E-Discovery Technology Considerations

E-Discovery

Technology Considerations

Presented by:

Dave Howard

Topics



E-Discovery Process Overview



Sources of Electronically Stored Information (ESI)

Data Maps



Backups

Metadata



Social Networking/Web 2.0

EDRM – Stage Descriptions

Information Management

“Getting your electronic house in order” to mitigate risk &

expenses should electronic discovery become an issue, from initial creation of electronically stored information through its final disposition. Records Management, Data Map, etc.

Identification

Locating potential sources of ESI & determining its scope, breadth & depth.

Preservation (aka Legal/Litigation Hold)

Ensuring that ESI is protected against inappropriate alteration or destruction.

Collection

EDRM – Stage Descriptions

Processing

Reducing the volume of ESI and converting it, if necessary, to forms more suitable for review & analysis.

Review

Evaluating ESI for relevance & privilege.

Analysis

Evaluating ESI for content & context, including key patterns, topics, people & discussion.

Production

Delivering ESI to others in appropriate forms & using appropriate delivery mechanisms.

Presentation

Litigation Hold Notice

A Litigation Hold has been issued for the matter described above pursuant to Department Policy. You may have

possession, custody, or control of documents and other

information, including electronically-stored information (ESI), that relate to this matter. DO NOT DELETE, ALTER OR

DESTROY any documents, email, or other ESI related to this matter until further notice. Please notify <agency

Sources of ESI

 _{E-Mail Sources}

 _{Server (Exchange, GroupWise, Lotus, etc)}

 _{PST (Outlook Personal Store – typically stored on PC or file}

server)

 _{OST (Outlook Off-line store – duplicate of Exchange mailbox}

stored on PC/Laptop)

 Archive (PST, usually stored on local PC, that Outlook uses to

automatically archive e-mail, calendar and other events)

 MSG (message file stored out of e-mail system as regular file on

PC or server file share)

Sources of ESI

 _{Agency Document Management (DM) or Electronic Records}

Management System (ERMS)

 _{e.g. Opentext, Filenet, Sharepoint, others}  _{File Servers}

 _{Individual/Group/Public file shares}  _{Application Servers}

 _{Possible sources of data in application servers are as numerous}

as the applications running on them.

 Databases (e.g. personnel database, helpdesk system, etc)  GIS

 Web Services (internal & external)

 Content of web sites (including Intranet)  Wikis/Blogs/Forums

 Collaboration Services (e.g. SharePoint)

 Social networking (e.g. Govspace, Facebook, MySpace,

Sources of ESI

 _{PC/Laptop (work and/or personal, dedicated and/or shared)}  _{ESI stored on “C:” drive}

 _{Some PC’s have multiple hard drives or partitions on a single}

hard drive. Some have a special partition to save images of C: drive for recovery purposes.

 Is potentially discoverable information transferred from work to

home? (via thumb drive, e-mail, CD/DVD, personal laptop, etc)

 Portable storage devices/media (business and/or personal)  Thumb drive

 Portable USB drive (some up to 1 terabyte)  iPod

 DVD/CD

 Media cards (e.g. SD card)  PDA (Blackberry, cell phone)

You think it may be too

obscure?

In Minaya v. Duane Reade a New York State

Sources of ESI

 _{Security Systems}

 _{Log on/off records}  _{Internet use logs}  _{Firewall logs}

 _{Keycard access system logs}  _{Security System Video}

 _{Legacy Storage Media}  _{Floppy disks}

 _Tapes

 _{Other data sources & considerations}

 _{Voicemail (VOIP/Unified Messaging implications)}  _{Digital Cameras}

 _{Multi-Function Copiers}

Legislation

HB3271 (eff January 1, 2010)

Part of language changes to ORS 166.065

(Harassment) include:

(5) As used in this section, 'electronic threat' means

a threat conveyed by electronic mail, the Internet,

a telephone text message or any other transmission

of information by wire, radio, optical cable,

Data Maps

 A Data Map provides legal and IT departments with a guide to

the employees, processes, technology, types of data, and business areas, along with the physical and virtual location of data throughout the organization.

 It is a detailed representation or “map” of electronically stored

information within an organization. It typically includes:

 Relevant information systems, with scope, character,

organization, and formats employed in each system; and any limitations of accessibility.

 _{A description of the retention policies.}  _{Likely data custodians.}

Backups

 One of the most complex issues (at least from the IT perspective) around e-Discovery.

 Backup vs. Archive:

 An archive is an actively managed set of information kept as a business record when needed and disposed of when not.

 Backups are designed for near term disaster recovery and not long term preservation.

 Many organizations treat backups as an archive.

 Direction is often unclear about what backups to retain in a litigation hold.  “Hold the backup tapes”

 Expectations often unrealistic about what can be retrieved from backups.  Cost is a big factor in retaining backups. A medium-sized agency could

“Not reasonably accessible data”

The Federal Rules do not define “not reasonably accessible” other than to caution that it turns on the presence or absence of “undue burden or cost.” Under the emerging case law at the time of the 2006 Amendments, there was a reasonable consensus, as outlined in the introductory remarks in the 2005 Advisory Committee Report, that the following data types were often deemed not to be reasonably accessible without undue burden or cost:

 information on databases whose retrieval cannot be quickly accomplished because the database software is not capable of extracting the information sought without substantial additional programming;

 information stored on media that must be transformed into another form before search and retrieval can be achieved;

 deleted information whose fragments remain only accessible by

forensics; and

 legacy data remaining from obsolete systems that is unintelligible on successor systems.

Metadata

“Data about data”

“Data typically stored electronically that describes characteristics of ESI, found in different places in different forms. Can be supplied by applications, users or the file system. Metadata can describe how, when and by whom ESI was collected, created, accessed, modified and how it is formatted. Can be altered intentionally or inadvertently. Certain metadata can be extracted when native files are processed for litigation. Some metadata, such as file dates and sizes, can easily be seen by users; other metadata can be hidden or embedded and unavailable to computer users who are not technically adept. Metadata is generally not reproduced in full form when a document is printed to paper or electronic image.”

The Sedona Conference Glossary (Second Edition)

Metadata Examples

 _{System Metadata – Create/Modify Date, Document creator, etc.}  _{System-generated information out of the control of users}  _{MS Office documents}

 _{Various file property fields (see File/Properties)}  _{Macro or VB Script comments}

Social Networking Sites

Facebook, MySpace, LinkedIn,

Twitter, Yammer, Ning,

Social Networking in State

Gov.



_{Secretary of State (Facebook, Twitter)}



_{Transportation (Facebook, Twitter, YouTube)}

_{Fish & Wildlife (Facebook, YouTube, Twitter)}

Parks & Rec (Facebook)



Forestry (YouTube)



_{DHS (YouTube)}

Social Networking

–

Management and Policy Considerations



Ensure that social networking access is addressed

in your acceptable use policy.



Workflows need to ensure that relevant social media

transactions are recoverable as public records OR

for discovery purposes.



Develop staff training on network and data risks

associated with social networking activities.



Clearly identify ownership of content.



Clearly identify responsibility for records/archival

Responding to a

Request For Production



What is to be actually produced will be determined by

counsel.



Format to be produced in will also be determined, though

typically agency will provide data in native format.



Be careful to preserve relevant system metadata.



Consider chain-of-custody in producing and handling ESI.

May be addressed in deposition.



Do you understand what you’re being asked for?

Does it make sense? Ask questions!

How Can I.T. Help?



Involvement in the process



Translation



Expertise on agency IT systems and data



Work with legal counsel



_Advice

Resources



The Sedona Conference

http://www.thesedonaconference.org



E-Discovery Reference Model

http://www.edrm.net



Craig Ball

http://www.craigball.com/



Fios Inc. e-Discovery Knowledge Center

http://www.fiosinc.com/e-discovery-knowledge-center/



The universal tool:

http://www.google.com

Questions?

Contact Information:

Dave Howard

Oregon Department of Justice