In the Event of an eDiscovery Emergency, Break Glass: Preparing for the Inevitable

The incredible information explosion of the last decade -- including the proliferation of collaboration tools such as Sharepoint and all other Web 2.0 applications, text messages, voicemails sent directly to email, social networking, IM messages -- together with the stiffening of records retention consequences and the increasingly stringent records requirements on corporations have all contributed to creating an Information Management Perfect Storm for today's corporation. Courts and regulators expect corporations to know what information and records they have, where same are located/stored, and also to be able to identify, collect, retain, and produce such information in a timely fashion and in a useful (i.e. native) format.

Not having a well thought out information management structure that is adhered to by all employees and a means for quickly organizing the various information repositories and tools can cost more than just money. It can also cost a corporation in terms of lost claims, insufficient defenses, tarnished reputation, and employee frustration and turnover.

Assuming that a corporation has done as much as it possibly can to organize its information and records in a logical fashion while at the same time capturing appropriate metadata and doing all of the other fundamental records management activities, here are two specific things that a corporation can do to prepare for the inevitable litigation, as it is only a matter of time before the corporation wants to sue or is itself sued by another corporation or individual.

Prepare an eDiscovery "Break Glass" Plan

The obligation to preserve records/evidence in any litigation matter arises when litigation has commenced (i.e. the statement of claim has been issued) or it is reasonably foreseeable that litigation will occur. So what happens then? Obviously, relevant records need to be preserved, but how does your corporation go about doing that? It is absolutely essential that an "In the Event of eDiscovery, Break This Glass and Follow These Steps" plan is prepared in close consultation with a corporation's in-house and external legal counsel.

Some of the items to consider in preparing the "Break Glass" plan are as follows:

1. Who is on the eDiscovery Dream Team and who is responsible for notifying them of the actual or threatened litigation? The eDiscovery Dream Team likely comprises your external counsel, who will in all likelihood be leading the charge, together with in-house counsel, IT professionals (system architects, records management system administrators), members of the business that were involved in a particular deal or matter during the honeymoon (which is now ending in divorce) and so on.

2. How will custodians of information/records be identified?

3. Who will prepare the preservation/hold letter or email to send to all custodians?

4. Who will be responsible for taking physical or electronic possession of all relevant records and information sources (i.e. hard drives, etc.)?

5. What procedures will IT use to ensure that all records are collected and stored, including how metadata will be managed, the format that files will take, and so on?

6. When and how will external vendors form a part of the process?

7. Depending on the matter (e.g. termination of an employee), what needs to be done forensically to restore hard drives?

8. What internal auto-deletion processes need to be turned off and for which users/custodians?

Test the "Break Glass" Plan: Carry Out an eDiscovery Fire Drill

It is one thing to have a plan in place, but how well does it work in reality? As the potential consequences of getting eDiscovery wrong can be quite disastrous (for example, imagine if the information collection process/tool changed all of the metadata and made it impossible for any of the records to be authenticated, meaning they were inadmissible in court? Imagine further that in this example, the amount of money at risk in the claim could make or break your company...), it is important that all players involved, from internal IT, Law, and Business groups to external counsel and eDiscovery/records vendors, know their roles and responsibilities and that there are back-up personnel in place in all key areas that know what needs to be done, as timing will be critical.

Make sure that your external consultants and counsel evaluate how well the plan worked and implement their suggestions to improve the process. Every eDiscovery will have its nuances, but if you can have a eDiscovery Break Glass Plan in place, it will at least cover the most important bases and drive your corporation to continually improve its eDiscovery and records management capabilities, which will minimize the cost of eDiscovery and put you in the best position possible to win or significantly reduce potential losses through litigation.

FRCP and What IT Needs to Know When Planning eDiscovery Systems/Initiatives

What Are the Federal Rules of Civil Procedure (FRCP)?

The FRCP, established in 1938, govern federal court procedures for civil suits in the United States district courts. Put forth by the United Supreme Court pursuant to the Rules Enabling Act, they were then approved by the United States Congress. The Court's modifications to the rules are usually based on recommendations from the Judicial Conference of the United States, the federal judiciary's internal policy-making body.

The most recent revision to the FRCP, which took effect in December 2006, included practical changes to discovery rules to make it easier for courts and litigating parties to manage electronic records. These new amendments continue to have major effect on how companies retain, store, and produce ESI (i.e. electronically stored information, a term created by the judiciary) for litigation - especially email, document management and file system data.

The FRCP does not specify or even suggest any particular technologies be used for record archiving or eDiscovery processes, but rather makes clear the obligation to quickly secure, hold and produce all pertinent data for litigation when directed.

Let's take the Rule 26 for example and elaborate:

This rule clarifies a responding party's duty to include ESI in its initial disclosures. It also requires the party to describe the location, format, and the accessibility of all ESI they have in their possession. It reads in part: "A copy of, or a description by category and location of, all documents electronically stored information, and tangible things that are in the possession, custody or control of the party and that the disclosing party may use to support its claims or defenses, unless solely for impeachment."

Rule 26(a)(1)

Rule 26(a)(1) specifies that the organization must have a location and high-level inventory of all electronic data ready at the pre-trial conference. This rule removes any maneuvering room around producing instant messages, SMS messages, voicemail, or other forms of electronic data stored in less accessible locations, such as removable storage devices, USB thumb drives, digital camera memory, and so on.

What does it mean for IT?

IT will be called upon to quickly produce this detailed data mapping or inventory. Be proactive! Create the data map or inventory ahead of time and keep it up to date.

There are several other rules that impact how IT rolls out eDiscovery systems, rules such as rule 16(b), rule 34, rule 37(e) and so on.