Category: Preservation

A great headline from InfoWorld.com that briefly looks at the effects the amended FRCP has on IT professionals who are tasked with purchasing storage platforms for their companies.

I don’t totally agree with this quote by author Mario Apicella, but I can certainly appreciate his perspective:

“… hosted services that offer remote access for e-discovery and similar activies are a worthwhile alternative to building a layer of compliance applications in-house.”

True it may be easier (and more efficient) for a company to outsource some of their storage/compliance responsibilities, but it is still imperative that the IT professionals and company attorneys discuss the issues revolving around the storage and preservation of electronic records (i.e. e-mails, e-docs, etc.).

Even though a hosted service may adequately handle the logistics of preserving e-mail, the amended rules still impose a quasi-duty upon lawyers to be familiar enough with their clients’ information systems so they can intelligently discuss the exchange of electronic data with the opposing party.

Link to article.

My article “The Easy Button” recently posted on InsideCounsel.com where I take a look at four vendors that provide tools for searching and analyzing e-mails. The four vendors mainly sell their products to in-house counsel with the alluring appeal that in-house attorneys can search employee e-mail and discover potential smoking guns before the litigation trigger is pulled.

The four vendors I talked to for the article were AXS-One, InBoxer, Clearwell Systems, and Estorian. Each vendor enjoys a certain sweet spot.

I wanted to talk to AXS-One after I read the great story on ComputerWorld.com about how KeyBank adopted the AXS-One Compliance Platform to help manage the laborious process of collecting and producing e-mails from their 300TB e-mail archive. The story provides a rare insight into how major corporations are dealing with the stress of complying with e-discovery requests.

I am very impressed with InBoxer and have blogged about the company in the past. The big seller to me with InBoxer is that it’s so easy to deploy – you either pop in a rack mounted server or install the software in a virtual appliance and it’s ready to go within an hour, or even a few minutes. In-house counsel search and analyze employee e-mail through an online interface (you can visit www.enronemail.com to test out InBoxer for yourself).

I’ve been following Clearwell for a while now, and I believe they have one of the most intuitive interfaces of the group. They made it very clear to me that they are not an e-mail archiving system, but that they work complementary to systems you may already have set up from Symantec or EMC. A Clearwell system can also get up and running very fast, and provides such a comfortable interface that I can see where some users may not even need training.

And lastly Estorian offers an interesting alternative to the slick-ness of InBoxer and Clearwell. Estorian’s LookingGlass software may not look as pretty, but I found that it provides an extensive array of options for searching, monitoring and saving potentially risky e-mail messages. The company views LookingGlass as more of a compliance tool because users can easily set up searches to automatically and continuously monitor employee e-mail for risky keywords.

I foresee in the near future that every corporation will have some sort of e-mail analysis tool constantly monitoring employee e-mail. And why not? In this country, the company owns the e-mail and has the right to read every message sent by an employee through the company-owned servers. Companies that purchase tools such as the ones mentioned above will enjoy a) the comfort of knowing that something is policing the e-mail servers for naughtiness, and b) the ability to quickly search and secure e-mail messages that are relevant to the latest litigation matter that flys across their desk.

Link to my article.

I found a small treasure trove of articles on e-discovery and computer forensics today from Burgess Forensics. I especially liked the article “How is data written, stored on, and erased from hard disks?” by Steve Burgess, where he likens hard drives to “a hybrid of a record album and pizza pie … or a dartboard” in an attempt to describe how data is stored on computer hard drives.

Last week I had the pleasure to present a Webinar for LegalSpan (Manexa) entitled “How and When to Use Computer Forensics Professionals.” In my research for this presentation, I realized how difficult it is to explain how operating systems store data on computer hard disks to non-technical folks. It’s always made perfect sense to me due to my background, but it’s tough to smoothly explain how bits, bytes, sectors, and clusters build upon each other, and why hard drives have “slack space,” and why data is rarely saved in consecutive clusters, etc. etc.

The Steve Burgess article does a great job of introducing the terminology, but the masterful Craig Ball takes your hand and gracefully leads you through the woods of bits and bytes in his concise compendium entitled ”4 on Forensics: Four Articles on Computer Forensics for Lawyers.” If you’re a lawyer that needs to understand how to preserve a computer’s hard drive, Craig’s “4 on Forensics” is an absolute must read. And due to Craig’s easy style, I guarantee that you will have a solid foundation on computer forensics when you’re done reading. The first of the four articles, “Computer Forensics for Lawyers Who Can’t Set a Digital Clock,” is the longest and the most relevant. Read that one if you can’t get to anything else.

I would be remiss if I did not mention Sensei Enterprises, Inc., the digital home of Sharon D. Nelson, Esq. and John W. Simek. Not only have the two collaborated on the terrific The Electronic Evidence and Discovery Handbook: Form, Checklists and Guidelines ABA book, but Sharon Nelson now authors the informative (and often entertaining) electronic evidence blog entitled “ride the lightning.” You can find a wonderful chunk of articles on their Website, and I will specifically recommend “Finding Wyatt Earp: Your Computer Forensics Expert” which provides a compact set of suggestions to consider when you need the services of a computer forensics examiner.

Computer forensics has always had a ”CSI mystique” about it, mainly because so many people have never had to worry (or care) about how their computer stores data on the hard drive. And while you really don’t need to know how the innards of a computer works to send e-mail or type a document, you should have a basic understanding of the technology in use so you can confidently communicate with the computer forensics professional you hire.

The blanket rule when it comes to computer forensics is DON’T DO IT YOURSELF (or don’t let your client do it themselves). Many IT professionals wrongly assume that they can make a full copy of the hard drive themselves that will preserve the data. Unfortunately, many of these copies will NOT be considered forensically sound images of the hard drive, and will reveal changes made to the data, which could lead to claims of spoliation.

It’s never worth the gamble – always call a professional, certified computer forensics professional when you need to preserve the data on a computer hard drive.

More cautionary words of wisdom about how employees routinely disregard the public nature of e-mail in “GCs to Employees: Think Before You Send” posted on Law.com.

Matthew W. Clarke, a partner at Smith, Gambrell & Russell, is quoted:

“The main problem that occurs over and over is that people have such a casual attitude and approach when it comes to writing and sending e-mails.”

And the article provides some examples of what’s been found in e-mails:

“Don’t put this in writing, but …

“can you believe that [expletive] is complaining about this?”

“I can’t believe she’s pregnant at such an inconvenient time at work.”

“we need to get rid of the dead wood.”

If you want to explore this incredible phenomenon first hand, you can visit www.enronemail.com and search through the multitude of e-mail messages collected during the Enron litigations. The site is set up by a company called InBoxer (which I’ve written about before) as a way to demonstrate their product, but it’s a sobering example of what can go wrong when employees use e-mail.

Link to story.

The August 2007 edition of the terrific e-newsletter Law Technology Today runs a story entitled “eDiscovery Sanctions – Staying out of Harms Way” which provides some practical tips on helping a client index and organize their electronic data.

I particularly enjoy the first couple of paragraphs that discuss the 1970 amendments to the Federal Rules of Civil Procedure.

In 1970, the Federal Rules of Civil Procedure incorporated the concept of “data compilations from which information can be obtained” into its text. From that moment on, digital documents on computers were available for discovery.

In reading the Advisory Committee Notes to the 1970 FRCP Amendments for Rule 34(a) (about midway down the page), it’s obvious that they wrestled with several of the same issues that the Advisory Committee struggled with on the 2006 Amendments.

The inclusive description of “documents” is revised to accord with changing technology. It makes clear that Rule 34 applies to electronic data compilations from which information can be obtained only with the use of detection devices … respondent may be required to use his devices to translate the data into usable form. In many instances, this means that respondent will have to supply a print-out of computer data. The burden thus placed on respondent will vary from case to case, and the courts have ample power under Rule 26(c) to protect respondent against undue burden or expense (copied from Cornell’s Legal Information Institute)

I also like how the article distinguishes between “gaining control of the e-mail system” and what they call the “file system” which refers to the “massive [electronic] system housing many of the corporation’s memos, strategic presentations, financial spreadsheets, corporate intellectual property and plenty of other critical digital assets.”

The point is well taken – with so much emphasis on e-mail (much of it deservedly so) many companies don’t pay enough attention to how their employees are saving and storing electronic documents.

In my experience, many companies simply leave it up to individual departments or employees to determine where documents are stored and how they’re named. Obviously, each department must provide input into how their documents are stored, but a confusing collections of document storage practices will always make it more difficult to find the data you need to produce.

Link to column.

Rich Wersinger is a Technical Trainer at Fios, Inc. and authors a short article entitled “Hot Tips for Effective e-Discovery Review” (via In Re Discovery).

Rick offers three tips but the first one called “Bulk Categorizing for Smart, Efficient Document Review” is worth the whole article. He describes a scenario where a major custodian in a product liability suit subscribes to a daily business newswire e-mail message. That means his e-mail file will have a ton of messages that will ultimately be irrelevant to the present matter. Note, however, that with a simple keyword search, many of these messages may get returned as relevant.

Rick suggests taking a “proactive approach to identifying patterns of documents that are clearly not relevant to your matter.”

For me, the tip emphasizes the importance of actually interviewing major custodians or “key players.” It’s not enough to simply grab their entire e-mail file, you need to obtain a big picture idea of how they use e-mail and understand some of their e-mail habits.

This requires a more hands-on approach to a collection project. This won’t make the custodians happy because they have to answer more questions, but it is absolutely necessary for reducing costs.

If you can eliminate and filter out huge groups of e-mail messages from a single source like the daily news bulletins, stock quotes, weather updates, or fantasy football scores, then you could drastically cull down the e-mail file before having it processed by your vendor. This will save a lot of money both on the processing side as well as the review time.

Link to “Hot Tips.”

With all the talk about preservation and document retention, many people overlook the equally important issue of “destruction.” It is imperative that you devise a consistent and workable retention policy for e-docs, e-records, and e-info so that you are keeping only what you need to keep. But beyond that, you must also ensure that unnecessary data is absolutely destroyed.

Data destruction sounds like it should be an easy process. After all, you could simply hit the delete button or re-format the hard drive. Of course, it’s not that easy.

One of the best articles to address this issue is a 2003 piece by Simson Garfinkel entitled “Remembrance of Data Passed: A Study of Disk Sanitization Practices.” Simson acquired 158 used hard drives mainly from eBay and analyzed them to see if they had recoverable information. Even though the majority of the drives were “freshly formatted,” the exercise revealed a plethora of coporate, private, and pornographic material.

Simson’s study also looked at the effectiveness of sanitization and erasing programs. Another method of erasing a hard drive is degaussing which uses strong magnetic fields to deconstruct the storage of data on hard drives and other magnetic media.

All of these methods of data destruction have shortcomings as outlined in an article by Dan Bayha, Vice President of Back Thru The Future Computer Recycling, Inc. (otherwise known as “BTTF”).

I was fortunate to meet Melanie Haga, president of BTTF, in August at the ILTA Annual Conference. I was impressed with BTTF’s unique services and especially their commitment to recycling. I picture BTTF as a giant funnel with humongous steel teeth at the bottom. Into the top go old hard drives, backup tapes, USB memory keys, CDs, DVDs, PDAs, and cell phones and out comes itty-bitty bits and pieces at the bottom.

Proper data destruction isn’t just about mangled electronic media. BTTF has partnered with Dunbar armored transport to make sure your condemned media is secure throughout the entire destruction process.

The mangled scraps get reincarnated into a variety of products because BTTF recycles all of the metals and various substances found in the electronics.

I’m not the only one impressed with this company. American Lawyer magazine ran a great story entitled “Appetite for Destruction” and the New Jersey Law Journal ran a piece entitled “Shred It or Dread It.” Sharon Nelson over on her Ride the Lightning blog mentioned them as the place to go when “you really, really, really want to be sure that data is gone.”

I agree with Sharon that BTTF may be one of the best ways to be absolutely sure you’ve destroyed data because otherwise you could be taking a chance that some data will be left behind.

eWeek.com frequently posts some short, quick slideshows like today’s “The 10 Biggest Storage Challenges Facing Companies Today.” Along with cutting cooling costs, improving I/O flow, and online storage, the #7 challenge is “Identifying a good e-discovery strategy and getting it into operation.”

A good column by Eric Sinrod of Duane Morris on CNET about the recent survey by LiveOffice on how organizations are unprepared to respond to an e-discovery request.

Interesting stats:

“According to the survey, an average employee will send and receive more than 135 e-mails daily. Thus, a midsize company with 500 employees will generate 17.5 million e-mails per year. (Moreover, the average employee spends 2.5 hours weekly managing his e-mail box, meaning that a midsize company with 500 employees potentially loses 65,000 hours of productivity annually.) Naturally, the magnitude of the e-discovery task is far greater for much larger companies.”

An interesting, but plausible twist to using an expert is pointed out by Larry Westcott in his Electronic Discovery Blog. The court ordered the Plaintiff to pay their expert, Mark Lanterman, the “reasonable expense for his services and the electronic copying expenses” but that he would act under the guidance of the Defendant (Quicken Loans, Inc.). Quicken is providing backup tapes with documents that are “potentially material” to the litigation but it is unable to ‘screen out privileged or proprietary information and documents” on its own.