The age of eDiscovery

Longform
(Image: Stockfresh)

13 February 2015

Harbison continues: “IT forensics, on the other hand, is far more exotic and involves powerful tools to explore the deepest recesses of data. Who used that USB stick at that point in time? – the one we don’t actually have. That is now in fact possible, very recently. The point is that you don’t normally use advanced IT forensics in eDiscovery. You don’t need to. What are used, and very effectively, are smart search tools,” Harbison explained. He cited Symantec’s Clearwell, Relativity by kCura and Nuix as three of the most commonly used and powerful software products in eDiscovery.”

In all forms of eDiscovery, as in electronic search generally, a number of factors and parameters are used to narrow down the field. ‘When’ is a basic criterion, which unfortunately is seldom as easy as days or weeks. ‘Who’ is clearly another basic, where known, which could also be extended to a specific role or responsibility or even to some class of people within an organisation.

Colm Murphy, Espion_web

“In litigation, it is a legal requirement for all parties to exchange all relevant documents in the case. For most organisations caught up in those circumstances, eDiscovery is likely to be arduous, difficult and expensive,” Colm Murphy, Espion

Other criteria relate to the extent of an organisation’s eDiscovery responsibilities, sometimes shorthanded to ‘power, possession or procurement’. Relatively self-explanatory to the layman not concerned with the legal niceties, our Supreme Court said that there is an obligation on a party to any action to set out in affidavit what documents that party has, or had, in its power, possession or procurement, relevant to the issues in the action. The procurement bit can be contentious, since it usually involves third parties from which documents could be requested. The extent of their obligations is thoroughly ambiguous, but where appropriate (e.g. criminal case) a court may make a Third Party Order.

Internal matter
But for the generality of business directors, eDiscovery is about the organisation’s own data. The nightmare begins when it is discovered that an apparently tidy and logically organised set of files, databases and archives for ordinary business purposes is simply is not for eDiscovery. All of our experts pointed to data being held long after it is needed for any reason. “If you have old backup tapes, for example, they may well come within the scope of eDiscovery,” Harbison said. “Many organisations simply hand on to data where there is no compliance obligation, for instance deleting personal data after a certain period.”

Jacky Fox, who leads the Deloitte cyber and IT forensics team, pointed to corporate data retention policies as the first area to look at for any organisation becoming aware of the risk of an eDiscovery order or necessity. “We have worked extensively in eDiscovery both with clients and as an agreed independent third party in civil litigation. From that experience, there are several areas I would advise any organisation to put some thought into in this regard, starting with its data retention policies. Are you just letting your data grow? There are some corporate data retention policies that are mandated by Data Protection regulations but in general without specific policies your organisation might find itself challenged to search and produce material from data that is 10, 15 years old or even more. It is almost certainly irrelevant, but it still has to be searched and documents that fulfil some of the search criteria, like key words, have to be reviewed by legal teams. That can have a huge effect on the disruption and costs in complying with an eDiscovery order. We have certainly seen organisations take a very hard look at data retention after costly experience with eDiscovery.”

Read More:


Back to Top ↑