The Information Management Journal / September / October 2007 – Today’s electronic data explosion, coupled with the December 2006 amendments to the Federal Rules of Civil Procedure (FRCP) regarding electronically stored information (ESI), requires that Information and legal professionals expand their knowledge of electronic discovery management. Recent changes to the FRCP include:
* Definitions of safe harbor and provisions for routine alterations of electronic files during routine operations such as backups [Rule 37 (f) as amended]
* Information on how to process data that is not reasonably accessible [Rule 26 (b) (2) (B) modified]
* How to deal with inadvertently produced insider material [Rule 26 (b) (5) modified]
* Preliminary Conference and Conservation Responsibility of ESI. [Rule 26 f) as amended]
* Requests to produce electronic files [Amended Rules 33 (d), 34, 26 (f) (3), 34 (b) (iii)]
There are many opinions about how ESIs should be planned, managed, organized, stored, and retrieved. Some of the available options are extremely expensive in terms of financial commitments and time required. Ever-changing technologies only add to the confusion. One area of confusion is the distinction between computer forensics and electronic discovery; There is a significant difference. These are described in Computer Forensics vs. Electronic discovery.
Make the right decisions
Successfully responding to eDiscovery within the limitations of the modified FRCP requires organizations to make many critical decisions that will affect ESI collection and processing.
Due to the volume of information available even in the smallest collections, it is necessary to manage the process to control time and budget. You must answer the following questions:
1. Who are the key people?
Important people for a case must be identified. These key people include not only executives, but also assistants and other support personnel from the technology, accounting, sales and marketing, operations, and human resources departments.
2. Where are the files?
All potential electronic evidence locations must be identified. These include home computers and any computers that a key person would use elsewhere (such as a girl or boy’s home), cell phones, PDAs, Blackberries, and any other digital devices that can be used. It is important to note that MP3 players, such as iPods, can also be used to store important files or documents.
3. How can the collection be selected?
Methods for limiting the number of files collected may include collecting only those in certain date ranges or only those that contain selected keywords or terms. This can be done before or after forensic harvesting of an entire hard drive. The well-known file filter can also reduce collection by removing standard application files common to all computers (such as the Microsoft Windows archivo logo file).
4. How should encrypted / password protected files be handled?
Encrypted files cannot be processed until encryption is stopped. In some cases, files with exact or similar names may be available without using passwords or encryption. File paths can also provide information about the value provided by decrypts. Decryption can take a long time. Sometimes a password can be obtained simply by requesting it, so this should be the first step. If it fails, the use of a subpoena could be successful.
5. How should duplicate and near duplicate documents be handled?
Electronic file collections almost always include duplicates. Multiple people can have the same email, with the same attachments. Key documents may have been reviewed by two or more people and saved to their hard drives during the process. By processing electronic collections, you can identify exact duplicate files and limit the number of documents that require review.
Identification of exact duplicates generally occurs during the stage where metadata is identified and extracted from files. Deduplicating the collection will delay processing to a minimum.