Emerging Tech

What every IT manager should know about e-discovery

The key to surviving e-discovery requests is preparation based on knowledge of what is expected, what is considered reasonable, when asked to locate and provide electronically stored information.

Electronically stored information (ESI) presents increasingly expensive challenges to organizations faced with legal discovery requests. Initially, courts were willing to accept most claims that costs of finding and producing ESI was too high, too onerous, for the responding party. However, recent decisions in Federal courts, as well as changes to the Federal Rules of Civil Procedure, reflect a shift toward holding respondents-the providers of information requested during discovery-responsible to pay for producing ESI. This responsibility is based on the assumption that a reasonable IT manager understands the need for knowing where his or her organization's information is kept, whether it should be accessible during discovery, how to provide an environment in which documents and other information can be easily placed and kept on "legal hold", and the how to implement and use the tools necessary to provide them on demand. This is the first in a series of articles in which I'll explore these issues.

In Part 1, I look at the history of discovery and how we arrived at the current state of ESI discovery management. In the Part 2, I'll walk through various approaches to mitigating ESI discovery risk and the risk to organizations who fail to do anything until served with a litigation-related request. Electronic messaging and content monitoring/filtering solutions are the topics for Parts 3 and 4. Finally, in Part 5, I discuss the most important element of successful discovery management-employees, the creators and users of information.

This is a big topic, so let's get started.

History of Discovery challenges

Before we dive into the particulars of discovery, we should settle on a definition, one that we'll apply throughout this series. The following is taken from Law.com:

"[Discovery is] the entire efforts of a party to a lawsuit and his/her/its attorneys to obtain information before trial through demands for production of documents, depositions of parties and potential witnesses, written interrogatories (questions and answers written under oath), written requests for admissions of fact, examination of the scene and the petitions and motions employed to enforce discovery rights. The theory of broad rights of discovery is that all parties will go to trial with as much knowledge as possible and that neither party should be able to keep secrets from the other (except for constitutional protection against self-incrimination). Often much of the fight between the two sides in a suit takes place during the discovery period."

For our purposes, this is translated as the right of the plaintiff (the person seeking damages) to request of the defendant (referred to as the respondent throughout this series) any information, in any format, related to the case. In the past, this was pretty straightforward.

Before the computer (yes, some of us were actually alive back then), the respondent sent clerical personnel to one or more filing cabinets or storage boxes to retrieve paper-based ledgers, marketing plans, engineering drawings, memos, letters, and any other document deemed relevant and appropriate. The reason I say this was straightforward is because most managers of that era knew where the records were stored. They did, however, face basic discovery challenges: what to keep, where to keep it, and how to prevent unwanted destruction or alteration.

As time passed, mainframe and minicomputers became commonplace. Although many former paper records were now electronic, they were still housed in a central location, accessed by terminals without storage capabilities. However, challenges associated with maintaining electronic data relevant to a legal hold, and assurances that the ESI had not been altered in any way, began to arise. These were similar to maintaining paper, but the potential for accidental or willful destruction or alteration was greater.

Soon, the now ubiquitous personal computer appeared on desktops. Connected to local and wide area networks, these devices became the primary tool used to conduct business-and to process and store information. The single centralized mainframe was replaced by multiple servers, which are actually nothing more than specialized microcomputers. Business information, contained in word processing documents, spreadsheets, and email began to find its way into a plethora of storage locations. Many of which were unknown to managers and potentially outside the control of IT personnel responding to discovery requests. Although this is where most organizations find themselves today, struggling to locate and provide requested information within reasonable financial boundaries, the courts tend to be more sympathetic when it is clear organizations have practiced due diligence.

The legal climate

Most judges try to avoid placing unreasonable burden on respondents. In some cases, cost of discovery is shifted to the plaintiff. Deciding how much information is enough, how much discovery cost is reasonable, and who should pay for it requires balancing justice with reasonableness. In a landmark electronic discovery case, Zubulake v. UBS Warburg, U.S. District Judge Shira A. Scheindlin described it in this way:

"The more information there is to discover, the more expensive it is to discover all the relevant information until, in the end, ‘discovery is not just about uncovering the truth, but also about how much of the truth the parties can afford to disinter.'"

In addition to locating and retrieving information, organizations have a legal responsibility to protect all relevant information from spoliation as soon as it is evident that legal action may take place. Spoliation is defined as "the deliberate or inadvertent modification, loss or destruction of evidence by a party who has been put on notice of litigation but has failed to take appropriate steps to preserve potentially relevant data" (Commonwealth Legal, 2008). Again, actual filings do not have to exist, only the conditions that would lead a reasonable person to believe they are immanent. I'll discuss a list of safeguards to help prevent spoliation later in this series.

The final word

It's taken years from the advent of ESI to successfully address the new challenges it presents to managers, IT staff, and attorneys. Further, Federal, state, and local statutes and courts don't always agree on what is "fair." During the rest of this series on e-discovery, I'll use the Zubulake decision and the Federal Rules of Civil Procedure to form the basis for my recommendations. However, I'm not suggesting these recommendations encompass all considerations within your legal jurisdiction. When in doubt, consult an attorney.

In the next blog, I'll discuss costs, cost-shifting, what data are considered accessible and inaccessible during discovery, general expectations of the Federal courts, and tools that help reduce discovery-related risks and resources.

About

Tom is a security researcher for the InfoSec Institute and an IT professional with over 30 years of experience. He has written three books, Just Enough Security, Microsoft Virtualization, and Enterprise Security: A Practitioner's Guide (to be publish...

0 comments

Editor's Picks