Electronic evidence disclosure – a proactive approach
Please note, the below is a copyrighted article , written by me, and as yet incomplete. I am posting this draft here for feedback, which I hope you will send me by email.
Summary
With increasing litigation and regulatory inquiries there is an onerous requirement to produce electronic documentary evidence relevant to your case. Martin Nikel looks at how being aware of your organisation’s systems and policies and the technologies available to aid document review can reduce the costs involved.
The burden of electronic disclosure
With increasing frequency companies face the prospect of being involved in litigation or regulatory investigation. Under the Civil Procedure Rules and with the expanding powers of regulatory bodies, there is a burdensome requirement to produce relevant documentary evidence in a timely fashion. Recent high profile US based investigations (Enron, MCI) have highlighted to important role of internal IT departments, compliance and security officers and in-house counsel in being able to provide satisfactory answers to regulatory questions. In years gone by this may have been a simple process of sifting through filing cabinets and reviewing the resulting documents by page turning. Enter the digital age. Figures in common use suggest that as much as ninety-nine percent of all documents in an organisation are now digitally stored. E-mail is seen as a viable alternative to face-to-face meetings, contract negotiations and even general office banter. On one computer alone there may be many thousands of electronic documents, enough to fill, if printed out, a hundred boxes of paper documents. As the Civil Procedure Rules define a document as “anything in which information of any description is recorded”[1], any electronically generated information including e-mail, text messages, voice mail and even whole web sites are potentially relevant and disclosable during the course of litigation or investigative proceedings. This can result in high volumes of electronic documents and consequentially high document review costs. Even with relatively new techniques of removing duplicates and searching for key terms, a company will potentially be left with hundreds of thousands of electronic documents to review. If we consider also that the request for documents is often accompanied by a tight deadline for delivery, with no preparation in advance any request may be difficult and costly to fulfil.
Proactive preparation
In responding to a document request an understanding of the disclosure process from a legal perspective is essential. There are five main stages to consider: 1. Identification of relevant materials;2. Capturing and culling of the relevant materials;3. Reviewing the documents for relevance and privilege;4. Understanding the issues presented by the relevant documents; and5. Provision of the documents All of these stages are time and resource intensive, but if your organisation is unable to comply with a request it could result in punitive sanctions or possibly even being held in contempt of court. To be forewarned is to be forearmed, even in the electronic disclosure process. Fire-fighting is expensive and can obtain sub-optimal results. The key to reducing costs and making the electronic disclosure process run smoothly is to be aware of the documents stored within your organisation. By asking appropriate questions of your document retention and destruction policies and making sure they are well documented and carried out thoroughly and regularly, you can reduce the need to investigate documents and know what to expect when you search for documents. Engaging specialists in performing a fraud risk review can aid in determining the adequacy of your policies. Some typical questions they might ask include: · Are appropriate policies in place? · How do you enforce these policies? · Are there individuals outside of the scope of the policies such as senior management, IT employees etc? · Is there a method of finding out if your policies are being followed? · Do your staff have unnecessary access to sensitive documents?
Targeted capture
Often a rapid response is required. By being aware of the types and location of documents your company holds, you can instantly locate relevant categories of electronic documents and identify the media on which they are stored thereby reducing the need for time-consuming retrieval of irrelevant material. Electronic documents can be stored on many new types of media such as USB keys, iPods, mobile phones, PDAs and Blackberries. This information could be relevant in an investigation or litigation. As part of your preparation you should be aware of the habits of your employees in copying data to take home, use of USB keys and CD writers and where they store their data individually. Each employee may have different habits with retention of data, some hoarding e-mails, others deleting or filing e-mails instantly. You should continuously check these habits and ensure members of your staff are complying with the relevant policies on retention and destruction of documents. The Sarbanes-Oxley Act of 2002, brought about in response to large corporate scandals not only places burdens on US companies. Because of the strength of the US economy, companies outside the US find themselves not only having to comply with their own country’s rules, but also those of the
US. Even the Civil Procedure Rules make provision for documents that are not only in physical possession of the party, but also those documents that “he has or has had a right to possession of it; or he has or has had a right to inspect or take copies of it”. Therefore documents from parent and subsidiary companies may also be disclosable in the course of litigation proceedings. Policies to manage electronic and paper based evidence should therefore be implemented and understood throughout an organisation. Putting technology in place to assist in your answers to these questions is now a necessary part of corporate compliance. Many tools exist to monitor your organisation. You can now respond to a potential incident in a more effective manner by monitoring your network and computers with advanced software to pick up key terms, high volumes of communication, misuse of company computers and misappropriation of sensitive data. There are a number of questions you need to consider when approaching the disclosure of relevant documents. Figure 1 shows some typical questions you may have to consider in the event of a disclosure exercise. These will help you understand what may be asked of you in a disclosure exercise.
|
1. Status of data · Have the usual procedures for electronic data destruction or recycling been suspended or changed as a result of the matter?· Has a plan for halting destruction of electronic records-for example, disabling email auto-delete features and suspending back-up tape recycling been implemented? 2. Scope of data· Who are the custodians (location / department / job function)?· What are the relevant dates or time periods of the matter?· Must active files be preserved and considered for production, if so where are they? Consider the following· User workstation and network share· Department network share, not specific to custodian· Handheld devices, i.e. PDA, Blackberry, Pager· E-mail server· Will deleted files be of importance?· Are backup tapes within the scope of the matter?· Which tapes need locating?· Are monthly, quarterly or yearly snapshots in use?· What is the media type and backup software?· What is the backup and retention schedule?· Is data under the control of third parties?· Will the metadata associated with dates be relevant to the matter (created date, modified date, last accessed date)?· Are the clients in-house IT handling the work needed or will external consultants need to be retained (consider chain of custody)?· Will the client be providing any materials in hard copy format? 3. Type of data· What software is used as the clients standard e-mail application?· Are all employees using the same e-mail software for work-related business?· What software is regularly used by employees in the general course of their work (e.g. MS Word, MS Excel)?· Are there any file types that should be excluded from the collection, review and production of the data (e.g. graphics files, databases)?· Does the client use or approve the use of any proprietary software programs by employees in the general course of their work? 4. Volume of data· What is the anticipated overall volume of data to be collected, reviewed and analysed (e.g. number of back up tapes, number of desktop hard drives, number of laptop hard drives)?· What type of media will be used to store the materials for delivery from client (e.g. hard drive, CD ROM, DVD ROM, backup tape)?· What will the requirements be for removal of duplicates (e.g. across the whole data set or within individual custodians)? 5. Review, processing and production· Is it anticipated that data will be loaded into a proprietary litigation support database?· What is the intended outcome of the review (e.g. relating to litigation, regulatory body, arbitration or internal review)?· Will the data be reviewed for responsiveness and privilege?· Can relevant data be located through the use of key term searches?· Have the parties reached any agreement on exchange of data?· Is there a date by which the review of data will need to be completed? 6. General access information· If a proprietary database is created will the client and counsel require access?· How many internal reviewers will be accessing the data?· Will training be required? 7. Vendor/budget information· Does the use of an external service provider need authorising, if so by whom?· Will it be necessary for the external service provider to sign a confidentiality agreement?· Are there any budgetary constraints within this project? |
Figure 1. Typical questions in a electronic disclosure exercise.
Reduce your volume
Many tools are available to aid the review of documents responsive in a litigation or investigation. Standard methods of reducing the volume of electronically stored information include removal of duplicate documents, searching for key terms and applying date range restrictions. This can however still result in a burdensome volume of documents to review. These documents are often then loaded into a ‘litigation support’ database and reviewed one by one to check for relevance. New techniques now exist to reduce the overall volume of documents one such technique is “near de-duplication”. “Near de-duplication” is the term used to describe the process of identifying e-mail conversations and removing all but the last unique e-mail in the conversation. Take for example an e-mail sent to three friends with each three friends replying. The total number of electronically stored e-mails in this example would be one original e-mail in “sent items” and three copies of the e-mail in the friend’s inboxes, plus each of their three replies in their “sent items” and each of their replies in the original inbox. The total number of e-mails that are potentially relevant is ten. With “near de-duplication”, only one copy of the final three e-mails would be returned as they each contain a unique conversation including the original e-mail. Expand this to the quantity of e-mail a modern organisation produces and the benefits can be seen instantly. Using this technique the volume of e-mail to review can be reduced to a fraction of the original volume.
Identifying issues and relevance
Once the volume of electronic documents has been culled leaving only unique documents, the next stage would be to review the remainder. Typically this is performed in a database system where each document is looked at, possibly in chronological order, to ascertain if the document is relevant to the matter or is covered by privilege. This is usually accompanied or followed by a review to determine to which issues (or questions) the document relates. This linear approach means that important documents and issues may lay undiscovered until very late in the review process. Various techniques can be deployed to find key documents such as key term searching, focusing on certain people or dates or focusing on specific document types. However, these processes are time consuming and can still lead to documents being missed from a search if they do not fit the exact criteria specified. To combat this, new technologies are emerging that increase the speed of document review by many times. One such technology is “concept based” review software. This type of software can group documents together where the concept of the document is similar by reading document content for nouns and “noun phrases” (groups of words that identify an object). This aids the reviewer by allowing quick recognition of relevant groups of documents relating to a concept. Conversely it also allows rapid identification of irrelevant concepts. The most useful factor in this type of software is that the concepts relate, often directly, to the issues identified in the case. Once the issues involved are identified, documents relating to those issues can be located quickly. As the issues are refined, documents can be regrouped to focus on those issues. For example, if the “smoking gun” document is found, the other documents can be reorganised to show their relationship with the “smoking gun” and even provide an audit trail to the “smoking gun”.
Efficient provision
During the course of an investigation or litigation, being helpful to the courts or regulatory bodies can aid in improving your case and reducing penalties and costs awarded. The key to efficient provision of your documents is to ascertain the needs of the receiving party well in advance of any production deadline. Pre-agreeing the method of delivery and what information is required will negate the need for costly re-processing of data and the prospect of looking obstructive. Parties involved should consider the following areas: · Provision of original documentsà Providing the original documents so they can be opened in their native application is the most open and transparent method of delivery. However, this may be difficult for the receiving party to review and manage, so it is prudent to discuss this up front.· Provision of metadataà Metadata, or information that is held within a document that is not related directly to its content, can be extracted and provided in a list or database to be searched an sorted. This can help you to sort documents into chronological order, by author etc. sometimes this information can be supplemented by information entered by hand.· Unique numberingà If each document is uniquely numbered you and the receiving party can share a common method to refer to and identify the documents. This is of direct benefit to all involved parties.· Pagination and printingà It is possible to have electronic documents processed so they can be printed with extra information including page numbers and unique document numbers. Often this may be necessary if the receiving party does not have the technology needed for reviewing.· Ordering of documentsà To assist in the review of the disclosed documents, ordering the document by an agreed item of metadata can aid review. For instance, it is often helpful to list all emails in a chronological order.· Production of listà A list of documents together with information such as authors, recipients, subjects etc can prove very. Sometimes this is required by the rules involved in the proceedings and other times it is simply beneficial to agree on a protocol up front so as to aid in communication.
A lesson
Lessons can be learned by looking to precedents in some courts in the
US. One such high profile case is that of Zubulake v. UBS Warburg LLC, 2004 WL 1620866 at *8 (S.D.N.Y. Jul 20 2004) (Zubulake V), where the judge held that “It is not sufficient to notify all employees of a litigation hold and expect that the party will then retain and produce all relevant information. Counsel must take affirmative steps to monitor compliance so that all sources of discoverable information are identified and searched” Cases such as McCabe v British American Tobacco support the assertion that where destruction of documents when litigation can be reasonably expected, documents should be retained and all deletion and destruction of documents halted. These decisions and judgements have been brought about in different jurisdictions, but this does not mean to say that other Jurisdictions are unaffected. Indeed, the points on document retention in the McCabe case have been used in the British courts, in the case brought by Michael Douglas and Catharine Zeta-Jones against Hello! magazine (Douglas and others v Hello! Ltd and others [2005] All ER (D) 280 (May)). In addition, although not as well defined, the CPR states in note 6 to rule 31.10 that“…it is not enough simply to give instructions that documents are preserved. Steps should be taken to ensure that documents are preserved.”
Conclusion
With the increase of regulation, in light of corporate scandals in the US, and recognition of the courts of the usefulness of electronic documents as evidence, it is becoming increasingly important that compliance, security, IT and in-house counsel decide upon a cohesive organisation-wide strategy to manage electronic documents with regard to litigation and investigation. The techniques outlined in this article are a sensible application of technology to aid the review process. Combining these techniques with preparation and awareness will reduce the burden of reviewing documents and allow a rapid response for disclosure. The author of the document, Martin Nikel, has a background in IT Security, Internet Technologies and Electronic Disclosure. For further information please contact Martin Nikel on Martin.Nikel@gmail.com.
[1] Taken from the DCA CPR rules part 31.4 http://www.dca.gov.uk/civil/procrules_fin/contents/parts/part31.htm#rule31_4 .Any unauthorised copying or printing of this article with express permission of the author may result in prosecution.
