10 Critical Decisions For Successful E Discovery Part 1

10 Critical Decisions For Successful E Discovery Part 1



10 Critical Decisions for​ Successful E-discovery Part 1
The Information​ Management Journal/September / October 2018- Today’s explosion​ of​ electronic data, coupled with the December 2018 amendments to​ the Federal Rules of​ Civil Procedure (FRCP) concerning electronically stored information​ (ESI), requires information​ and​ legal professionals to​ expand​ their knowledge about handling electronic discovery .​
The recent changes to​ the FRCP include:
* Definitions and​ safe harbor provisions for​ the routine alterations of​ electronic files during routine operations such as​ back ups [Amended Rule 37(f)]
* Information​ about how to​ deal with data that is​ not reasonably accessible [Amended Rule 26(b)(2)(B)]
* How to​ deal with inadvertently produced privileged material [Amended Rule 26(b)(5)]
* ESI preservation​ responsibilities and​ the pre-trial conference .​
[Amended Rule 26(f)]
* Electronic file production​ requests [Amended Rules 33(d), 34, 26(f)(3), 34(b)(iii)]
There are many opinions about how ESI should be planned for, managed, organized, stored, and​ retrieved .​
Some of​ the available options are extremely costly in​ terms of​ their required financial and​ time commitments .​
Constantly changing technologies only add to​ the confusion​ .​
One area of​ confusion​ is​ the distinction​ between computer forensics and​ electronic discovery; there is​ a​ significant difference .​
These are described in​ the sidebar Computer Forensics vs .​
Electronic Discovery.
Making the Right Choices
Successfully responding to​ e-discovery within​ the constraints of​ the amended FRCP requires organizations to​ make many critical decisions that will affect the collection​ and​ processing of​ ESI.
Collection​ Decisions
The following questions need immediate answers:
1 .​
Are e-mail files part of​ this​ project? if​ so, do any key people maintain​ an​ Internet e-mail account, in​ addition​ to​ their corporate accounts?
The sheer volume of​ transactions for​ large e-mail providers prohibits the storage of​ massive amounts of​ mail files .​
Many Internet e-mail account providers, such as​ AOL, BellSouth, and​ Comcast, retain​ their e-mail logs no longer than 30 days .​
if​ a​ case could potentially require the exploration​ of​ e-mail from Internet accounts, the discovery team must expeditiously request the records, or​ they may be gone forever .​
this​ usually requires a​ subpoena .​
in​ rare cases, fragments of​ Internet e-mail may be recovered forensically from an​ individual’s hard drive.
2 .​
is​ there any chance illegal activity may be discovered?
Many cases involving electronic data uncover wrongdoings .​
These situations may involve a​ member of​ the technology department or​ a​ highly technical employee .​
in​ these cases, an​ organization’s first inclination​ may be to​ terminate the employee(s) involved and​ determine the extent of​ any damage prior to​ notifying law enforcement agencies.
this​ may be exactly the WRONG thing to​ do .​
if​ the wrongdoing is​ by a​ technical person, there is​ a​ chance that he or​ she is​ the only person​ who knows how to​ access the files, find the problem, or​ fix it .​
this​ is​ often the person​ who knows the passwords for​ mission-critical applications .​
The technical employee usually has the ability to​ work and​ access company files remotely .​
Unless such access is​ eliminated prior to​ the employee’s termination, it​ is​ possible that a​ terminated or​ disgruntled employee may access the network and​ do great damage.
A better solution​ is​ to​ restrict the employee’s complete access privileges, both local and​ remote .​
The employee is​ then notified of​ management’s knowledge of​ the situation​ and​ given an​ opportunity to​ cooperate to​ minimize the damage .​
if​ the situation​ involves criminal matters, especially if​ financial or​ medical records have been compromised, a​ good decision​ is​ to​ involve law enforcement as​ early as​ possible .​
Electronic criminals frequently disappear and​ destroy all evidence of​ their activities.
3 .​
is​ it​ possible that deleted or​ hidden files may play an​ important role in​ this​ case?
There are three ways to​ collect electronic files for​ discovery:
* Forensically ะ as​ described in​ the sidebar
* Semi-forensically ะ using non-validated methods and​ applications to​ capture files
* Non-forensically using simple cut and- paste copy methods to​ move copies of​ files from one location​ to​ another .​
These methods do not include hashing files to​ ensure the files have not changed, which involves using a​ hash algorithm to​ create a​ mathematical fingerprint of​ one or​ more files that will change if​ any change is​ made to​ the collection.
for​ some matters, the content of​ electronic documents is​ all that matters .​
The context of​ the files ะ who created them, how they are kept, how they have been accessed, if​ they have been changed or​ deleted ะ is​ not as​ important.
for​ other cases, contextual information, including finding deleted files, is​ vital and​ requires a​ forensic collection​ .​
this​ includes
* Ensuring legal search authority of​ the data
* Documenting chain​ of​ custody
* Creating a​ forensic copy using validated forensic tools that create hash records
* Using repeatable processes to​ examine and​ analyze the data
* Creating a​ scientific report of​ any findings
Determining the value of​ electronic forensic file collection​ must be done prior to​ any data being captured .​
Once semi- or​ non-forensic methods have been used, it​ is​ impossible to​ return records to​ their original states.
4 .​
Are backup tapes part of​ an​ active collection?
Some cases involve historical issues, making the method of​ handling computer backups important to​ address immediately.
Most businesses use a​ schedule of​ rotating their backup media .​
for​ example, in​ a​ four-week rotation, daily backups are done for​ a​ week and​ then those tapes (or drives) are taken offsite for​ storage .​
a​ new set of​ media is​ used for​ the second, third, and​ fourth weeks, and​ then those three tapes are stored offsite .​
on​ the fifth week, the tapes/drives from the first week are reused .​
this​ process is​ done for​ financial reasons, as​ it​ is​ extremely cost-efficient.
Backup tapes may become part of​ the active information​ required to​ be kept under a​ litigation​ hold .​
this​ requires cessation​ of​ any rotation​ schedule, and​ the 2018 amendments to​ the FRCP make it​ critical for​ the legal team to​ convey that information​ to​ the technology employees responsible for​ business continuity processes.




You Might Also Like:




No comments:

Powered by Blogger.