IT teams are the unsung heroes of litigation, spending many hours searching for relevant electronically stored information (ESI), helping the legal team “herd cats” to ensure that custodians respond to litigation holds, and preparing massive files for both review and production phases. Having spent time with many legal and IT teams across North America and Canada, I’ve compiled a few best practices after some discussion with my recent webinar co-presenter and former colleague, Carl Wong, who’s an adjunct professor in forensic computing at the John Jay College of Criminal Justice.
#1 – Bring Preservation and Collection In-House
Lowering costs relative to both software and a streamlined collection process are big benefits, but not the only ones. No one understands your IT landscape better than you do, and it makes sense for you to be the drivers of a repeatable and defensible process that’s part of a total response plan. Bringing the oversight of the process in-house doesn’t mean your team has to do all the work, but rather that you should have control over the process for greater efficiency and lower risk.
#2 – Avoid Custodian Self-Collection
Let’s face it: custodians as a group have not proven to be very good at identifying and preserving the ESI that the legal team needs. In fact, a court may view custodian self-collection as an unlawful “outsourcing” of the preservation process. In general, letting custodians perform their own collection makes the process less defensible in court for your legal team and less reliable overall. The teams I’ve worked with have seen greater efficiency and far more thorough results by using e-discovery software like EnCase eDiscovery to manage the legal hold and preservation process.
This one is especially beneficial if put into practice because it turns out that 80 to 90 percent of the legal risk in e-discovery occurs at the preservation stage. What your legal team has to stand ready to prove to the court is that they met the “reasonableness standard” by:
What your legal team wants more than anything is to be able to start working on their case strategy ASAP, which means they need to get their hands on the relevant ESI the second you can get it to them. To help them get it faster and to save enormously on your staff time and costs, my clients and I have found that two things help in a big way:
#1 – Bring Preservation and Collection In-House
Lowering costs relative to both software and a streamlined collection process are big benefits, but not the only ones. No one understands your IT landscape better than you do, and it makes sense for you to be the drivers of a repeatable and defensible process that’s part of a total response plan. Bringing the oversight of the process in-house doesn’t mean your team has to do all the work, but rather that you should have control over the process for greater efficiency and lower risk.
#2 – Avoid Custodian Self-Collection
Let’s face it: custodians as a group have not proven to be very good at identifying and preserving the ESI that the legal team needs. In fact, a court may view custodian self-collection as an unlawful “outsourcing” of the preservation process. In general, letting custodians perform their own collection makes the process less defensible in court for your legal team and less reliable overall. The teams I’ve worked with have seen greater efficiency and far more thorough results by using e-discovery software like EnCase eDiscovery to manage the legal hold and preservation process.
#3 – Preserve
Relevant ESI from All Potential Data Sources ASAP
This one is especially beneficial if put into practice because it turns out that 80 to 90 percent of the legal risk in e-discovery occurs at the preservation stage. What your legal team has to stand ready to prove to the court is that they met the “reasonableness standard” by:
- Identifying the sources of relevant ESI
- Notifying the custodians of relevant ESI that they should not delete or change it
- Taking steps to preserve that ESI in a way that protects it and proves chain of custody
Having a data map showing where all key types of data are
stored on your network and endpoints is extremely helpful. It’s also important
to be aware of cross-border data accessibility issues, as collecting data from
foreign countries can present a host of legal and logistical issues. This is
something to collaborate on with your legal team, who are likely to be highly
motivated to help prevent privacy-related problems.
#4 – Perform a True Early Case Assessment—Before Collection
What your legal team wants more than anything is to be able to start working on their case strategy ASAP, which means they need to get their hands on the relevant ESI the second you can get it to them. To help them get it faster and to save enormously on your staff time and costs, my clients and I have found that two things help in a big way:
- “Right-size” your discovery efforts by estimating the collection of data volumes, knowing in advance the file types of the documents you typically collect for litigation, which keywords are most effective for searching, and the relevant date ranges. Also be sure that you can account for the possibility of “inaccessible” or “missing” data ahead of time.
- Perform a limited initial collection and processing of ESI for a select group of key custodians to support an argument by your legal team to restrict the scope of discovery. If you can document your research and sampling efforts along with budget projections, your inside counsel can counter their opposing counsel’s overly broad production demands.
#5 – Collect ESI Based on Search Criteria Optimized for Each Case
There is a better way to collect and preserve data, and that’s by optimizing search criteria for each case by conferring with your legal team. To begin with, it’s important to consider documents and e-mails to be separate items. Why is that? Because of the metadata. A document does not have a “From” field. An email is not going to have an MDF or SHA1 hash value and so is not considered a file. Secondly, if you can safely exclude backup (.bak) files or executable (.exe) files, for example, that can help pare down the collection criteria for all cases.
There is a better way to collect and preserve data, and that’s by optimizing search criteria for each case by conferring with your legal team. To begin with, it’s important to consider documents and e-mails to be separate items. Why is that? Because of the metadata. A document does not have a “From” field. An email is not going to have an MDF or SHA1 hash value and so is not considered a file. Secondly, if you can safely exclude backup (.bak) files or executable (.exe) files, for example, that can help pare down the collection criteria for all cases.
EnCase eDiscovery offers simple questionnaires that will
help in developing collection criteria that can be captured for reuse in
templates. It also makes it easy to incorporate more best practices related to
the organization, automation, and searching of data sets.
After years of work with IT and legal teams on e-discovery,
these are a few of the best practices that can prevent each new notice of
litigation for your organization from becoming an instant nightmare in which
you are constantly reinventing the wheel with collection and preservation.
Have You Incorporated
Other Best Practices? I welcome discussion in the Comments section below. And if you'd like to see the webinar recording, you can do so 24/7/365 right here.
Jason Pickens is an EnCE®- and EnCEP®-certified principal consultant at Guidance Software and performs e-discovery and digital forensics work alongside many in-house teams inside Fortune 500 companies.
Jason Pickens is an EnCE®- and EnCEP®-certified principal consultant at Guidance Software and performs e-discovery and digital forensics work alongside many in-house teams inside Fortune 500 companies.
No comments :
Post a Comment