-upon specifications. Often this production is accompanied by a load file, which is used to load documents into a document review platform. Documents can be produced either as native files, or in a petrified format (such as PDF or TIFF), alongside metadata.

Types of ESI

Any data that is stored in an electronic form may be subject to production under common eDiscovery rules. This type of data has historically included email and office documents, but can also include photos, video, databases, and other filetypes.

Also included in e-discovery is "raw data", which Forensic Investigators can review for hidden evidence. The original file format is known as the "native" format. Litigators may review material from e-discovery in one of several formats: printed paper, "native file,", or a petrified, paper-like format, such as PDF files or TIFF images. Modern document review platforms accomodate the use of native files, and allow for them to be converted to TIFF and bates-stamped for use in court.

Electronic messages

In 2006, the U.S. Supreme Court's amendments to the Federal Rules of Civil Procedure created a category for electronic records that, for the first time, explicitly named emails and instant message chats as likely records to be archived and produced when relevant. The rapid adoption of instant messaging as a business communications medium during the period 2005-2007 has made IM as ubiquitous in the workplace as email^{[citation needed]} and created the need for companies to address archiving and retrieval of IM chats to the same extent they do for email. Modern message archival systems allow legal and technology professionals to store and retrieve electronic messages efficiently and in a timely manner.

One type of preservation problem arose during the Zubulake v. UBS Warburg LLC lawsuit. Throughout the case, the plaintiff claimed that the evidence needed to prove the case existed in emails stored on UBS' own computer systems. Because the emails requested were either never found or destroyed, the court found that it was more likely that they existed than not. The court found that while the corporation's counsel directed that all potential discovery evidence, including emails, be preserved, the staff that the directive applied to did not follow through. This resulted in significant sanctions against UBS.

With electronic message archiving in place for both email and IM, it becomes a fairly simple task to retrieve any email or IM chat that might be used in eDiscovery.^{[citation needed]} Some archiving systems apply a unique code to each archived message or chat to establish authenticity. The systems prevent alterations to original messages, messages cannot be deleted, and the messages cannot be accessed by unauthorized persons.

Also important to complying with discovery of electronic records is the requirement that records be produced in a timely manner. The changes to the Federal Rules of Civil Procedure were the culmination of a period of debate and review that started in March 2000 when then Vice President Al Gore’s fundraising activities were being probed by the United States Department of Justice. After White House counsel Beth Norton reported that it would take up to six months to search through 625 storage tapes, efforts began to mandate timelier discovery of electronic records.

The formalized changes to the Federal Rules of Civil Procedure in December 2006 and in 2007 effectively forced civil litigants into a compliance mode with respect to their proper retention and management of electronically stored information (ESI). Improper management of ESI can result in a finding of spoliation of evidence and the imposition of one or more sanctions including an adverse inference jury instructions, summary judgement, monetary fines, and other sanctions. In some cases, such as Qualcomm v Broadcomm, attorneys can be brought before the bar and risk their livelihood.

Voicemail

Voicemail is often discoverable under electronic discovery rules. Employers may have a duty to retain voicemail if there is an anticipation of litigation involving that employee.

Smartphones and Personal Digital Assistants

Many corporate employees have company-issued or personal PDAs or smartphones that may contain discoverable material. This can raise issues for collection, as the tools for acquiring data from such devices are difficult to find.^{[citation needed]} This is becoming a lesser issue as the field of digital forensics advances to more readily acquire data from such devices.

Reporting formats

Although petrifying documents to static image formats (tiff & jpeg) had become the standard document review method for almost two decades, native format review has increased in popularity as a method for document review since around 2004. Because it requires the review of documents in their original file formats, applications and toolkits capable of opening multiple file formats have also become popular. This is also true in the ECM (Electronic Content Management) storage markets which are converging quickly with ESI technologies.

Petrification involves the conversion of native files into an image format that does not require use of the native applications. This is useful in the redaction of privileged or sensitive information, since redaction tools for images are traditionally more mature, and easier to apply on uniform image types. Efforts to redact similarly petrified PDF files have resulted in the removal of redacted layers and exposure of redacted information, such as social security numbers and other private information.^[4][5]

Traditionally, electronic discovery vendors had been contracted to convert native files into TIFF images (for example 10 images for a 10 page Microsoft Word document) with a load file for use in image-based discovery review database applications. Increasingly, database review applications have embedded native file viewers with TIFF-capabilities. With both native and image file capabilities, it could either increase or decrease the total necessary storage, since there may be multiple formats and files associated with each individual native file. Deployment, storage, and best practices are becoming especially critical and necessary to maintain cost-effective strategies.

Common issues

A number of different people may be involved in an eDiscovery project: lawyers for both parties, forensic specialists, IT managers, and records managers, amongst others. Forensic examination often uses specialized terminology (for example "image" refers to the acquisition of digital media) which can lead to confusion.^[1]

While attorneys involved in case litigation try their best to understand the companies and organization they represent, they may fail to understand the policies and practices that are in place in the company's IT department. As a result, some data may be destroyed after a legal hold has been issued by unknowing technicians performing their regular duties. To combat this trend, many companies are deploying software which properly preserves data across the network, preventing inadvertent data spoliation.

Given the complexities of modern litigation and the wide variety of information systems on the market, electronic discovery often requires IT professionals from both the attorney's office (or vendor) and the parties to the litigation to communicate directly to address technology incompatibilities and agree on production formats. Failure to get expert advice from knowledgeable personnel often leads to additional time and unforeseen costs in acquiring new technology or adapting existing technologies to accommodate the collected data.

Emerging Trends

The Convergence of Information Governance and Electronic Discovery

Anecdotal evidence for this emerging trend points to the business value of Information governance (IG), defined by Gartner as the specification of decision rights and an accountability framework to encourage desirable behavior in the valuation, creation, storage, use, archival, and deletion of information. It includes the processes, roles, standards, and metrics that ensure the effective and efficient use of information in enabling an organization to achieve its goals.

As compared to eDiscovery, information governance as a discipline is rather new. Yet there is traction for convergence. eDiscovery — as a multi-billion dollar industry — is rapidly evolving, ready to embrace optimized solutions that strengthen cybersecurity (for cloud computing). Since the early 2000s eDiscovery practitioners have developed skills and techniques that can be applied to information governance. Organizations can apply the lessons learned from eDiscovery to accelerate their path forward to a sophisticated information governance framework.

The Electronic Discovery Reference Model (EDRM) — in collaboration with ARMA International — published a white paper that describes How the Information Governance Reference Model (IGRM) Complements ARMA International’s Generally Accepted Recordkeeping Principles (GARP®) ^[6]

See also

• Information governance
• Data retention
• Telecommunications data retention
• Early case assessment
• Legal governance, risk management, and compliance

References

1. Various (2009). Eoghan Casey (ed.). Handbook of Digital Forensics and Investigation. Academic Press. p. 567. ISBN 0-12-374267-6. Retrieved 27 August 2010.
2. http://www.law.cornell.edu/rules/frcp
3. Adam I. Cohen, David J. Lender. Electronic Discovery: Law and Practice. 2011. ISBN 1454815604
4. http://techcrunch.com/2009/02/11/the-ap-reveals-details-of-facebookconnectu-settlement-with-best-hack-ever/
5. http://www.schneier.com/blog/archives/2006/06/yet_another_red.html
6. White Paper (2011). How the Information Governance Reference Model (IGRM)Complements ARMA International’s Generally Accepted Recordkeeping Principles GARP®) (PDF). EDRM and ARMA International. p. 15. {{cite book}}: Unknown parameter |copy editor= ignored (help)

External links

• Federal Judicial Center: Materials on Electronic Discovery
• The Electronic Discovery Reference Model (The EDRM is an eDiscovery industry standards setting group)
• Grand Valley State University: e-discovery video
• The Sedona Conference (Think tank of jurists, lawyers, experts, and academics)
• The Masters Conference (Federal Judges, lawyers, experts, International and academics)
• Women in eDiscovery (Non-profit women's organization)
• How True is that Voodoo? Authenticating Internet Sources of ESI from the Martindale-Hubbell Company's online Martindale.com Legal Library. Article by Erin E. Graham and Alison A. Grounds, October 14, 2010.

Category:Civil procedure Category:Email Category:Digital forensics