IT law for businesses: The details

From “IT law for businesses: The legal risks every CEO should know”

Data identification

The IT department will be involved with the identification process. “ESI” is a very broad term. Categories to be mapped include for example, archival and legacy systems; databases and document management systems (xml, documentum, Oracle, access, sql server data, SAP, Word, etc.); loose media (disks, CDs, memory cards, thumb drives, etc.); current email systems or those used during the relevant past (POP, IMAP, MAPI, etc.); voicemail systems; instant messaging; computers and PDAs; online access data (temporary internet files, history, cookies, caches, audit trails); intranet (SharePoint); network access and servers (activity logs, shared networks, portals); storage area network (SAN); image, scanned and fax files (.pdf, .tiff, .jpg, .gif, etc.); applications (act!, Outlook .pst, Yahoo!, blog tools, etc.); and mirror and backup systems. In addition, there are still paper files to be mapped and accounted for in litigation.

In-house legal counsel should know by name the person within the company who has the most knowledge within the company with respect to IT issues, including those of related entities or subsidiaries, and be sure to call upon this person to implement a data management plan. It is important to know whether the company has or ever had data stored outside its network, such as other business networks, external hard drives or offsite data repositories. It is also key that the IT and legal departments have a solid understanding of the relationships between the computer networks in the company’s various locations, whether domestically or abroad. Having a current and readily available data map will be invaluable to counsel when the company faces litigation.


In general, “[t]he obligation to preserve evidence arises when the party has notice that the evidence is relevant to litigation or when a party should have known that the evidence may be relevant to future litigation.” Zubulake v. Warburg, 220 F.R.D. 212, 216 (S.D.N.Y 2003); In re: Kmart Corporation, 371 B.R. 823 (Bankr. N.D. Ill 2007). “A party or anticipated party must retain all relevant documents (but not multiple identical copies) in existence at the time the duty to preserve attaches, and any relevant documents created thereafter.” Zubulake v. UBS Warburg, 220 F.R.D. 212, 218 (S.D.N.Y. 2003).

While there is a subjective inquiry on the issue of anticipation of litigation, without a doubt, the duty to preserve arises when a complaint is formally filed and served on a party. The complaint alerts the party that certain information is relevant and likely to be sought in discovery. Likewise, the duty to preserve evidence arguably responsive to a subpoena certainly arises when a subpoena is served. Demand letters, depending on their language, also may be sufficient to trigger an obligation to preserve.

Counsel’s specific duties concerning preservation of evidence include the duties to issue a litigation hold at the outset of litigation or whenever litigation is reasonably anticipated; communicate directly with the key players in the litigation because they are likely to have relevant information; instruct employees to produce electronic copies of their relevant active files; make sure all backup media that the party is required to retain is identified and stored in a safe place; become familiar with a client’s documentation retention policies as well as with the client’s data retention architecture in order to make certain all sources of potentially relevant information are identified and placed on hold; and, consider running systemwide keyword searches to see they are retained.

Counsel should also consider obtaining a stipulation or an order for preservation of evidence, but this is not necessary to impose the obligation to preserve. Parties should address what evidence must be preserved at the Rule 26(f) conference, at the Rule 16 pretrial conference or at an earlier meeting. Moore’s Federal Practice, Section 37A.10[5]. Retained counsel has a duty to advise their client of the type of information potentially relevant to a lawsuit and of the necessity of preventing its destruction. Similarly, corporate managers are responsible for conveying this information to the relevant employees. It is no defense to suggest that employees are not on notice because that would permit a company to shield itself from discovery obligations by keeping its employees ignorant.

Significantly, a party has an affirmative duty to preserve potentially relevant evidence in its possession, custody or control. The definition of “control” has been construed broadly. Control does not require that the party have legal ownership or actual possession of the documents at issue; rather, documents are under a party’s control when the party has the right, authority, or practical ability to obtain the documents from a non-party to the action. This duty also implicates subsidiaries, agents, representatives, and third parties that may have data that needs to be preserved.

Indeed, the duty to preserve is a broad one, albeit proportional to the case. Evidence that must be preserved includes documents, ESI and physical evidence. Documents include writings, drawings, graphs, charts, photographs and other data compilations from which information can be obtained and translated, if necessary by the respondent through detection devices into reasonably usable form. The term “document” may also include emails contained on backup tapes.

Some of the questions to ask your in-house legal department are: When did you anticipate litigation? If your target is others, was a preservation notice ever sent? Was the preservation notice written? When was the litigation hold put in place? How was the personnel tasked with preserving data trained to do so? Did you issue or need to issue third-party litigation holds?

Collection and processing

Once the relevant documents have been identified and the preservation measures are in place, the collection and processing of that data begins. Companies should consider who is best suited to perform the collection of documents. While collection always should be done under the supervision of counsel, a company may decide that once direction is given by counsel the physical collection process will be undertaken by its in-house personnel and ESI or IT department. If proportionality or economies dictate going the route of internal collection, caution should be exercised to document each step of the collection process. Some courts have specifically addressed the risks associated with this approach and found them unacceptable. Clearly, having a sophisticated internal team with the legal and technical expertise to make decisions about ESI will alleviate the risks. In any event, companies should avoid having individual custodians collect their own documents (all collection should be done by the legal and ESI or IT departments and should be centrally supervised).

Another approach is on-site third-party collection. In this case, counsel will retain a forensics computer and data systems vendor and acting under her direction perform the collection.

Ideally, at the time of collection, a meet and confer has already taken place and the collection can be targeted to selected custodians, selected date ranges, selected storage devices and locations, and agreed-upon culling and search terms. All of the foregoing should be set forth in a scoping document that forms part of the overall discovery plan. Chain of custody and data logs should be kept through the entire process, and so should the exception reports that surely will be needed to document those data sources or locations that were unable to be collected for whatever reason. Once collection has been accomplished, this data is provided to a prescreened and pre-approved processing vendor. The cost of the processing will be based on the volume of data, usually charged on a per gigabyte basis.

During the processing phase, the party has another chance to significantly cull the data by further performing de-duplication, de-nisting (removal of noise system file types using the list provided by the National Institute for Standards and Technology) and other techniques. De-nisting alone could reduce data volumes by 15% to 30%. Also during this phase, the data from various formats is converted for use in a document review platform by the attorneys and the metadata fields agreed upon during the meet and confer (or those that have now become industry standard) are captured. Indexing and email threading is also done at this stage.

It should be emphasized that vendor selection for all aspects of the ESI process should be a well thought-out decision. More often than one would think, processing vendors are ill-equipped to handle the challenges posed by big data. Be aware that structured databases pose significant challenges to the most seasoned of vendors. Check references and keep a roster of go-to vendors. It is usually possible to get volume discounts with most vendors; thus, cultivating a relationship with a few trusted vendors will pay off in the long run.

Document review technology

There are many outstanding document review tools. The key to successful review is much less about the tool than about guarding against these three frequent problems: 1) “garbage in-garbage out,” 2) vendor incompetency and 3) user incompetency.

We addressed the first issue above when we covered the crucial step of proper processing of the “relevant” data. That data will then be fed into a platform for review. Technical issues with the images or metadata of the document will hamper the efficacy of any tool and will slow down review.

Another related risk a company faces is engaging a vendor that will be incapable of handling its data. The company must conduct its due diligence before selecting a hosting vendor. Does the vendor have 24/7 support? Does it have the bandwidth and servers necessary to handle the data at the necessary speed? Does it have mirror and redundant backup systems? Does it offer the level of security your data needs? In large cases, sometimes millions of dollars need to be allocated to the processing and hosting vendor; selecting the right vendor sometimes is as important as selecting the right counsel. Even if two vendors offer the same tool, they might not support the tool in the same manner. If the tool is a licensed tool, going directly to the software developer to find out how it ranks its vendors is a wise idea. Another wise move is to ask for and call references from past and current clients of the vendor you are considering. Also, many tools are constantly being upgraded. It is important to know what version of the tool the vendor is offering.

Once a vendor and a tool are selected, training is the next challenge. This is not a matter of a two-hour training session on how to click through documents. Tools now have sophisticated analytics that the user must learn to use to improve the efficacy and speed of the review phase. Left to their own devices, many lawyers will fall back to attempting to review every page. ESI counsel should guard against this by training the users for as long as it takes on the capabilities and functionalities of the chosen tool. Not doing so will increase costs of review by many multiples and will prolong review unnecessarily. “Technology assisted review,” “computer assisted review,” “predictive coding or analytics”, “AI,” are the buzzwords. Basically, they all relate to using distinct types of algorithms to assist with sorting (or “categorizing” or “clustering” or whatever other term the developer of a product chooses to use) documents based on human-based or computer-based (concept/language/frequency) determinations. These tools should absolutely be used. The days of Boolean searches are over. Clients need to insist on a more sophisticated approach even when faced with the traditional resistance of the traditional lawyer.

Outsourced managed review

Each document review project should start with a strategized intellectual approach and evaluation. And all document review is best conducted in phases. It is almost a necessity now to have at least the first phase of a document review outsourced to a contract attorney agency that can provide first-level responsiveness review at a fraction of what typical associates would cost in a law firm. A determination of what approach should be pursued should be made on a case-by-case basis, but a few suggestions are as follows: 1) responsiveness or first-pass review could be outsourced to a domestic or offshore document review company; 2) this phase I review is closely supervised and managed by retained counsel by providing training and materials, by having a system to record questions and answers as issues come up and by maintaining a daily presence on-site or conferencing daily with the review team; 3) phase I review documents go through a quality control process defined by retained counsel but conducted by review or project managers at the agency; 4) privileged documents go through phase II review and logging as agreed by the parties, and this is also done with outsourced contract attorneys closely supervised by outside counsel under a written protocol; and 5) key documents go through phase II and III reviews, typically done by outside counsel’s internal team.

While a few years back “outsourced document review” was the term of art, it quickly changed to “outsourced managed review,” in recognition of the fact that an unsupervised outsourced process can easily become a money pit. The key to the managed piece is the selection of an agency that has the project management structure needed to conduct a defensible and properly controlled review. The daily interaction with, and supervision of, outside counsel is required to make the process defensible and effective. The review phase of discovery is frequently the costliest part of the process. Documenting all phases of the project and issue-logging the decisions made along the way not only increases the value of the exercise but makes it defensible to the court and auditable for the client.

Production specifications

Once documents have been reviewed and coded as responsive and not privileged, the party is ready to make its production following the specifications for manner of production agreed to with the other side. Typically, the following fields are industry standard for production purposes: custodian(s) (both primary and others who had the document before de-duplication); author; document title; document subject; created date; created time; last-modified date; last-modified time; last saved by; file type; document type; page count; file extension; path; MD5 hash (MD5 hash value of the original native file); body text (optical character recognition for paper data or extracted text for all ESI); beginning production number or Bates; ending production number or Bates; beginning attachment range number; and ending attachment range number.

In addition, documents are typically produced on encrypted external hard drives or other encrypted electronic media, e.g., CDs or DVDs, or by FTP upload (“production media”). All production media should have the following four directories: 1) IMAGES for the images; 2) DATA for the .data and .opt files; 3) TEXT for the extracted text/OCR files; and 4) NATIVES for the native files. The production media should identify (a) the producing party’s name, (b) the production date and (c) the Bates number.

It may be agreed at the meet and confer that all or at least certain types of documents will be produced natively. For example, Microsoft Excel files (and other electronic spreadsheet files); audio files (e.g., .mp3, .mpa, .wav, .wma); video files (e.g., .mpg, .mp4, .wmv, .flv, .jpg); and any other files that cannot be converted to a usable .tiff image format could be produced in native format, including all formulae within the cells of the spreadsheet, any hidden rows or columns, and all other metadata contained in the file. All files produced in native format should have a corresponding single page .tiff place holder stating something along the lines of “document produced in native format.” Each native file is to be named after the beginning Bates number. To the extent there are file types mixed in the production that likewise do not readily or easily and accurately convert to .tiff and searchable text, you may elect to produce those files in native format as well, subject to the same requirements. If agreed to all documents and accompanying metadata created and/or stored in structured electronic databases or files should be produced in a format that enables the other side to reasonably manage and import those documents into a useable database. All these production specifications should be set forth in an ESI protocol, ideally with the blessing of the court.

It is also important that ESI counsel be involved in the approval of the production content. In addition to the technical issues, an assessment should be made of the confidential or sensitive nature of the data and/or whether it is protected under state or federal statutes or privacy laws. Measures should be taken to protect any such information either by means of a court-issued protective order covering the information, by making any filings under seal, and/or by redaction of the confidential information. Advice on these issues should be sought in each instance.

Finally, it should also be noted that because Rule 34(a)(1) allows production by inspection, some would argue that making documents available in a data or virtual room satisfies the obligation. The use of a data room should be addressed by the parties during the meet-and-confer process. It is possible that a data room will have a significant and favorable impact on the bottom line given the right setup and protection of work product.