E-Discovery Technology Considerations Presented by: Dave Howard Oregon Department of Justice Deputy CIO
Topics E-Discovery Process Overview Sources of Electronically Stored Information (ESI) Data Maps Backups Metadata Social Networking/Web 2.0 Responding to a Request for Production Resources
http://www.edrm.net
EDRM Stage Descriptions Information Management Getting your electronic house in order to mitigate risk & expenses should electronic discovery become an issue, from initial creation of electronically stored information through its final disposition. Records Management, Data Map, etc. Identification Locating potential sources of ESI & determining its scope, breadth & depth. Preservation (aka Legal/Litigation Hold) Ensuring that ESI is protected against inappropriate alteration or destruction. Collection Gathering ESI for further use in the electronic discovery process (processing, review, etc.).
EDRM Stage Descriptions Processing Reducing the volume of ESI and converting it, if necessary, to forms more suitable for review & analysis. Review Evaluating ESI for relevance & privilege. Analysis Evaluating ESI for content & context, including key patterns, topics, people & discussion. Production Delivering ESI to others in appropriate forms & using appropriate delivery mechanisms. Presentation Displaying ESI before audiences (at depositions, hearings, trials, etc.), especially in native & near-native forms, to attempt to persuade or elicit further information.
Litigation Hold Notice A Litigation Hold has been issued for the matter described above pursuant to Department Policy. You may have possession, custody, or control of documents and other information, including electronically-stored information (ESI), that relate to this matter. DO NOT DELETE, ALTER OR DESTROY any documents, email, or other ESI related to this matter until further notice. Please notify <agency contact> if you think you may have any documents, email, or other ESI that is subject to this Litigation Hold.
Sources of ESI E-Mail Sources Server (Exchange, GroupWise, Lotus, etc) PST (Outlook Personal Store typically stored on PC or file server) OST (Outlook Off-line store duplicate of Exchange mailbox stored on PC/Laptop) Archive (PST, usually stored on local PC, that Outlook uses to automatically archive e-mail, calendar and other events) MSG (message file stored out of e-mail system as regular file on PC or server file share) Blackberry E-Mail components Message Calendar Tasks Contacts
Sources of ESI Agency Document Management (DM) or Electronic Records Management System (ERMS) e.g. Opentext, Filenet, Sharepoint, others File Servers Individual/Group/Public file shares Application Servers Possible sources of data in application servers are as numerous as the applications running on them. Databases (e.g. personnel database, helpdesk system, etc) GIS Web Services (internal & external) Content of web sites (including Intranet) Wikis/Blogs/Forums Collaboration Services (e.g. SharePoint) Social networking (e.g. Govspace, Facebook, MySpace, LinkedIn)
Sources of ESI PC/Laptop (work and/or personal, dedicated and/or shared) ESI stored on C: drive Some PC s have multiple hard drives or partitions on a single hard drive. Some have a special partition to save images of C: drive for recovery purposes. Is potentially discoverable information transferred from work to home? (via thumb drive, e-mail, CD/DVD, personal laptop, etc) Portable storage devices/media (business and/or personal) Thumb drive Portable USB drive (some up to 1 terabyte) ipod DVD/CD Media cards (e.g. SD card) PDA (Blackberry, cell phone) Business and/or personal E-mail, calendar, contacts Text Messages
You think it may be too obscure? In Minaya v. Duane Reade a New York State appellate court upheld sanctions resulting from the failure of defendant to preserve video recordings of a stairway that may have shown the condition of the stairs prior to plaintiff's fall and may have even recorded plaintiff's fall.
Sources of ESI Security Systems Log on/off records Internet use logs Firewall logs Keycard access system logs Security System Video Legacy Storage Media Floppy disks Tapes Other data sources & considerations Voicemail (VOIP/Unified Messaging implications) Digital Cameras Multi-Function Copiers Instant Messaging (LAN & Blackberry) SaaS (Software as a Service)
Legislation HB3271 (eff January 1, 2010) Part of language changes to ORS 166.065 (Harassment) include: (5) As used in this section, 'electronic threat' means a threat conveyed by electronic mail, the Internet, a telephone text message or any other transmission of information by wire, radio, optical cable, cellular system, electromagnetic system or other similar means.
Data Maps A Data Map provides legal and IT departments with a guide to the employees, processes, technology, types of data, and business areas, along with the physical and virtual location of data throughout the organization. It is a detailed representation or map of electronically stored information within an organization. It typically includes: Relevant information systems, with scope, character, organization, and formats employed in each system; and any limitations of accessibility. A description of the retention policies. Likely data custodians. Don t look for an example..
Backups One of the most complex issues (at least from the IT perspective) around e-discovery. Backup vs. Archive: An archive is an actively managed set of information kept as a business record when needed and disposed of when not. Backups are designed for near term disaster recovery and not long term preservation. Many organizations treat backups as an archive. Direction is often unclear about what backups to retain in a litigation hold. Hold the backup tapes Expectations often unrealistic about what can be retrieved from backups. Cost is a big factor in retaining backups. A medium-sized agency could easily spend $2500-$3000/month on backup tapes due to one legal hold.
Not reasonably accessible data The Federal Rules do not define not reasonably accessible other than to caution that it turns on the presence or absence of undue burden or cost. Under the emerging case law at the time of the 2006 Amendments, there was a reasonable consensus, as outlined in the introductory remarks in the 2005 Advisory Committee Report, that the following data types were often deemed not to be reasonably accessible without undue burden or cost: information on databases whose retrieval cannot be quickly accomplished because the database software is not capable of extracting the information sought without substantial additional programming; information stored on media that must be transformed into another form before search and retrieval can be achieved; deleted information whose fragments remain only accessible by forensics; and legacy data remaining from obsolete systems that is unintelligible on successor systems. ** The Sedona Conference Commentary on Preservation, Management and Identification of Sources of Information that are Not Reasonably Accessible (July, 2008)
Metadata Data about data Data typically stored electronically that describes characteristics of ESI, found in different places in different forms. Can be supplied by applications, users or the file system. Metadata can describe how, when and by whom ESI was collected, created, accessed, modified and how it is formatted. Can be altered intentionally or inadvertently. Certain metadata can be extracted when native files are processed for litigation. Some metadata, such as file dates and sizes, can easily be seen by users; other metadata can be hidden or embedded and unavailable to computer users who are not technically adept. Metadata is generally not reproduced in full form when a document is printed to paper or electronic image. The Sedona Conference Glossary (Second Edition) http://www.thesedonaconference.org/content/miscfiles/tscglossary_12_07.pdf
Metadata Examples System Metadata Create/Modify Date, Document creator, etc. System-generated information out of the control of users MS Office documents Various file property fields (see File/Properties) Macro or VB Script comments Notes in a PowerPoint presentation E-mail To/From/CC: Send/receive date Receipt/read acknowledgement Word document Comments Tracked changes Excel Spreadsheet Formulas Cell comments
Social Networking Sites Facebook, MySpace, LinkedIn, Twitter, Yammer, Ning, Google Docs, The Blogosphere
Social Networking in State Gov. Just a quick search reveals: Secretary of State (Facebook, Twitter) Transportation (Facebook, Twitter, YouTube) Fish & Wildlife (Facebook, YouTube, Twitter) Parks & Rec (Facebook) Forestry (YouTube) DHS (YouTube)
Social Networking Management and Policy Considerations Ensure that social networking access is addressed in your acceptable use policy. Workflows need to ensure that relevant social media transactions are recoverable as public records OR for discovery purposes. Develop staff training on network and data risks associated with social networking activities. Clearly identify ownership of content. Clearly identify responsibility for records/archival management.
Responding to a Request For Production What is to be actually produced will be determined by counsel. Format to be produced in will also be determined, though typically agency will provide data in native format. Be careful to preserve relevant system metadata. Consider chain-of-custody in producing and handling ESI. May be addressed in deposition. Do you understand what you re being asked for? Does it make sense? Ask questions! Do they understand what you are giving them?
How Can I.T. Help? Involvement in the process Translation Expertise on agency IT systems and data Work with legal counsel Advice Awareness/Education
Resources The Sedona Conference http://www.thesedonaconference.org E-Discovery Reference Model http://www.edrm.net Craig Ball Helping Lawyers Master Technology http://www.craigball.com/ Fios Inc. e-discovery Knowledge Center http://www.fiosinc.com/e-discovery-knowledge-center/ The universal tool: http://www.google.com
Questions? Contact Information: Dave Howard Oregon Department of Justice dave.howard@doj.state.or.us