Leonard Deutchman ()
Editor’s note: This is the first in a two-part series.
It has been more than 18 months since the American Bar Association amended its comment to Rule 1.1, pertaining to competence, to include the following important language: “To maintain the requisite knowledge and skill, a lawyer should keep abreast of changes in the law and its practice, including the benefits and risks associated with relevant technology.”
In this and next month’s columns, we’ll discuss what attorneys whose practice involves e-discovery should know about it. I will discuss the issue from the point of view of counsel representing the producing party, but every obligation the producing party has means that the requesting party has an equal obligation to make a request giving rise to that obligation.
How to Learn
The basic steps of e-discovery production are: (1) preservation and collection of electronically stored information; (2) processing that ESI into a searchable database format, so that you can review it easily; (3) reviewing the ESI; and (4) production of responsive ESI and a privilege log, if any.
As counsel, you should understand the geek aspects of these steps well enough to know everything that should be done and to discuss with the geeks who perform the services, or with the litigation support manager who is working with those geeks, whether it is getting done.
You may be asking, “How do I learn this stuff?” There are many ways. CLEs and the many online sites devoted to the law and digital technology (such as the one on which this article resides) offer a great deal of information. But the best way is to work on matters with a good vendor—one whose personnel understand the technology, and not simply how to use the various tools they have licensed.
To learn, you need to ask, and you must ask people who are used to discussing the subject matter with other experts. Thus, you must have them break down whatever they’re talking about into explanations free of jargon, or with jargon explained. Be Denzel Washington in “Philadelphia”: “Explain it to me like I’m a 4-year-old.”
Some General Rules
Before we dive into specifics, here are some general rules.
One size does not fit all. Any given project may not require one or more of the steps we will discuss.
Many decisions are based on risk avoidance. If, for example, 20 of your client’s employees were involved in the matter at hand, eight of them only peripherally at best, you would still preserve and have collected the ESI of all 20, even if you produce only from the first 12, because the risk of not producing and collecting the remaining eight is outweighed by the cost, in time and money, of any spoliation motion your client may face with regard to those eight.
The cost defending against a spoliation motion would be considerably greater than the cost of collection, and not collecting the additional information would invite a spoliation motion, especially (and, sadly, perversely) if your client’s case is strong on the merits, since the motion shifts the focus from the merits to procedure and forces your client to prove a negative. The collection moots any such motion, making the benefit outweigh the cost.
And because tech costs seem greater up front than in retrospect, especially to the client who is an e-discovery newcomer, your job is to make your client see that its choice (staying with the prior hypothetical) is not between spending $X or $0 (in a perfect world), but between $X and the cost of defending against the spoliation motion—two or three times that cost.
Drawing the Data Map
The first thing you must know in any e-discovery case is where your client’s ESI is. That means: (1) knowing your client’s IT infrastructure; (2) knowing your case; and (3) using your knowledge of the case to identify whose ESI you will need to preserve and collect (and, perhaps, review) and your knowledge of the data map to pinpoint of the locations where that ESI may be stored.
To understand your client’s IT infrastructure, you must have a sense of the generic data map—the places data typically can be found and so should be looked at or otherwise accounted for. If you understand the map in general, you can draw one particular to your case and answer questions from opposing counsel regarding the absence of data, such as, “Why don’t we see more emails from Jones?”
The typical IT infrastructure of a medium to large business is a network composed of an email server (usually a Microsoft Exchange server), a file server and user workstations—desktop and laptop computers. There are additions and variations of which you must be aware.
For example, many businesses allow users to gain remote access to their networks from the users’ home computers; if that is the case, and if users can store network data on those home computers, they may come into play.
As well, with the explosion of tablet usage, we are in the era of “bring your own device,” or BYOD. Many users, working remotely, prefer to work from their personal tablets rather than from a home desktop computer. Of course, many business networks also allow employees to access email using business-owned or personal smartphones. As well, users may use wholly personal webmail accounts to conduct business or store business data in cloud accounts.
The networks themselves may not be based upon in-house servers; rather, businesses may use cloud email or file servers, which means that your vendor would collect that data at the cloud provider’s location or the provider would simply export and provide the data. Another variation is that the business houses its servers in a co-location that provides power backup and physical and network security. Data may also be backed up to tapes, or to servers that archive all data.
It is important to remember that a data map is as much a “when” as a “where.” If the time period relevant to the matter is 2011, and the business had different workstations and servers and migrated to the cloud in 2013, you will have to find out what of that 2011 data still remains, and where. As well, if the matter involves personnel A through G, and personnel D through F have left the business, you will need to find out what, if anything, IT did to archive D through F’s ESI.
If you know the data map generically, when you interview the person who knows the business’ IT infrastructure best (we’ll call that person the chief information officer), you will know what to ask to learn how your client’s IT infrastructure works and where to find the relevant data. You will also know how to evaluate the CIO’s responses, what to follow up on and what to question further. If the CIO, for example, says that no one saves ESI to their home computers even though they can remotely access the network from them, you can ask whether the network did not allow the users to save to their home drives, or if policy simply prohibited it. If it’s the latter, you can ask how the policy was audited. If the CIO looks at you as if you had six heads, you may have to add “preserve and collect from home computers” for any user who accessed from home.
You will also, of course, need to know the facts of the case. Not only will they tell you whose ESI you will have to preserve, collect and possibly review, but what type of ESI is important. Is it simply the typical email, Word files, spreadsheets and PDFs, or do text messages, call logs, sever logs and more come into play?
Importantly, you must know the relevant time period. Data may typically be stored on servers at a business, for example, but if the time period is too far in the past, the servers may no longer have that data. That data may not be accessible at all, or it may only be on server backup tapes.
Once you have gathered this information, you can begin to think about your two related tasks: (1) how to preserve, collect, process and review the ESI, and then produce the responsive, nonprivileged ESI; and (2) how to determine whether you need not produce any or all of that ESI because “the burden or expense” of producing it “outweighs its likely benefit, considering the needs of the case, the amount in controversy, the parties’ resources, the importance of the issues at stake in the action, and the importance of the discovery in resolving the issues,” under F.R.E. 26(b)(2)(c)(iii).
Next month, I will discuss what you must know to discharge all of these duties, and why these duties are yours. Specifically, I will discuss how all of these steps in the e-discovery process work, how to use your knowledge to evaluate pricing provided to you by vendors, how to educate yourself about your ESI, and how these smart answers not only help you to discharge your ethical duties, but to win your case.
Leonard Deutchman is vice president and general counsel of LDiscovery LLC, a firm with offices in New York City, Fort Washington, Pa., McLean, Va., Chicago, Atlanta, San Francisco and London that specializes in electronic digital discovery and digital forensics.