Today's explosion of electronic data, coupled with the December 2006 amendments to the Federal Rules of Civil Procedure (FRCP) concerning electronically stored information (ESI), requires information and legal professionals to expand their knowledge about handling electronic discovery.
The recent changes to the FRCP include:
* Definitions and safe harbor provisions for the routine alterations of electronic files during routine operations such as back ups [Amended Rule 37(f)]
* Information about how to deal with data that is not reasonably accessible [Amended Rule 26(b)(2)(B)]
* How to deal with inadvertently produced privileged material [Amended Rule 26(b)(5)]
* ESI preservation responsibilities and the pre-trial conference. [Amended Rule 26(f)]
* Electronic file production requests [Amended Rules 33(d), 34, 26(f)(3), 34(b)(iii)]
There are many opinions about how ESI should be planned for, managed, organized, stored, and retrieved. Some of the available options are extremely costly in terms of their required financial and time commitments.
Constantly changing technologies only add to the confusion. One area of confusion is the distinction between computer forensics and electronic discovery; there is a significant difference. These are described in the sidebar "Computer Forensics vs. Electronic Discovery."
Making the Right Choices
Successfully responding to e-discovery within the constraints of the amended FRCP requires organizations to make many critical decisions that will affect the collection and processing of ESI.
The following questions need immediate answers:
1. Are e-mail files part of this project? If so, do any key people maintain an Internet e-mail account, in addition to their corporate accounts?
The sheer volume of transactions for large e-mail providers prohibits the storage of massive amounts of mail files. Many Internet e-mail account providers, such as AOL, BellSouth, and Comcast, retain their e-mail logs 11o longer than 30 days. If a case could potentially require the exploration of e-mail from Internet accounts, the discovery team must expeditiously request the records, or they may be gone forever. This usually requires a subpoena. In rare cases, fragments of Internet e-mail may be recovered forensically from an individual's hard drive.
2. Is there any chance illegal activity may be discovered?
Many cases involving electronic data uncover wrongdoings. These situations may involve a member of the technology department or a highly technical employee. In these cases, an organization's first inclination may be to terminate the employee(s) involved and determine the extent of any damage prior to notifying law enforcement agencies.
This may be exactly the WRONG thing to do. If the wrongdoing is by a technical person, there is a chance that he or she is the only person who knows how to access the files, find the problem, or fix it. This is often the person who knows the passwords for mission-critical applications. The technical employee usually has the ability to work and access company files remotely. Unless such access is eliminated prior to the employee's termination, it is possible that a terminated or disgruntled employee may access the network and do great damage.
A better solution is to restrict the employee's complete access privileges, both local and remote. The employee is then notified of management's knowledge of the situation and given an opportunity to cooperate to minimize the damage. If the situation involves criminal matters, especially if financial or medical records have been compromised, a good decision is to involve law enforcement as early as possible. Electronic criminals frequently disappear and destroy all evidence of their activities.
3. Is it possible that deleted or hidden files may play an important role in this case? …