Electronic Discovery Compliance

There is no better way to derail a good case then by failing to comply with the discovery rules.  Most companies are now well acquainted with the revised federal discovery rules, and their state court counterparts.  Much has been written about the inclusion of “Electronically Stored Information” (“ESI”) in the revised rules, and many companies have experienced litigation under those rules first hand.  But the market change to litigating under the revised rules has been slow in coming, and many companies still lack internal procedures that not only make their day-to-day operations more efficient, but also make compliance with the revised discovery rules far easier should litigation arise.

All federal and most state courts now include ESI within the scope of permissible discovery.  This means that email, voicemail, instant messages and other ESI are all discoverable, and thus must be preserved.  It also means that a company’s computer system, backup system and archived data, and all linked devices (handhelds, home computers, laptops, zip drives, etc.) are subject to search.  Companies must maintain control of all such data, and have procedures in place to preserve it should the company face litigation.

The revised federal rules, in particular, require parties to do most of the discovery “heavy lifting” up front.  So companies need to be as prepared as possible.  In state or federal litigation, however, companies must be able to identify all ESI sources within their possession or control, and they must find and produce relevant information.  

While this can seem an overwhelming task, the following five steps will help companies organize their ESI discovery efforts:

Identify the company’s computer infrastructure.

Finding relevant information necessarily means the company must know where to look.   “We didn’t know it was there” is no excuse in answer to a motion to compel, or worse, for sanctions for failing to produce relevant information in discovery.  Increasingly, savvy litigators seek documents they know, and can prove, exist, but may be difficult to find.  Don’t get caught unprepared by a well-prepared opponent.

Your understanding of your company’s computer infrastructure should include knowledge of the following:

The amount and types of computers, operating systems, and software

Applications in use at your company;

The network topology;

The architecture of the electronic mail system;

The identity of any third party that holds or has access to company data;

Backup policies and procedures;

Computer-use policies and procedures; and

The location and contents of any relevant system and event logs.

2.     Identify Sources for Electronic Evidence

To find relevant data, you must first know where to look.  Your company likely has relevant data within several of the following sources:

  • Servers
  • Mainframes
  • Network file systems
  • Workstations
  • Shared Drives
  • Intranet
  • Proprietary databases
  • Laptop computers
  • Personal digital assistants (PDAs)
  • Personal home computers
  • Voice mail
  • Digital printers or copiers
  • Cell phones
  • Backup systems
  • CD-ROMs
  • DVDs
  • Zip disks
  • Thumb drives, Flash Memory, USB Memory Sticks, Jump Drives, etc.

3.    Issue a Document Preservation Letter and Litigation Hold

Valuable data is destroyed every day as a matter of course.  In fact, a proper document retention policy includes a destruction component.  Otherwise companies would be flooded with data and plagued by data-storage costs.  However, once the hint of litigation arises, all bets are off.  A company is charged with preserving relevant data as soon as it reasonably believes litigation to be a possibility.  

Thus, as soon as the threat of litigation rears its head, the company should immediately suspend its document “destruction” policy as to all employees and all data sources that potentially have relevant data.  The key here is potentially.  Be over-broad and over-cautious.  The document destruction component of your document retention policy can protect you for failing to produce historical information (assuming you actually follow your own policy), but it cannot do so at any point after you had a reasonable belief that you may become involved in litigation.  Let your employees know immediately that they are to preserve all potentially relevant information until further notice, and back that instruction up with threat of internal sanction for failure to comply.  

4.    Decide whether you need or want sampling or testing under Rule 34.

Any party to a federal litigation may sample or test any other party’s electronic systems to define the scope of electronic discovery and/or test assertions regarding the availability of discoverable information.  Thus, at the outset you must decide whether you want to sample and test your opponents systems and thus open your own systems to the same sampling and testing.  

Sampling is often the most economic route to defray hefty discovery costs.  But it does involve allowing third parties, especially litigation opponents, into your proprietary systems.  In the event you elect to test and sample, you must consider the following:

  • Define testing and sampling procedures, including agreed search terms and a confidentiality agreement.
  • Privilege Review: all documents should be reviewed prior to production.  The federal rules suggest the "sneak peek" or "claw back" agreements to protect privileged documents, but we do not often recommend that option.  Far too many recent decisions demonstrate hostility towards the privilege from the federal and state benches.
  • Estimate costs of potential sampling and testing or other electronic discovery. Normally, each party must bear its costs of evidence production.  But the Zubulake case makes it possible to achieve cost shifting depending on a number of factors attempting to balance the hardships between the parties.

5.    Identify key company IT personnel.

Your early stage discovery should include identifying key personnel in the IT department, and specifically those who will be responsible for assisting you in the litigation.  At least one IT Manager should be assigned to the case, and should be responsible for conducting all ESI functions.  You should expect that this person will be deposed regarding all electronic data issues in this case.

This same manager can help you prepare for and analyze you opponent’s production of electronic data, if any.  You may wish to divide responsibilities among one or more IT professionals if needed, but one person must ultimately be responsible for electronic data issues.

As with any stage of litigation, preparation is key to managing discovery and complying with the revised ESI rules.  Unprepared companies can find simple compliance overwhelming.  Discovery compliance can even be difficult for well-prepared companies.  But certainly there is a direct relationship between a companies’ ability to manage discovery, and thus prepare and execute a successful litigation strategy, and the level of preparation regarding the location, retrieval, and production of ESI.  The key to that preparation is having well defined, and executed, document retention and destruction policies.  Those topics will be the subject of future articles.