Forensic, General & Medical
Expert Witnesses

E-Discovery: Small Steps That Can Yield Great Savings


     By Interhack Corporation Computer Forensic Expert Witness: Data Breach, Information Security, Cybersecurity

PhoneCall Christopher F. Shiflet, J.D. at (614) 545-4225


Expert Witness: Interhack Corporation
Over the past few years, e-discovery has grown from a little mentioned, often avoided aspect of litigation into a core component that can make or break a case. It first gained widespread attention in the Zubulake and Morgan Stanley cases, and was thrust into the spotlight late in 2006 by changes to the Federal Rules of Civil Procedure that specifically targeted discovery of electronically stored information (ESI).
Amid all these recent changes to the law, civil litigants have little precedent to guide them, and their discovery problems are compounded by tremendous growth in the amount of information created. How can attorneys help their clients cope?

The Problem

While it is true that discovery requests are often broad and at times burdensome, no single e-discovery is the problem. The real problem is with the way information is managed. Imagine a simple request for production that involves only paper documents from a business client. Most attorneys are comfortable with this sort of discovery. Custodians likely to possess relevant documents are identified, along with storage locations where other relevant documents might be found. Documents from these sources are rounded up, reviewed, and produced. Simple, right? But what if this same company issued each employee a bank of filing drawers that filled their entire office as well as several filing drawers in a public filing room? What if employees routinely made copies of documents they received from their peers and filed them haphazardly in their office filing, public filing or both? What if "filing" a document meant nothing more than placing it in a drawer without any particular order? Suddenly, discovery becomes vastly more complicated. Next let's assume that all of these employees also sent between twenty and fifty memos to others throughout the day, but kept a copy of each memo sent as well as copies of all memos received. Oh, by the way---these memos frequently have multiple page documents enclosed.

Sadly, this paper-based analogy is a fair representation of the way ESI is managed within businesses today. The computer sitting at each employee's desk can store a phenomenal amount of information, far greater than a bank of filing drawers in an office. Corporations often have personal network shares available to their employees as well. Finally, it is not at all uncommon for an employee to send and receive well over twenty emails in a given day. It would not be surprising if some readers handle ten times that amount. Even taking into account all of the foregoing ESI, a business may still have a plethora of information on Web sites, databases, Wikis, forums, instant messaging services, BlackBerry servers, and elsewhere. With so much information, it is vital to understand, organize, and control it so that discovery can be approached systematically and accomplished efficiently.

Information Management: Document Retention Policies

One of the keys to organizing and controlling business information is establishing a document retention policy that encompasses all of an enterprise's information, including ESI. Any reduction in the overall information a business retains decreases the universe of information that may be responsive in a particular discovery. Consequently, information should be retained only as long as it remains useful. The useful life of different documents within an enterprise is driven largely by business and regulatory requirements. Regulated fields such as health care and banking must comply with retention periods specified in applicable laws. Beyond these regulatory requirements, business needs will dictate how long a given document needs to be retained.

Equally important to determining document retention periods is ensuring that those retention periods are followed. A court can look at a business's actions when it interprets its document retention policy. If, for example, there are a large number of different retention periods, or it is difficult to determine the retention period for a given document, do not be surprised if employees simply place all documents in the storage location with the longest retention period, making that longest retention period the de facto retention period for all documents. Also consider the frequent problem of an employee working under a very short email retention period, say one month. When an email in the employee's mailbox is over a month old, the email system purges it. The employee is annoyed that emails disappear after a month, so the employee begins archiving his email on his work computer. What if most employees react to a one-month email retention policy in this manner? It could result in a court determining that the de facto email retention period is indefinite. This outcome, both practically and legally, is in direct opposition to the purpose of defining a retention policy, failing completely to reduce the universe of potentially discoverable information.

A document retention policy must be simple and lightweight if it is to accomplish its goal. Otherwise, employees are likely to make mistakes in their retention decisions, and even skirt the retention policy if they feel it causes too great a hindrance to their work. When crafting your own policy, anticipate and discourage aberrant behaviors by talking with employees and modifying the policy until it is both efficient and easy enough that employees can follow it without complaint. An effective document retention policy will be one that is also reasonable, and such a policy will go a long way toward making e-discovery manageable in any business.

Copyright 2008 Interhack Corporation

ABOUT THE AUTHOR: Christopher F. Shiflet, J.D.
Christopher F. Shiflet is a Specialist at Interhack corporation a Columbus-based information assurance and forensic computing firm, providing expert testimony, forensic analysis, and electronic discovery for attorneys all over the country. Interhack's work is used to find the right questions to ask and the best answers science can provide.

Copyright Interhack Corporation

More information about Interhack Corporation


While every effort has been made to ensure the accuracy of this publication, it is not intended to provide legal advice as individual situations will differ and should be discussed with an expert and/or lawyer.
For specific technical or legal advice on the information provided and related topics, please contact the author.

Find an Expert Witness