|
Take it from me, the management of electronic evidence
is easier for those of us who know how to avoid the
most common pitfalls associated with this emerging part
of discovery. I've compiled this list of the Top 10
challenges (and solutions) that are most commonly found
during the e-discovery process. The list will undoubtedly
change over the coming months as our industry responds
to recent decisions from federal and state jurisdictions.
However, these solutions have proven effective in controlling
the scope and cost of e-discovery requests:
It's tough enough to estimate how long something will
take to do when you know the location of the data and
parameters of a request, but determining the amount
of time it might take to gather data from multiple sources
could become a daunting task. Make sure to do your best
to account for all possible data and leave enough time
for unexpected surprises like finding spare drive space
and old media formats.
Much like estimating time, being able to get a handle
on the relevant size is extremely difficult when it
comes to a large number of data sets. It can become
even more of a challenge when data is stored on removable
media and mixed with non-relevant data. There are different
approaches that could be taken to obtain this sort of
information, but one rule of thumb is to address a finite
set of data and work with it in smaller, more manageable
chunks. Try to restore archived data into a central
location so that estimating size becomes much easier.
Also, search through backup and communication logs to
get a better sense of how much information is really
there.
From a disaster recovery standpoint, retrieving the
appropriate information in any form may be sufficient
for those users that deleted files by accident, but
when dealing with evidence collection and gathering,
nothing short of the original version will do. The simple
process of transferring data from one directory on a
file server to another will change the metadata of those
files. If attorneys are looking to build a timeline
of events that is derived from file and system information,
maintaining original attributes of files is crucial.
If custom scripts that preserve file information are
beyond your capabilities, look into using archiving
software that allows you to write to a file or compression
utilities that preserve this type of information. Finally,
document every step along the way. Regardless of the
method, make sure to keep track of what goes where and
how.
IT professionals have to deal with many different servers
within an organization that handle day-to-day back-end
operations. With everything from e-mail and file servers
to remote access and web servers, data can reside anywhere
in between. With unified messaging gaining a lot of
popularity, it becomes the IT manager's responsibility
to find what data may be relevant without having it
being requested directly. Try to take a step back and
map out the entire organization from a high level and
determine what type of information is needed. Then,
make an action plan to inspect all possible areas where
relevant data can reside. Once these key locations are
identified, it is much easier to talk about what exists
where and what specifically is needed.
Trying to respond to the day-to-day needs of active
users is hard, but trying to deal with inactive users
that may have transferred into another department or
are possibly no longer with the company can be a nightmare.
Attorneys typically request a certain range of information
for a particular group of people in a defined timeframe.
Depending on how data is maintained and backed up, it
may be necessary to cross reference information from
HR to determine what department a particular employee
worked in and the appropriate media set that backed
up that department's data. Also, access rights and universal
drive mapping might become an issue when a request encompasses
getting all information that a particular person had
access to during a certain period of time. Unless specific
rights and policies are maintained by the Network Administrator
down to that level of detail, this type of request could
result in the necessity to provide an overencompassing
amount of information. Therefore, good record and user
management should include some HR-specific information
that could be useful in the future.
Even if all the relevant data is within your grasp,
there might be a request to search through data sets
to create smaller subsets based on certain parameters.
If the request is based on user name, date, or file
type, a simple filter in the file system or e-mail server
might give you some leverage in selecting the appropriate
information. However, if you need to sift through actual
content based on keywords, names, or other information,
you will need to create an index of every document,
e-mail, and attachment to perform a search in order
to create a subset of relevant information. However,
filtering by file type may not necessarily get you the
results that you want given that an extension is not
always representative of the actual file type. Be careful
when using a catchall approach to data gathering. At
this point you may wish to consider the services of
an electronic discovery expert to inspect the header
information of files rather than just the extension.
How great would it be if all of the data ever created
by all of your users was online and available at a moment's
notice? Unfortunately, since hard drives don't exactly
grow on trees, we are forced to implement stringent
backup rotations and archiving policies to ensure that
data is preserved in case of system failure or natural
disaster. However, backed-up data that was once intended
to be used only in case of a technical problem is fast
becoming a routine part of the legal discovery process.
This new reality has forced many corporations to reconsider
their retention policies.
Nevertheless, if the data is available on tape or other
archived media, it is the overwhelming task of the IT
professional to be able to restore it. This is oftentimes
more difficult than it sounds and creates enormous problems.
The difficulties come into play when the software used
to create the archive is no longer available, not supported,
or not easily usable. Legacy systems might involve outdated
hardware and comparable systems with enough storage
to hold the data after it is restored. Likewise, e-mail
systems often require the creation of an exact server
environment with specific permissions and access rights
in order to access the data. Working in native environments
requires knowledge of the system so if documentation
is not available for an unsupported application, you
may need to call in recovery experts to extract information
at the lowest level in order to recreate the environment.
No one can foresee the future, but good documentation
can one day get you out of a bind.
Once the data is gathered and stored in one place,
the most common request by counsel is to access the
data for the purpose of review. Be very careful with
this as all of your hard work in gathering and preservation
may be jeopardized. Often, technology departments will
go to great lengths to come up with a solution for document
review. Having attorneys open files from a file server
may seem like a no-brainer. All one has to do is set
up the appropriate security group, assign the access
to the folder with the data, and you're done. What most
systems people do not realize is that allowing attorneys
to access the original information is a potential recipe
for disaster.
Aside from easily changing metadata by simply opening
a file, reviewers can unknowingly change or delete information.
Not to mention that each user will need a copy of every
application used to create those files loaded on his
or her desktop. In addition, the attorneys will need
to keep track of the files that are relevant and those
that are confidential and so on. Some people have gone
so far as to create custom databases to track this information.
When it comes to e-mail review, you run the risk of
having documents printed out from an attorney's mailbox
with his or her name at the top of each client e-mail.
You can see how a single request can create a support
and development nightmare that can cost you countless
hours and dollars in lost productivity.
Depending on the size of the collection, a native review
might be possible, but please be sensitive to read-only
access so that metadata, date sensitive field codes
and formulas are not altered. If you find yourself in
the middle of a large data collection and review, think
about consulting a litigation support company that could
provide you with an internal solution or even consider
using a web-based repository. This is the easiest way
to facilitate attorney access and review of data without
needing to maintain a system in-house.
If there were only enough hours in the day to get the
typical work done and fires put out, no one would complain.
However, overworked IT staff find themselves with no
hope in sight as extremely critical and time sensitive
requests come in for information and data that has to
be restored, collected and transferred. Many firms have
needed to bring on additional support in order to dedicate
knowledgeable personnel to the sole purpose of searching,
restoration and production. This is becoming an extremely
difficult task for corporations to deal with as they
respond to litigation and a never-ending supply of electronic
data.
Another approach is to restore as much data as possible
in anticipation of production. This is usually a very
cost intensive process that requires the aide of outside
service bureaus and data repositories. In either case,
the requests will not go away and can create a bottleneck
that leads to sanctions for failure to produce in time.
Therefore, it is the responsibility of every IT professional
to look into a solution that will deal with responding
to requests for data residing in electronic form. You
might not be able to do anything about existing data,
but you can certainly think about how to resolve the
problem going forward. If you put in the necessary tools
now, future requests will become much easier.
IT staff are from Mars and legal counsel is from Venus.
This is a simple but painful truth in the corporate
and legal world that many have trouble understanding.
There are probably enough stories about miscommunication
out there to write a three-volume anecdotal book on
the subject. The most common problem from a data collection,
information management, and review standpoint is the
inability of legal professionals and technology support
personnel to communicate effectively. Attorneys are
very often driven by the facts and legal issues surrounding
a case and tend to think and speak rigidly about how
things relate to the law and what is needed. This too
often translates into a misunderstanding on the part
of the IT person that is ready and willing to provide
the attorney with exactly what is asked of him. Therein
lies the problem.
For example, when a request is made for "all of
User X's files from the server," the IT person
will leave no stone unturned and retrieve every file
from the user's home directory. The IT person thinks
he did a great job in a very short period of time. When
the attorney and his staff get the information, review
the data and get ready to make the production a day
before it's due, everyone feels great until someone
asks if anyone has seen the reviewed e-mails. It is
important to understand from both sides that what an
attorney asks for is not always what he wants or needs.
The art of identifying discoverable data is a fine mix
of legalese and geek speak. It is important to understand
that attorneys are not always keen to the problems of
transfer rates or packet header information and that
a request for User X's files may mean more than just
the My Documents folder on the server. The process of
educating IT staff about the importance of all-inclusive
productions and the sensitivity of the preservation
of data is just as important. For all of the attorneys
out there, be careful what you ask for, you just might
get it.
Top
Gene Klimov of Doar Communications
|
