View PDF

In April of 2006, the U.S. Supreme Court approved amendments to the Federal Rules of Civil Procedure ("FRCP") in an effort to modernize and clarify discovery rules as they relate to electronically stored information ("ESI").  These amendments, which took effect on December 1, 2006, expressly allow the discovery of all relevant digital data in civil litigation proceedings.  While electronic documents have been discoverable in the past, this newest legislation eliminates all uncertainty on the subject – companies must now be prepared to provide any and all electronic data on a given subject or individual within a reasonable time frame.  The process of securing, gathering, searching, and distributing electronic data for the purposes of providing evidence in a civil or criminal case is known as electronic discovery, or eDiscovery.  Given the multitude of forms ESI can take, the ever-increasing rate of its creation, and the prevalence of low-cost, high-volume data storage devices, this can quickly become a Herculean task.

Some key provisions of the FRCP amendments and their implications are as follows:

Rule 26(a):
Defines ESI as a category of discoverable data and requires both parties to provide each other with an inventory of all discoverable material under their control.
Implications:
Companies must be prepared to disclose all relevant electronic data under their control including email, instant messages, sound recordings, proprietary databases, etc.

Rule 26(f):
Requires meet-and-confer sessions early in the discovery phase in order to discuss potential eDiscovery issues and strategies.
Implications:
Companies must know where and how all ESI is stored in their systems, as well as the potential recovery costs, timeframes, and alternatives.  Note that it is possible to shift some or all of the costs of restoring data that is "reasonably inaccessible" to the requesting party - issues such as these should be explored during this phase of eDiscovery.

Rule 37(f):
Provides "safe-harbor" for those companies who are unable to provide discoverable ESI based on "good faith" application of standard business and IT processes.
Implications:
Companies need to expressly define, implement, and routinely audit compliance with data retention policies and procedures in order to show "good faith" and avoid sanctions.  Policies must be in effect and applied consistently before litigation is reasonably foreseeable in order to be eligible for "safe-harbor".

Preparation is Critical
Companies may think that it is not necessary to prepare in advance for eDiscovery related requests; either assuming they will not be subject to litigation based digital data requests, or if they are, that their company will be able to readily respond.  Unfortunately, for several reasons these assumptions are weak.  Our business environment is very litigious and business information increasingly exists in digital formats, and the proportion of evidence existing in digital forms increases every day.  So the odds of any company being subjected to litigation based digital data requests is high.  The proliferation of digital data and its vulnerability to manipulation –intentionally or unintentionally – creates the complexity and the risks for fulfilling FRCP ESI response requirements.  In fact, many big names companies such as Samsung, Philip Morris USA, Microsoft, Morgan Stanley, have experienced difficulties producing electronic evidence that has resulted in significant damages and legal fees.

So the lessons are clear.  Any company with even a remote chance of being subjected to lawsuits who has any meaningful amount of digital data should develop and deploy procedures and capabilities to ensure that relevant electronic data is preserved, searchable and ready to be retrieved and produced in as economically efficient manner as possible.  The following highlights some of these key steps and is extracted from Amper’s e-Discovery readiness roadmap. 

Step #1: Digital Data Mapping
To be prepared for litigation, companies must define, control, and monitor all forms of electronic data contained on corporate systems or generated by their employees.  The first step towards achieving this goal involves knowing the specifics about existing electronic data.  Data owners should collaborate with IT personnel in order to generate a digital data map for the company, which is an inventory of all data stored and managed by the company.  It is important to know the format and volume of data, as well as how data is generated, stored as active and archival data on systems, and transported between systems.  It is also important to understand where and how data is duplicated on the systems.  It may be possible to eliminate some redundant data stores, providing an immediate cost savings to the company, as well as reducing the costs of parsing through superfluous data during eDiscovery.

Step #2: Risk Assessment
After an accurate digital data map has been created, companies should perform a formal assessment relative to the inherent risks associated with their data retention and eDiscovery demands.  Preparing this assessment will require your company to anticipate what types of ESI may be required, and the costs of producing active data as well as data stored in backup archives.   The Risk Assessment should be updated at least annually, and more frequently in the event the nature of the company’s ESI profile changes. 

Step #3: Implement Digital Data Management Policies and System Control Procedures
The Risk Assessment provides the basis for the company to then design and deploy policies and tools that would enable the company to fulfill an FRCP ESI demands.  Tools commonly deployed include email archiving and/or other enterprise content management software, for managing corporate data.  Creating and implementing policies and procedures that reduce legal and compliance risks may even enhance routine business operations and produce cost savings.  For example, a company may have a large, costly archive of data from the past ten years stored on backup media, while an archive of only two years may satisfy all business and legal requirements.  In the event the company is asked to produce ESI contained within a large archive, it can become a significant cost burden that could otherwise have been avoided. 

Step #4: Litigation Hold Procedures
Another key issue to keep in mind when developing a set of digital data management policies and procedures is the ability to respond to a "litigation hold" for ESI as soon as litigation is reasonably foreseeable.  Once this occurs, all ESI potentially relevant to the pending litigation must be preserved immediately.  This often means suspending the routine operation of IT functions such as automatic email purging and tape archive rotation.

Step #5: Compliance Monitoring
Finally, after developing and deploying FRCP ESI response plans, your company should develop an approach to periodically monitor compliance with internal policies and procedures.  The company’s e-discovery response plans must also be regularly adapted to meet the changing nature of ESI.

Summary
Ultimately, preparing for eDiscovery requirements may seem like an unnecessary burden placed on companies that are already faced with a litany of audit, risk, and compliance issues.  Numerous case law examples have shown the damages from not being prepared can be very significant.  Even for those few lucky companies not subject to e-discovery requests, the readiness activities outlined often lead to significant streamlining of data archiving procedures and costs.  So whether it is for litigation readiness or simplifying data archiving, getting a handle on ESI might be one of the wisest investments a company can make.