Activity

Home » Activity

10 Important Choices for Successful E-discovery Part 1

The Information Management Journal/September/ October 2007- Today’s surge of electronic data, coupled with the December 2006 modifications to the Federal Rules of Civil Procedure (FRCP) concerning digitally kept information (ESI), requires info and attorneys to expand their understanding about handling electronic discovery. The recent changes to the FRCP consist of:

* Definitions and safe harbor provisions for the routine alterations of electronic files during regular operations such as back ups [Amended Rule 37( f)]

* Information about how to deal with data that is not fairly accessible [Amended Rule 26( b)( 2 )( B)]

* How to handle inadvertently produced privileged product [Amended Rule 26( b)( 5)]

* ESI preservation duties and the pre-trial conference. [Amended Rule 26( f)]

* Electronic file production requests [Amended Rules 33( d), 34, 26( f)( 3 ), 34( b)( iii)]

There are many opinions about how ESI should be planned for, managed, organized, saved, and retrieved. Some of the offered options are extremely expensive in regards to their required financial and time commitments. Continuously changing innovations only contribute to the confusion. One area of confusion is the difference between computer forensics and electronic discovery; there is a considerable distinction. These are described in the sidebar Computer Forensics vs. Electronic Discovery.

Making the Right Choices

Effectively responding to e-discovery within the restraints of the amended FRCP requires organizations to make many important choices that will impact the collection and processing of ESI.

Collection Decisions

The following questions need instant responses:

1. Are e-mail files part of this project? If so, do any key people keep an Internet email account, in addition to their business accounts?

The sheer volume of deals for big e-mail suppliers restricts the storage of huge quantities of mail files. Numerous Internet email account service providers, such as AOL, BellSouth, and Comcast, maintain their e-mail logs no longer than 30 days. If a case might potentially require the expedition of email from Internet accounts, the discovery group must expeditiously ask for the records, or they may be gone permanently. This generally needs a subpoena. In unusual cases, pieces of Internet email might be recuperated forensically from an individual’s disk drive.

2. Exists any possibility illegal activity may be discovered?

Many cases including electronic information reveal misbehaviors. These circumstances might include a member of the innovation department or a highly technical worker. In these cases, a company’s very first disposition may be to terminate the worker( s) involved and determine the level of any damage prior to notifying law enforcement agencies.

This may be exactly the WRONG thing to do. If the misdeed is by a technical individual, there is a possibility that he or she is the only individual who knows how to access the files, discover the issue, or repair it. This is frequently the individual who understands the passwords for mission-critical applications. The technical staff member usually has the capability to work and access company files remotely. Unless such access is eliminated prior to the worker’s termination, it is possible that an ended or irritated employee may access the network and do great damage.

If the situation includes criminal matters, specifically if medical or financial records have actually been jeopardized, an excellent decision is to include law enforcement as early as possible. Electronic wrongdoers regularly disappear and ruin all evidence of their activities.

3. Is it possible that erased or concealed files may play an important role in this case?

There are three ways to collect electronic apply for discovery:

* Forensically ะ ะ as explained in the sidebar

* Semi-forensically ะ ะ utilizing non-validated methods and applications to record files

* Non-forensically using easy cut and- paste copy methods to move copies of files from one place to another. These approaches do not consist of hashing files to make sure the files have actually not altered, which includes utilizing a hash algorithm to develop a mathematical fingerprint of one or more files that will change if any change is made to the collection.

For some matters, the material of electronic documents is all that matters. The context of the files ะ ะ who created them, how they are kept, how they have been accessed, if they have actually been altered or erased ะ ะ is not as important.

For other cases, contextual info, consisting of finding erased files, is important and needs a forensic collection. This includes

* Ensuring legal search authority of the data

* Documenting chain of custody

* Creating a forensic copy utilizing verified forensic tools that develop hash records

* Using repeatable processes to analyze and examine the data

* Creating a clinical report of any findings

Identifying the value of electronic forensic file collection need to be done prior to any data being recorded. Once semi- or non-forensic methods have been used, it is difficult to return records to their original states.

4. Are backup tapes part of an active collection?

Some cases include historic problems, making the approach of handling computer system backups important to address instantly.

A lot of organisations use a schedule of turning their backup media. A brand-new set of media is used for the 2nd, 3rd, and 4th weeks, and then those three tapes are stored offsite.

Backup tapes might enter into the active information required to be kept under a lawsuits hold. This requires cessation of any rotation schedule, and the 2006 changes to the FRCP make it critical for the legal group to convey that information to the innovation employees accountable for service connection processes.

* ESI preservation duties and the pre-trial conference. Are e-mail files part of this job? The large volume of deals for large e-mail suppliers prohibits the storage of huge amounts of mail files. If the wrongdoing is by a technical individual, there is an opportunity that he or she is the only individual who understands how to access the files, find the issue, or repair it. The technical worker normally has the capability to work and gain access to company files remotely.