Three Common Techniques for E-Discovery Preservation

Transcription

1 Three Common Techniques for E-Discovery Preservation

2 Table of contents Introduction... 1 #1: Custodian self-preservation... 2 #2: Preservation by collection... 3 #3: In-place preservation... 4 Conclusion... 5 PwC

3 Introduction Data preservation forms the foundation of a defensible e-discovery process. Consistently across the US, case law has shown that when a party is sanctioned for e-discovery mistakes it will more often than not involve failing to properly preserve electronically stored information (ESI). While the legal duty to preserve potentially relevant ev idence is generally well understood by corporate legal teams, the methods by which this duty is performed frequently come under scrutiny by the courts. In the paper age and early days of e-discovery, preserving evidence meant going out and collecting all potentially relevant documents by making complete copies of hard drives or servers. The proliferation of , cloud storage and other ESI has made this collect everything approach too expensive for most organizations. These organizations have also become mindful of the risks brought on by over-preservation, an increasingly common occurrence. They need strategies that target only relevant documents without disrupting the routine disposition of non-relevant ESI. Legal holds are now the most commonly used method for ESI preservation. Although courts have long endorsed the use of legal holds, organizations legal hold processes are multifaceted and must be routinely modified and augmented with technology. Today, ESI has become so disparate and ephemeral that many legal teams have come to recognize that legal holds are but one instrument among a larger set of necessary preservation tools. A defensible and efficient preservation strategy starts with understanding the three primary preservation approaches for e-discovery and how they complement one another. PwC 1

4 #1: Custodian self-preservation Custodian self-preservation involves the legal team issuing a legal hold notice to employees thought to possess potentially relevant ESI, known as custodians, instructing those individuals to take appropriate actions to ensure that potentially responsive evidence is not deleted or altered while the matter is active. Pros: Custodian self-preservation is the least expensive preservation method and requires the least amount of operational overhead. Historically, courts have viewed custodian self-preservation, when backed by a strong and thorough legal hold process, as a defensible means to preserve ESI for e-discovery. Organizations must aware that this standard is ever-changing and may in the future no longer be an acceptable standard. Cons: Without sophisticated technology, monitoring custodian compliance, issuing necessary legal hold reminder notices and developing court-friendly reports can be very difficult, especially with large matters and situations where a single custodian is on multiple, concurrent holds. Ev en if custodians adhere to the hold request, their ESI may still be deleted by automated deletion mechanisms, commonly employed by shared corporate systems, such as . Technology considerations Although custodian self-preservation is the least technical of the three preservation strategies, it is not without significant technological considerations. Smaller companies with limited litigation often rely on and generic spreadsheet software for sending and tracking legal holds. These applications support the basic mechanics of the process but they are not particularly scalable and tend to require significant manual upkeep. Organizations with larger volumes of litigation tend to be better served by dedicated legal hold systems that streamline the legal hold creation process via templates, while automating all notices and reminders. In addition to providing centralized tracking and reporting, more advanced legal hold products also integrate with other e- discovery applications and enterprise IT investments, such as HR and asset management systems, which promote greater efficiency, fewer mistakes and better, more current information. Interview technology can also be employed to help gather employee information for more accurate legal hold scoping. PwC 2

5 #2: Preservation by collection Preservation by collection concentrates on copying ESI directly from its source once it is identified as potentially relevant. Ev en though legal holds are usually still issued, the preservation by collection approach does not make it the sole responsibility of custodians to preserve ESI. Pros: Creating a broad, point-in-time capture of potentially relevant ESI greatly removes the risk that data will be accidentally or intentionally deleted or altered by a custodian. It also protects data that might otherwise be deleted by automated retention policies. Broad ESI collections give legal teams a buffer should the scope of the matter abruptly change. Cons: Depending on what method is employed, data collections often require outside specialists and/or expensive collection technology. When subsequent storage, processing and review fees are factored in, e-discovery costs for even relatively small matters can stretch to tens or in some cases hundreds of thousands of dollars. Frequent collections tend to result in redundant copies of data and can expose organizations to future risks as data that could have been defensibly deleted is implicated in future matters. Technology considerations Preservation by collection is inherently dependent on technology, often requiring multiple tools. There is a bevy of products that support full disk imaging creating exact copies of hard drives but they collect useless computer sy stem information that falls outside the scope of discovery. Another challenge is that much of the ESI attributed to a custodian will likely not reside on his or her physical laptop or desktop. ESI now comes from a variety of disparate sources, including collaboration platforms third party cloud service providers, social media, handheld devices and internet applications Simply collecting from a custodian might entail gathering data from several different places. Each data source will have its own storage nuances and procedures for removing files. Those details will dictate the specific technology requirements. Newer, more advanced collection applications can leverage application programming interfaces (APIs) to initiate preservation or collections across multiple sources or deploy transitory agents that install themselves onto a particular system and collect ESI directly over the network. PwC 3

6 #3: In-place preservation In-place preservation involves using technology to lock down potentially relevant ESI at its source. The data repository itself either inhibits custodians attempts to delete responsive ESI or maintains hidden copies of files preventing any loss of data. Pros: By locking down ESI at its source, spoliation risk is greatly reduced without any incurrence of collection costs. Frequently, in-place preservation actions can target only potentially responsive data without requiring a complete suspension of automated retention policies. Cons: Broad, overlapping in-place preservation actions can lead to over-preservation and undermine defensible deletion policies, while significantly impacting storage costs. Locking down ESI at its source can be disruptive to end users of the systems being configured to perform the action and result in potential storage issues if several files are being copied. Technology considerations There is a multitude of ways data can be preserved in-place. Most systems can be configured to prevent data from being deleted. However, configuring a system to prevent deletion of certain files can be highly complex and require specialized and costly expertise. Similar to collections, APIs can be utilized to integrate native data source interfaces with existing e-discovery applications so system administrators can more easily initiate in-place preservation actions. PwC 4

7 Conclusion There is no one-size-fits-all preservation strategy. As the descriptions above show, there are inherent benefits and shortcomings to each approach and a host of technology considerations. A defensible, efficient and proportional preservation strategy is one that is tailored to the specific details of a matter, including the size and nature of the action, number of implicated custodians, volumes and types of data involved, associated risks and applicable deadlines. It is often prudent to employ a hybrid strategy whereby all three preservation approaches are used within a single matter. The objective of the hybrid strategy is to strike a balance between the underlying risks of a matter with potential costs and resource requirements. The process starts with prioritizing or tiering custodians based on perceived relevance to the matter and aligning a specific preservation protocol with each tier. Those individuals deemed most likely to possess relevant data may comprise tier 1, while others less directly associated with key issues of the matter may be classified as tier 2 or tier 3 custodians. An organization may decide to perform immediate collections on the highest priority tier 1 custodians but only issue legal holds to the remaining tiers. They may also identify an intermediary set of custodians whose data has enough potential relevance to warrant in-place preservation measures but not immediate collection. The permutations of the hybrid strategy are many; the key is to have a well-documented plan and stick to it. Authors: Eric Derk PwC LLP Director, Forensic Technology Services James FitzGerald Exterro Senior Director PwC 5

8 About PricewaterhouseCoopers PwC US helps organizations and individuals create the value they re looking for. We re a member of the PwC network of firms in 157 countries with more than 184,000 people. We re committed to delivering quality in assurance, tax and advisory services. Tell us what matters to you and find out more by visiting us at About PwC s Forensic Services PwC Forensic Services team of experienced professionals is dedicated to meeting the challenges caused by fraud allegations, financial crimes and other irregularities. Our portfolio of services includes: Financial Crime Ex aminations, Forensic Technology Solutions, Regulatory Compliance Reviews, Fraud Risk Management and Fraud Prevention, Dispute Analysis and Litigation Support. The Forensic Services team also manages the PwC Fraud Forum, an exclusive community where members can gain knowledge, participate in events and share important insights on preventing, detecting and investigating fraud, corruption and economic crime. See and for more information. About Exterro Exterro, Inc. is the leading provider of workflow-driven e-discovery software. Designated a leader for e-discovery software by Gartner, Exterro delivers complete views into the critical data and workflows required for defensibly and proactively managing e-discovery across the EDRM. The innovative suite of e-discovery applications, supported by the Exterro Platform, unifies all phases of e-discovery from identification, legal hold and early case assessment (ECA) to collection, processing, analysis, review and production. The system s open architecture seamlessly integrates existing business processes and enterprise infrastructures. To learn more, visit PricewaterhouseCoopers LLP, a Delaware limited liability partnership. All rights reserved. PwC refers to the US member firm, and may sometimes refer to the PwC network. Each member firm is a separate legal entity. Please see for further details. This content is for general information purposes only, and should not be used as a substitute for consultation with professional advisors.