Responding to an e-discovery request carries with it several important responsibilities including securing potentially responsive data (otherwise known as a litigation hold) as soon as possible.

When a lawsuit is filed (or even anticipated), all potentially relevant data needs to be found and secured under a litigation hold. The litigation hold includes protecting that data (including all metadata), as well as content and associated files (email attachments), from inadvertent deletion or alteration.

Another responsibility is to ensure data remains in its original state, including all metadata, once the litigation hold has been placed. These and other responsibilities are laid out in the Federal Rules of Civil Procedure (FRCP)—and should not be taken lightly.

Preventing potentially relevant data from being changed, lost, or deleted is a major challenge for companies who do not actively manage all their electronically stored information (ESI). Many companies only manage what they consider to be “records”—content that needs to be retained due to regulatory requirements or is needed for continued business operations. However, only about 5 percent of all enterprise ESI is considered a record, which means 95 percent of a company's data is not managed, or if it is, it's managed by individual employees—which in most cases means it not managed at all.

Chain of Custody and Data Fidelity

Guaranteeing the chain of custody (CoC) of evidence is another important requirement when responding to an e-discovery request. CoC is meant to prove that the evidence (or ESI) has remained in substantially the same condition from the moment one person took possession until the moment that person released the evidence into the custody of another. This means that if originality of the evidence is called into question, the producing party must show a documented history of direct management and protection.

CoC is especially challenging when working with large datasets (hundreds of gigabytes or terabytes) that must be searched, collected, protected, culled, and reviewed for e-discovery response. For example, corporate legal must regularly search (with the help of IT professionals) tens, hundreds, or even thousands of data repositories (including employee data storage devices) looking for relevant content. It is key to ensure that data collectors do not inadvertently alter the data, for example changing metadata by simply accessing it.

When responding to e-discovery, it is important to understand the various processes involved in creating, managing and moving data around a modern enterprise and how these actions can inadvertently alter the data fidelity of a potentially relevant file. In litigation, data fidelity is defined as the measure of similarity to the data's original state. In other words, if the data fidelity of a given file is 100 percent, then that data is said to be original or unaltered. The litigation hold/e-discovery process carries with it the requirement that all potentially relevant data is not altered in any way after the litigation hold responsibility arises.

Data Migrations and Data Defensibility

Migrating large data sets to another location during litigation can be risky. However, in many cases companies do not have a choice. For example, many companies are in the process of migrating their on-premises email archiving systems to Office 365 or Azure. For many large organizations, e-discovery is a regular occurrence and if allowed, could stop all projects from ever completing.

Many migration solution providers will tell you that chain of custody reporting is all that is needed to ensure legal defensibility. However, they will not mention that they potentially convert, alter, or intentionally delete file properties. This would include metadata, which puts the administrator at greater risk of a spoliation charge. During data migration, both chain of custody and data fidelity are required to prove legal defensibility.

Before migrating any ESI, including email archiving systems, file systems, databases, etc., one should take two actions:

1. Talk to general counsel or outside legal counsel and get a written legal opinion that the planned data migration can go forward, including specific aspects to look out for.

2. Talk to a migration services provider and ensure their processes support both CoC and data fidelity so as not put the company or administrator at risk of legal non-compliance.

When conducting these processes, seek a company that leads in migrating ESI in a legally defensible manner. Ensure the support organization's solutions operate at the object-level to onboard, validate, and manage all data including metadata and email stubs, no matter where it resides, in a legally defensible manner. Demand solutions that enable the administrators to seamlessly migrate data in a matter of hours and days, rather than weeks or months. Never copy data to third-party servers for assurance that the data is only stored in a protected repository.

 

Bill Tolson serves as vice president for Archive360 and is focused on the archiving, migration, governance, regulatory compliance and cloud-based storage of data. Bill has extensive experience in e-discovery and archiving/information governance from both a marketing and customer perspective.