The ABCs of Electronic Storage: Archives v. Backup Tapes in the Courtroom

Now that school is in session, don’t get an education about electronic discovery the hard way by not knowing the difference between archived data and backup data, or you will find yourself banging your head on your desk . . . or being sent to the corner of the room by a court.  The key:  archiving and backup are NOT the same thing -- far from it.  Knowing the difference can cost you significant headaches, time, effort, and money, and can even impact the outcome of a case.

An easy way to compare the two methods of preservation is to consider the difference between retrieving an email that has been archived versus backed up.  Let's call it E-mail X.  If you “archive” E-mail X, you can still retrieve it easily to re-read it, move it to a folder, forward it, or otherwise use it just like the un-archived emails.  And it can be accessed from more than one computer station, meaning that someone cannot simply lose the one and only copy.  On the other hand, if you had created a “backup” of E-mail X, it would have been recorded, along with everything else that was work product that day, on a single backup tape.  There are two problems here.  First, the backup tape itself could be anywhere -- the back of a closet or a warehouse, for example.  And if that one tape got lost or was ruined in a fire, E-mail X is gone forever.  Second, even if the backup is locked in a well-secured safe, going back to actually find E-mail X would be akin to looking through a box of hundreds or even thousands of unsorted photographs for that one needle in an electronic haystack of information. 

Both ways maintain a record of the information, but which would you rather use if responding to a request?  Which would save cost, time and peace of mind? 

Continue Reading...

Avoiding an E-Discovery Disaster

This summer the whole country, particularly those of us living on the gulf coast, anxiously watched the seemingly endless images of oil leaking into the Gulf of Mexico following the deadly explosion on the BP oil rig Deepwater Horizon.  While the leak has only recently been capped, litigation stemming from the oil spill has already commenced.

In a recent article on law.com, Fred Blum and Nader Mehizadeh noted that much of the litigation stemming from the BP oil spill will depend on volumes of electronically stored information in BP's control.  After noting the potential e-discovery disaster that may come upon BP if its electronically-stored information (ESI) is not properly handled, the authors outlined the following six factors that can help anyone avoid an e-discovery disaster:

Continue Reading...

Google Docs Ready for (Legal) Primetime?

Today's predominant word processors are Microsoft Word and Corel WordPerfect. MS Word is also offered as a web-based application or Saas (Software-as-a-Service).  However, there is a newer type of document collaboration, where numerous people have access to the same document so that they can all contribute and monitor changes made by others.  These types of applications are becoming more common.  For example, Google has begun to offer its own Google Word Processor called "Google Docs" -- which allows users to share and collaborate on documents. 

What does it matter which type you use in your business?  Here's one comparison between the Google and Microsoft web products.  But there's much more when it comes to the battle between WORD v. GOOGLE DOCS.

Continue Reading...

Digital Voicemail in E-Discovery -- or Dealing with Cerberus, the Three-Headed Dog from Hell

You have one new voice message. First message: Monday, 4:45pm --

I must have just missed you, Vice President Joe.
It's Mike van Dyke, your CEO.
Remember that complicated widget invention --
Our best-seller you copied from the Widget Convention?
The one in your job interview that you mentioned,
And stole from your last boss for withholding your pension?

Well, they've sued us for patent infringement and such,
And theft of trade secrets -- it's really too much.
So I need you to shred all the documentation:
The tech drawings you stole; design specifications.
And that memo you wrote, before everything,
Saying that they had a patent, worth copying.

And yes, it goes without saying, too, Joe --
Please immediately delete this voicemail also.

End of new messages.

A lawyer who finds a copy of this voicemail buried in the other side's electronic document production will immediately splurge on champagne and party hats. And who can blame him? But here's the question: would this message be captured in the net of responsive material, or would it slip through the cracks? The answer may depend less on the skill of document retrieval experts, and more on how your company (or client's) voicemail system works.

It's old news that voicemail systems have graduated from analog to digital. Now, while the self-contained answering machine is still around, the digital era has also ushered in various types of integrated systems. The most complex, like the famed mythological dog Cerberus guarding the gates of Hell to prevent the dead who cross the river Styx from escaping, have three heads: the company telephone system, e-mail system, and computer system. And while a message on a self-contained machine can be difficult for a company -- let's call it Hades, Inc. -- to track and easy for an individual employee to get rid of, life with Cerberus is akin to life in the underworld: there is no escape, and nowhere to hide.
 

Continue Reading...

The Governator Signs Electronic Discovery Act Into Law

Apparently taking a break from figuring out where the money will come from to run California, The Governator signed into law the Electronic Discovery Act (“EDA”) on June 29th, joining the ranks of approximately twenty other states in adopting specific rules designed to manage e-discovery. Like most of these other states, California’s EDA is substantially based on the 2006 amendments to the Federal Rules of Civil Procedure.

According to Eric Sinrod, writing in The FindLaw Technology Blog, “The new California rules, which represent the culmination of several years of negotiations, appear to work a compromise between plaintiff trial attorneys who sought in depth access to electronic records and corporate defense counsel who desired safeguards for data that they believe is too burdensome and costly to produce.” 

A significant difference between the Federal Rules and the EDA is the inclusion in the EDA of a safe harbor that does not sanction a party or attorney who fails to produce electronically stored information that has been lost, damaged, altered or overwritten, if it was done as a result of the routine, good faith operation of an electronic system.


Additionally, according to Sinrod, the Act directs that “electronically stored information should be provided in the form ordinarily maintained or in a reasonably usable form; a party may object to the production of electronically stored information on burden or inaccessibility grounds, but that party bears the burden of proving that objection, and a court still may require production upon a showing of good cause by the demanding party; and the Act is applicable to third parties pursuant to subpoenas, although one can expect potentially less e-discovery burdens being placed on third parties as opposed to parties in a case.”

 

Based upon the current legislative trend, it should be anticipated that eventually all of the states will soon have similar laws in place to address the evolving issues associated with electronically stored information.

Location, Location, Location

 King Edward VII was widely known for his infidelities, and his wife, Queen Alexandra, had to pretend to ignore his affairs and wild escapades. But she got the last word. In a famous, albeit  apocryphal, anecdote, as the King lay on his deathbed in 1910, the faithful and grieving Queen was stricken with one reassuring thought, and she supposedly turned to the King’s aide and said: "Now, at least I’ll know where he is."

  Although Queen Alexandra may have been comfortable with the King’s   whereabouts after his death, organizations cannot and should not take the same comfort with respect to their electronic files. E-files that have been deleted in accordance with an organization’s document retention policy may not be where an organization thinks those files are - gone. To the contrary, the files may be dangerously lurking in the deep dark corners of the organization’s information systems.

 

Unfortunately, when it comes to electronic documents, common document retention and deletion policies and procedures simply may not adequately protect sensitive information from falling into the hands of others. Deleting an e-mail or electronic document may not completely remove the data from a computer or computer system. Instead, the deleted information often remains there, typically on the computer's disk drive, until it is overwritten by other information.  The data can often be recovered using software tools designed for recovering deleted information.

Continue Reading...

Getting TIFFed Off: The Dangers of Not Going Native with ESI . . . Or, The Perils of Killing the Bunny

For a full understanding of the Great TIFF v. Native Debate and the dangers of choosing the wrong side, try this. Picture a bunny.

Why not? Spring is near, and Easter is only a month away. So, picture a bunny. You can cuddle it, watch its little nose twitch, listen to its heartbeat, even observe its behavior and follow it home. If you are one of those lucky creatures who speak bunny -- like computer programmers speak source code -- you can politely inquire where it's been, what it's seen and who it has spoken with.

Electronically-stored information (ESI) such as e-mails and spreadsheets, is like that living bunny. It exists in pure native form, possessing an exotic birthday suit from which can be gathered the hidden details known as metadata -- who authored the data, who sent and received it, the underlying formulas behind the numbers in an Excel spreadsheet, where files or e-mails were stored, who read or possessed them, when they were created, accessed, modified and saved. Such ESI produced by a party is fully searchable. Like the bunny, it can talk to your opponent, and tell them things.

But herein lies the nasty little secret: attorneys and their clients do not want the bunny to talk to their opponents. In fact, they would love to produce ESI in such a way that their opponents cannot communicate with the bunny. But in most cases, their opponents' requests for production specifically ask them to turn over the bunny. So what can they do?

Picture that bunny, dead. Whacked. A poor dead bunny, handed over to the other side. No pulse. No heartbeat. You can't follow a dead bunny home. You can't talk to it, and it certainly can't talk back. That dead bunny is a TIFF, or "Tagged Image File Format," like a PDF. When the bunny is snuffed and the electronic data "TIFFed" -- i.e., printed out in hard copy and then re-scanned -- it becomes dead and frozen, rather than dynamic and searchable. What you see is what you get. The hidden information, the ability to search millions of pages of text for smoking gun language, and to peek at its living history, is lost. And your opponent has no way to recreate it. There is no way for him to resuscitate that bunny. Sure, he can take a DNA test of the dead bunny: convert the tiny elements of TIFF images -- the individual letters, like the Ts, As, Gs and Cs of a double helix -- into searchable text format through optical character recognition ("OCR"). But OCR does not solve the main problem: identification of the lifeblood, the living metadata of the bunny's life history (the who, what, where, when and why) that does not appear in the TIFFs.

Still, what's wrong with this? Why not always produce ESI in TIFF rather than native metadata form? Why not always produce a dead bunny? Isn't this a perfect solution? Unfortunately, no -- as one law firm, two lawyers, and their very unhappy client just learned in Bray & Gillespie Mgmt. LLC v. Lexington Ins. Co., No. 6:07-cv-222-Orl-35 KRS (M.D. Fla. Mar. 4, 2009). In short, Lexington wanted a live bunny and requested all ESI in native format without any alteration or deletion of metadata. Its opponent Bray & Gillespie (B&G) produced a very dead bunny, and was called out by the court for doing so. And that was before B&G's counsel began lying about who killed the bunny and when.

Continue Reading...

Tee Up Your Document Retention Policy -or End Up in the Woods

In a widely reported anecdote, pop singer Christina Aguilera was once introduced to golfing superstar Tiger Woods, one of the most recognized people on Earth. “Christina, I love your music,” Woods declared. “I have all your CDs...” “Sorry, I don’t follow tennis,” Aguilera said, “so I don’t know much about you.”

 

Unfortunately, ignorance is no excuse when it comes to compliance with record-retention policies and apathy will result in serious trouble.   The legal and regulatory risks associated with noncompliance include costly penalties, court sanctions, and adverse judgments.  In addition to these compliance risks, companies must also consider potential financial and strategic risks. According to Rich Bailey in “Leveraging Enterprise Records Management” in the Sarbanes-Oxley Compliance Journal, a recent survey found that “roughly 50 percent of respondents said they are less than confident that, if challenged in court, their organization could demonstrate that their electronic information is accurate, accessible, and trustworthy. Only now are organizations realizing the complexity and compliance requirements associated with e-records, including electronic documents, data, e-mail and instant messages. Another survey by CFO.com found more than one-third of top-level executives say their companies don’t have a disciplined way to deal with electronic discovery issues.”

 

ONE THIRD! That’s a lot of executives who are at serious risk of consequences due to their shortcomings in preparedness in dealing with electronic discovery issues. If your company has not already evaluated adopting a document retention policy, adopted a policy or, worse yet, is not following its existing document retention policy, get on the ball or you may end up being like another golfer, Harry Tofcano, who said, “I’m hitting the woods just great, but I’m having a terrible time getting out of them.”

The Reality of Cost-Shifting

The reality of cost-shifting is that it is not always available to a responding party. In order to manage risk associated with the cost of electronic discovery, legal counsel should be aware of circumstances where responding parties have received the benefit of a cost-shifting analysis and conversely, where it has been denied. 

Courts do not want responding parties to pay for a plaintiff's fishing expedition. Therefore, courts may shift costs to the requesting party as an incentive to narrowly tailor the discovery request where there is a low likelihood that discovery will produce relevant evidence. Delta Financial Corp. v. Morrison, 13 Misc. 3d 604, 611-12, 819 N.Y.S.2d 908 (Sup 2006) (ordering requesting party to pay expenses of searching restored backup tapes for e-mail and electronic documents because the Court was "not entirely convinced that relevant and responsive documents would be found").

Courts employ cost shifting to protect the producing party from undue burden. Therefore, courts weigh the benefit of discovery versus the burden under the proportionality test of Rule 26(b)(2)(C). Thus, even where the plaintiff is not fishing and the evidence will be beneficial to disposing of the issues, courts may limit discovery or employ cost-shifting if the burden to produce the requested data is disproportionately higher than the benefit. Christian v. Central Record Service, 2007 WL 3094513 (W.D. Ark. 2007) (relevant evidence was precluded from discovery when the expense of discovery outweighed the benefit).       

Continue Reading...

Use Caution When Doing Your Spring Cleaning!

 

Although we're in the middle of winter, and the Midwest had -40 degree wind chills last week, this is the time for you to think about spring cleaning. I don't mean scrubbing floors or washing windows. Now is the time to develop a record retention policy and a litigation hold policy and then begin appropriately "cleaning house."  Micron Technology, Inc. v. Rambus, Inc., 2009 WL 54887 (D. Del. Jan. 9, 2009) shows us why it is so very important to have a litigation hold policy in place before starting that spring cleaning.

Rambus was a microchip technology company that became concerned about possible patent infringements by microchip manufacturers. It sought counsel regarding possible litigation, and counsel developed a litigation strategy. During this time, Rambus also designed and implemented a record retention policy, then held a series of "Shred Days" where many expired records were destroyed.

Micron sought a declaratory judgment from the court that its designs did not infringe on Rambus' patent.  The court held a separate trial on whether Rambus' wholesale destruction of documents pursuant to its document retention policy constituted spoliation of evidence and the appropriate sanction to be imposed on Rambus if in fact spoliation had occurred.  

In analyzing the spoliation issue, the court found that Rambus had a duty to preserve its documents once litigation became reasonably foreseeable.  According to the court,

Rambus knew or should have known, that a general implementation of the policy was inappropriate because the documents destroyed would become material at some point in the future.  Therefore, a duty to preserve potentially relevant information arose in December 1998 and any documents purged from that time forward are deemed to have been intentionally destroyed, i.e. destroyed in bad faith. 

Because Rambus' bad faith was so clear and convincing and because Rambus destroyed innumerable documents relating to all aspects of Rambus' business, the court determined that the very integrity of the litigation process had been impugned.  The court found that neither adverse jury instructions nor the preclusion of evidence nor the imposition of fees and costs on Rambus could cure the damage done by the massive document destruction.  Instead, the court delivered the ultimate sanction of all, it declared Rambus' patents involved in the lawsuit unenforceable. 

The moral of the story?  Companies must exercise extreme caution in implementing document retention policies and must strongly consider whether a "litigation hold" needs to be placed on some documents, even in cases where litigation has not been officially commenced yet.  Consequently, when you get that itch to do some spring cleaning, plan ahead so that you can protect your intellectual property and your business.

Have you considered preparing a "Data Map?"

At the start or even the anticipation of litigation, in-house counsel are often under the gun to begin identifying the e-data that has been (or could potentially be) requested by opposing counsel. For many, this can be a messy process of identifying individual holders or "custodians" of potentially responsive documents and then further identifying  where and how this e-data has been stored. In a recent article in The Corporate Counselor, posted on In-House Counsel Online, Brett Tarr explored the practice of "Data Mapping" as a potential strategy to streamline and improve efficiency of an e-discovery response.

The concept of data mapping is relatively straightforward.  As Tarr explained, a data map:

"provides legal and IT departments with a guide to the employees, processes, technology, types of data, and business areas, along with the physical and virtual location of data throughout the company."

In other words, a properly constructed data map should allow in-house counsel to identify not only the location of potentially responsive e-data, but also its availability and format.  Those familiar with the onus of going through the e-discovery process are well-schooled in the difficulties that arise, firstly in the identification of relevant custodians of the e-data, and secondly, in determining the actual location of the data.  A properly constructed data map could significantly reduce the time spent in preparation for any outside vendors who may be required to actually extract the data.

Tarr provides four tips to create and maintain a data map:

  1. Involve other departments and managers early on;
  2. Develop logical, comprehensive practices for managing data;
  3. Create clear pathways of communication; and
  4. Don't just create, update

Central to any useful data map is a strong collaboration between the legal and IT departments, especially because of the differing vantage points each department may have with respect to e-data. By completing this process well in advance of any litigation, and as a matter of business practice, in-house counsel will have already eliminated one of the most time consuming aspects of responding to e-discovery requests, and also have readily available the information needed to determine (and potentially argue), the cost/burden of producing certain data versus the benefits of said production.

To read more about data mapping and details on Brett Tarr's tips, you can find his article at this link.

U.S. Courts Teach Europe the True Meaning of Christmas

Litigation slows around the holidays as all of us, men and women, associate and partner, plaintiff and defendant, join together in the spirit of the season and take some time to remind ourselves why there are some cousins we just don't keep in touch with. But before we bid good riddance to those interminable weeks of peace on earth and good will toward men and look forward to the comfort of acrimonious discovery disputes ahead, let us take a moment to reflect one last time on the true meaning of Christmas, as perhaps first taught us by the U.S. Supreme Court in Societe Nationale Industrielle Aerospatiale v. United States Dist. Ct. for the Southern Dist. of Iowa, 482 U.S. 522 (1987):

It is better to give than to receive sanctions for violating a U.S. discovery order.

This is a universal message, as explained by Peter Selvin and Jed Lowenthal here. Just as Santa may distribute coal to naughty children without regard for the governing statutes of those children's home jurisdictions (many of which contain strict emissions standards which exclude coal from the list of acceptable gift fuels), U.S. courts may distribute sanctions for violations of discovery orders regardless of whether the non-U.S. parties' compliance with those orders would expose the parties to civil or even criminal sanctions in their home jurisdictions. In fact, as Mssrs. Selvin and Lowenthal note, one may not even need to be a party to the litigation to be subject to a discovery order; foreign affiliates of U.S. litigants may be fair game, too, if the court determines that the litigant has control over the information held by the affiliate.

So, if you are a non-U.S. party and are ordered to disclose your discoverable electronically stored information, you will likely be obliged to give that information up. Even if the information is stored on servers in Europe. Even if you aren't a party to the litigation. Even if disclosure would expose you to sanctions back home. Even if you really, really don't want to.

But take heart, non-U.S. readers; things could be worse. For example, this post was only inches away from being titled "U.S. Courts Crash European 'Block' Parties."

Not Just Another "Auld Lang Syne"

On New Year's Eve, we typically gather in a glitter-and-confetti whirl to toast the New Year with champagne…or maybe you're a stay-by-the-fire-and-watch-Times Square type. Whatever your preference to usher in the New Year, you may be interested to know that the singing of the Scottish folk song "Auld Lang Syne" at midnight is not as traditional as you believed - it did not come to yearly use until 1929, when Guy Lombardo's orchestra played it at midnight at the Hotel Roosevelt in New York City, then released a record of it and continued playing it every New Year's Eve afterward.

By the same token, a century from now law firms will no doubt wonder at our tizzy in getting used to electronic document discovery instead of our "traditional" means of producing documents via hard copy. But for now, clinging to the old ways and not making sure that document retention policies are not only up to date but adhered to is costing our clients a mint. As reported by Sheri Qualters in The National Law Journal on December 17, 2008, Kroll Ontrack analyzed 138 reported cases from January to October 2008 and reported that ONE QUARTER of the reported electronic discovery opinions in that period resulted in sanctions issues, while 13 percent addressed preservation and spoliation, 12 percent involved computer forensics protocols and experts, 11 percent, admissibility, and 7 percent, privilege considerations. In one case in the Northern District of California, defendants were sanctioned to the tune of more than a quarter million dollars. Keithley v. The Home Store.Com Inc., No. 3:03-cv-04447 (N.D. Calif., Aug. 12, 2008). That buys a LOT of champagne!

 

It's clear that doing things the way they were done in "old times past" - the literal translation of Auld Lang Syne - will get legal clients in trouble with the Court and could result in heavy financial sanctions. The Court has no "cup of kindness" when it comes to electronic discovery issues. So this New Year, no matter your celebratory preference, resolve to pay attention to your document retention and e-discovery policies, or if you do not have such policies, it's a New Year - a great time to implement a formal policy.

Making A Records Retention Policy and Checking It Twice

 

'Twas two weeks before Christmas and a few things were stirring in Seneca County, Ohio. The Big Guy in the red suit wasn't the only one deciding who has been naughty or nice. On December 9, the Ohio Supreme Court ruled in a 7-0 decision (State ex rel. Toledo Blade Co. v. Seneca County Board of Commissioners, 2008 WL 5157133, Dec. 10, 2008) that the Seneca County Board of Commissioners had been naughty and compelled them to make reasonable efforts to recover and provide the Toledo Blade newspaper with emails that had been deleted in violation of the County's records retention policy and disposition schedule.

The fact that these emails had been deleted did not relieve the County from its obligation to produce this information because deleted computer files are still discoverable. Many times this information is recovered by a forensic analysis of the computer, which can be a very costly process. The County’s failure to maintain the requested emails in accordance with the applicable schedule for records retention and disposition was one of the factors cited by the Court in determining to impose the expense of the forensic recovery of the deleted emails on the County.

Much like Santa's list, records retention policies should be rechecked to ensure compliance.

 

 

Don't Forget the Website!

A corporation's website is often one of a corporation's most visible assets and as a result, websites are often given high priority by corporate marketing and public relations departments.  Websites should be paid the same attention when a corporation institutes a litigation hold.  Unfortunately, when a litigation hold has been instituted, forgetting about your website can be a dangerous oversight. 

In the recent case, Arteria Property Pty Ltd. v. Universal Funding V.T.O., Inc., (2008 WL 4513696, October 1, 2008), the District Court for the District of New Jersey held that websites should be treated the same as other electronic files and sanctioned the defendant corporation for failing to maintain the content on its website once litigation was reasonably anticipated. In Arteria, the plaintiff requested in discovery electronic snapshots or paper copies of the defendant corporation’s website. The defendant corporation failed to produce this information.  There was no dispute that the website was in existence at a time when it was at least reasonable that the corporation would be sued. As a result, the court found that the failure to produce the website constituted spoliation of evidence and imposed sanctions on the defendant corporation. 

The moral of this story?  Your litigation hold policy should have a mechanism in place to insure that your corporation's website, as an electronic document, is preserved in the same manner as other electronic data subject to a litigation hold.  

The Corporate "Know It All"

Our mothers always told us that “no one likes a know-it-all.” However, in today’s litigation environment, where electronic discovery and authentication of data have become important and too often dangerous, a know-it-all is exactly what companies facing litigation need. As Jonathan Sablone points out in his article, “Not Your Father’s Keeper Deposition”, litigators are now routinely using Rule 30(b)(6) depositions as a tool to authenticate data, determine whether another party has met its discovery burden and “to hijack entire cases”. See “Not Your Father’s Keeper Deposition."  As a result, as Sablone accurately points out, the choice of the designated 30(b)(6) witness in the context of electronic and e-discovery is a decision that should be taken very seriously. The failure to do so can not only lead to unnecessary time and expense but, more importantly, can potentially endanger a party’s case. 

Rule 30(b)(6) depositions allow an attorney to notice the deposition of an entity and the burden then shifts to the entity to designate one or more persons to testify on its behalf about the matters at issue. An entity can designate one person or it can designate multiple people and specify the matters upon which each person will testify. With matters relating to electronic records and e-discovery, savvy companies will take the time and expend the effort required to designate one or more witnesses who can testify about the relevant matters in a manner that is to the company’s advantage. This may be one “know-it-all” or several, each of whom is the “know-it-all” about a particular subject. Rule 30(b)(6) requires the witness to testify about information known or reasonably available to the organization. In other words, first hand knowledge of a matter is not required. This means that the company “know-it-all” can be prepped, thereby allowing a company to designate a person or persons that will make a “good witness.” 

Quality Not Quantity

The adage that "quality, not quantity matters" certainly applies to the maintenance of business records. Businesses often devote numerous hours to developing lengthy schedules defining what records must be kept and for how long. While the development of a comprehensive schedule is important, the quality of the records to be maintained is just as important. Records must be of a sufficient quality to allow companies to defend against legal claims.

One important quality consideration is how to store the records. Records should be stored so that records can be easily located when necessary to respond to a discovery request. Failure to do so can result in burdensome costs.

Continue Reading...

Financial Crisis - Do You Know Where Your Records Are?

With the meltdown of the world's financial markets over the last few days, it should come as a shock to no one that pension holders, stock owners, and state governments are suing or considering lawsuits against various actors in the financial crisis, including investment banks, bond ratings agencies, and agencies such as Fannie Mae and Freddie Mac.

As noted in this article in Information Weekly, these pending and proposed lawsuits are going to require financial services companies to produce reams of e-mail and other communications, not to mention transaction records and other financial data.  Is your company ready to deal with the production of its electronically stored information?  If you were asked tomorrow to do so, could you? 

The Problem of Reviewing Electronic Data

In a recent post on the Security Blog of ComputerWorld, a corporate security manager (i.e. an individual on the IT side of the aisle) lamented about the data retention policies at his company. Pointing out that much more data is currently being retained electronically than what is mandated by law, he noted the tremendous manpower that might be required to search through the vast amounts of this data if the need ever arose. As an alternative to the problem of over-retention the blogger (whose real identity was "disguised for obvious reasons") suggested a turning back of the technological clock, keeping paper records and turning the lawyers loose to sift through piles of paperwork.

Continue Reading...

Electronic Communication: Not just e-mail anymore

When a preservation order specifies that "electronic communication" is to be preserved,  there is a common misconception that this phrase refers only to e-mail correspondence.  Not so, my friends.  There are a bevy of other versions of electronic communication that are potentially relevant to the standard forensic collection process.

They include:

  • Instant message communications (Yahoo! Messenger, MSN Messenger, Google Talk, AOL Instant Messenger and Skype, to name a few.)
  • SMS or Text Messaging (not just for teenagers anymore.)
  • Voice over Internet Protocol (VoIP)
  • Fax communications directly sent and received on a company's computer
Companies should be sure to make their computer forensic expert aware of what third party software has been installed and used on company computers so that all relevant electronic communications can be secured and preserved. For a full analysis of the importance of securing all types of electronic communication, see this helpful article from Metropolitan Corporate Counsel.

Ephemeral Data -- What is it and Why Does it Matter?

Much of the data stored on computers, such as the data stored in random access memory (RAM) and internet caches, is temporary and "ephemeral". Because these temporary, transient files are deleted as often as every few hours, it would seem that there would not be a duty to preserve them.

However, in Columbia Pictures Indus. Inc. v. Bunnell, 2007 U.S. Dist. LEXIS 46364 (C.D. Cal. June 19, 2007) Magistrate Judge Jacqueline Choolijan, following Ninth Circuit precedent, ordered the defendants to preserve data "stored" in RAM.  The court held that the server log data (IP addresses, etc.) stored in RAM was extremely relevant stored information under Rule 34 of the Federal Rules of Civil Procedure.
Continue Reading...