Thank you for sharing!

Your article was successfully shared with the contacts you provided.
Federal Rule of Civil Procedure 26(a)(1) requires disclosure of documents, data compilations and other tangible things that the parties may use to support their claims, defenses or damages computations. Although Rule 26(a)(1)’s requirements are seemingly straightforward, the process of identifying and locating responsive documents and data has become more complex as companies continue to shift their information transmission and storage functions from paper to electronic media. As a result, companies must now frequently call on information technology (IT) experts to assist in the preservation of electronic information at the outset of litigation, as well as in the gathering of documents responsive to Rule 26(a)(1) and other discovery requests. This article addresses some of the pitfalls common to electronic discovery, identifies the various places electronic information may reside and offers suggestions to the practitioner who must guide clients through the procedural and technological maze. Rule 26(a)(1) is a “self-executing” discovery rule — that is, it compels parties to produce documents and other items prior to formal discovery requests. Recently amended, Rule 26(a)(1) is now applicable in all district courts; previously each district court had the option of employing all, some or none of Rule 26′s provisions. Amended Rule 26(a)(1) provides, in pertinent part, as follows: “Except in categories of proceedings specified in Rule 26(a)(1)(E), or to the extent otherwise stipulated or directed by order, a party must, without awaiting a discovery request, provide to other parties: � “A copy of, or a description by category and location of, all documents, data compilations, and tangible things that are in the possession, custody, or control of the party and that the party will use to support its claims and defenses, unless solely for impeachment, identifying the subjects of the information; � “A computation of any category of damages claimed by the disclosing party…and the documents or other evidentiary material, not privileged or protected from disclosure, on which such computation is based….” These disclosures must be made at or within 14 days after the Rule 26(f) conference, at which the parties meet to discuss settlement and a discovery plan. Although this time restriction can be amended by stipulation or court order, Rule 26(a)(1) is clearly designed to encourage early disclosure of important information supporting a party’s claims or defenses. Accordingly, parties must have efficient procedures in place to preserve and retrieve relevant documents and data at the outset of litigation. ORGANIZATIONAL E-DISCOVERY POLICIES AND PROCEDURES All organizations should have a records-retention policy (RRP) that requires employees to regularly review, retain and destroy documents created and/or maintained in the course of business. This process is important for the long-term management of the archive, as it substantially reduces the number of documents subject to review in ensuing litigation and makes the retrieval process more effective. Many organizations have instituted policies limiting the space users have available to them on network servers, forcing users to purge unnecessary documents. Traditional records-retention policies typically contain language requiring the following: � Delineating documents as “business” and “nonbusiness” communications, instructing staff to retain the former and delete the latter. � Setting the term for retaining documents, which should reflect applicable statutory and administrative limitation retention periods, or other applicable laws. � Establishing uniform indexing procedures to enable rapid recovery of relevant information from the archive. The above RRP elements apply equally to paper and electronic information. But the RRP should also include two procedures specific to electronic data to account for the unique storage and retrieval issues raised by this type of information. First, the RRP should specify a process to “freeze the electronic scene” at the outset of litigation. Unlike paper information, electronic data may change frequently, sometimes without the user’s knowledge. If electronic data are not quickly locked in place (by saving them to nonrewritable CD-ROMs, for example), the data may change. IT system administrators often recycle system backup tapes, over-writing historically archived data. It should be noted that the parties’ obligation to preserve electronic data is not dependent on a specific request to do so. Second, the RRP should confer the responsibility and authority on the record-retention team to preserve and maintain both the paper and electronic archives. This means that for many types of electronic data, records custodians need to manage technical assets and the organization’s IT infrastructure, including desktop and laptop computers, servers, backup tapes and other electronic data-storage devices. Procedures for archiving data within these sources should be set forth in the RRP. TRACKING VARIOUS SOURCES OF ELECTRONIC INFORMATION Electronic information may reside at various places within an organization. Familiarity with these locations, described below, and how to extract information from them, will enable an organization to keep its RRP current; discover documents favorable to its litigation position; and quickly and efficiently comply with its discovery obligations. � System users and administrators. The system administrators and relevant system users should be asked how, when and where information is stored, and why it is stored in that manner — for example, how files are named, password-protected and encrypted. � Personal computer and server hard drives. Information should be extracted from PCs and servers. For PCs, the preferred extraction method is to create a bit-by-bit image of their hard drives. Failure to follow this procedure, such as by employing a simple unerase or disk-copying utility, may lead to destruction of data, claims of spoliation and sanctions. � Network backup tapes. Backup tapes of server data are regularly archived in case of a server or system failure. The system administrator typically follows a backup-tape recycling rotation schedule in which tapes are overwritten after a certain period, typically two to four weeks. As discussed above, the rotation schedule should stop once litigation is commenced to preserve possibly relevant information. � Internet server data and Internet visit data, such as cookies. These data can help administrators trace someone’s Internet usage trail. The trail may be reconstructed from server logs and other trace evidence, such as cookies. � Embedded chips and PDA devices. Relevant data can often be found in voicemail systems, dictaphone systems, EZ Pass, and Palm Pilots and other personal digital assistants. � Databases — spreadsheets, e-mail and other dynamic systems. Database printouts frequently do not accurately represent the system data available to and/or used by the user. Computer code under each field or cell may affect the presentation of data to the viewer and what is actually printed. This may be important if the database’s operations — how it functioned and processed information — is relevant to the proceeding. If that is the case, examination of the code under each field or cell will be necessary. � Meta data. Meta data is embedded data. For example, many word processors store information about a document that is not readily apparent from the face of the document, such as the author or the time it was last accessed or modified. Likewise, the specification (international standard) for e-mail enables e-mail to be exchanged between different systems. The specification identifies about 30 fields, but the sender and recipients typically see only a few fields — to, from, subject, date and headline. The sending e-mail system may contain more information such as time sent or blank copies — “bccs.” This information, particularly bccs, could be critical in litigation. � System logs. Many computers and servers have their own “audit trail” software that traces user action and inaction on the system. Some track user identities, passwords and access times. � File slack — deleted and encrypted files. Files are stored in “allocated” space. Deleted files typically reside in unallocated or “slack” space. Computer forensics can recover deleted files even if they have been overwritten many times. Comparison of deleted files with the printed or current electronic versions of the file may reveal evidence of tampering or alteration. Encrypted files require a deciphering key to access the data. AUTHENTIC COPIES OF ELECTRONIC INFORMATION Data that is not captured properly may not be admissible in evidence. What constitutes an authentic copy of electronic data? Most courts allow duplicates, subject to a proper foundation, which is premised on the data’s being authentic. Federal Rule of Evidence 1001(3) defines “original” computer data as “any printout or other output readable by sight, shown to reflect the data accurately….” Rule 1001(4) further defines “duplicate” as “a counterpart produced by the same impression as the original, or from the same matrix … or by mechanical or electronic re-recording … or by other equivalent techniques which accurately reproduces the original.” Determining whether computer data are authentic requires an evaluation of the specific data and the uses for which it is offered. For example, an insurance claims adjuster may rely on information provided on a computer screen in determining the value of certain damaged or stolen items. If the issue in the proceeding concerns what information was seen by, or was available to, the adjuster, then a “screen shot” printout may be admissible. If, however, there are allegations that the database was programmed to manipulate the item’s value as presented to the adjuster (for example, if the database calculated the item’s value at $500, but showed $400 on the adjuster’s screen) then the screen shot would not, in all likelihood, be admissible as an accurate representation of the database. Finally, IT specialists duplicating electronic information for use in legal proceedings should employ the following procedures to ensure admissibility: The copying process must be exact and complete; the data must be capable of independent verification as a duplicate of the original (accomplished through algorithmic electronic file comparison, which creates an identifying number that will match the original with the copy); and the data must be tamper-proof so as to protect against alteration of the data between copying and presentation in court (the IT specialist should write-protect the data, run virus checks and document the secure transport and storage of the data). PRIVILEGE AND THE DANGER OF INADVERTENT WAIVER A party’s ability to store vast amounts of electronic data may prove hazardous in litigation. Large document productions raise the potential for inadvertent production of privileged information. Parties should institute controls, using technology — bookmarking privileged documents, running searches for key terms frequently appearing in privileged documents — and layers of review to minimize the risk of inadvertent disclosure. Also, in recognition that such disclosures may occur despite a party’s best efforts, counsel may consider confidentiality agreements in which each side agrees to return privileged documents inadvertently produced. In view of Rule 26(a)(1)’s emphasis on early production of documents and data supporting a party’s claims, defenses and alleged damages, organizations should implement policies and procedures designed to manage the archiving and retrieval of electronic information. By establishing a records-retention policy and using IT professionals to monitor the policy, an organization can gain assurance that it will be able to identify documents that support its litigation position, respond to Rule 26(a)(1)’s requirements and other discovery requests and avoid sanctions for failing to preserve relevant information. Edward A. Rial is a partner, and Joseph Looby is a senior manager in Deloitte & Touche’s forensic and investigative services practice in New York.

This content has been archived. It is available exclusively through our partner LexisNexis®.

To view this content, please continue to Lexis Advance®.

Not a Lexis Advance® Subscriber? Subscribe Now

Why am I seeing this?

LexisNexis® is now the exclusive third party online distributor of the broad collection of current and archived versions of ALM's legal news publications. LexisNexis® customers will be able to access and use ALM's content by subscribing to the LexisNexis® services via Lexis Advance®. This includes content from the National Law Journal®, The American Lawyer®, Law Technology News®, The New York Law Journal® and Corporate Counsel®, as well as ALM's other newspapers, directories, legal treatises, published and unpublished court opinions, and other sources of legal information.

ALM's content plays a significant role in your work and research, and now through this alliance LexisNexis® will bring you access to an even more comprehensive collection of legal content.

For questions call 1-877-256-2472 or contact us at [email protected]


ALM Legal Publication Newsletters

Sign Up Today and Never Miss Another Story.

As part of your digital membership, you can sign up for an unlimited number of a wide range of complimentary newsletters. Visit your My Account page to make your selections. Get the timely legal news and critical analysis you cannot afford to miss. Tailored just for you. In your inbox. Every day.

Copyright © 2020 ALM Media Properties, LLC. All Rights Reserved.