Guest Articles
Preparing Your Corporation for the New Federal Rules on E-Discovery
First Things First-Create a Data Map
Dan Sedor, Esq., Jeffer, Mangels, Butler & Marmaro LLP
Wayne Wong, Information Technology Consultant
The recent amendments to the Federal Rules of Civil Procedure now require litigants, at the very earliest stages of the case, to know what potentially relevant electronically stored information ("ESI") they have, where it is, how it is being maintained, and what it will cost to produce it. In particular, the new Rules force the parties to define their ESI as either readily or not readily accessible (the latter may qualify for an exemption from discovery), based on the burden and expense associated with its retrieval. Businesses able to show that certain information is not readily accessible may succeed in shifting significant costs of production to their opponents, or in forcing withdrawal of their opponents' discovery requests.
The new Rules also require the parties to discuss the form of their ESI productions, which may include production of ESI in its "native" format. In addition, although destruction of ESI is often sanctionable, the new Rules provide possible protection against sanctions where ESI is destroyed by routine procedures such as automatic deletions, if they occurred in "good faith."
All of this means that each business must have its ESI house in order even if litigation is not pending. The consequences for businesses that do not plan in advance to meet the requirements of the new Rules are potentially substantial. The recent $1.45 billion verdict against financial giant Morgan Stanley, a result of its inability to preserve and produce emails and its efforts to conceal those shortcomings, is only one example of many.
Even if a business is lucky enough to avoid such draconian results, the expense of electronic discovery when records are too voluminous or in disarray can be so prohibitive that it becomes pivotal in determining whether to litigate at all. On the other hand, businesses that do comply are likely to enjoy efficiencies and reduced e-discovery costs that can result from better organization of their ESI and proper records retention planning. Furthermore, knowledge of and control over business records is essential for companies subject to regulatory records retention requirements, including SEC and IRS rules and the Sarbanes-Oxley Act.
Compliance With the Rules and Proper Records Retention Planning Require a Data Map
One key thing that businesses can do now to put themselves on track for compliance with the new e-discovery Rules is to create a "data map." A data map is essentially a catalog of the company's records. It should describe the company's records by business unit if appropriate, and should specify the various types of electronic media on which they are maintained. At the same time as this data map is being compiled, each business should also note what its actual retention practices are and whether and why they differ from any written policies that may exist. At the end, the business will have in-depth knowledge of the nature, type and location of its records and the retention practices associated with each. Such a knowledge base will prove invaluable in educating outside counsel and enabling them and the business to comply with the new Rules.
Because the business' recordkeeping practices will be under the microscope in litigation, it also needs to have an up to date and comprehensive written records retention plan. A data map is an essential first step in creating such a plan. Having a detailed catalog of its records will enable the business to come up with a practical rationale for determining which records to retain and for how long. Each category of records should be analyzed in light of the goals of the business, and a decision made as to whether the business needs, on an ongoing basis, to maintain those records. As the widely cited Sedona Conference Working Group on Best Practices for Electronic Document Retention and Production has noted, no single standard can meet every organization's unique needs. A helpful question to ask is whether there is a current business, legal, or regulatory need or requirement for the retention of a particular category of records. If the answer is no, consideration should be given to disposing of the records, particularly if retaining them carries a substantial cost. If the answer is yes, the question becomes one of duration. Applicable regulations may spell out retention periods. Contracts and related documents may need to be analyzed in light of potentially applicable statutes of limitation. In addition, the business should consider the relative benefits of a single, uniform retention period or differing, category-specific retention periods.
The detailed information in a data map can include facts that outside counsel can use to convince their opposition – or the court – that certain forms of ESI are too difficult or costly to access. Indeed, recent case law makes it clear that courts will require specific and factually detailed support for any finding that ESI is not readily accessible and that either the business should not be required to produce it or the opposition should shoulder the cost of its production.
A data map will also facilitate the design and implementation of a proper litigation hold procedure. Many recent cases, including the well-known Zubulake decisions, stress that businesses must suspend ordinary procedures for the disposal of records, including emails and backup tapes, once there is reason to believe they are relevant to potential litigation. For this reason, and because a failure to heed that warning can have disastrous consequences, a comprehensive litigation hold procedure should be part of a records retention plan. Knowing precisely what ESI you have and where and how it is maintained -- knowledge that will be gathered as part of the data mapping process -- will help to ensure that the litigation hold procedure covers the records it needs to.
How to Map Your Data
Create a multi-disciplinary team:
Creating a data map requires a multi-disciplinary team approach, to ensure that all key business units responsible for ESI are involved in and buy in to the effort. The team providing input should include legal, IT, compliance, records management, human resources, finance, and any other business units who create or maintain ESI that may be subject to litigation or regulatory requirements.
Conduct interviews with key personnel:
Once the team is in place, the steps necessary to create a data map include interviews of various company personnel to probe into responsibilities and practices, including identifying who is responsible for the records maintained by each department or division of the business and whether they comply with pertinent records retention procedures. Any deviations in practice from existing records retention policies should be cataloged.
Research technical resources:
Identification of the business’ hard copy documents and electronic records requires going beyond the interview process, to include research from other resources such as systems maps or descriptions and hardware and software inventories, including records or content management software (if any), and the underlying system and storage hardware on which the software runs and the ESI is stored. Data maps should encompass the various types of electronic media on which the records are maintained, including file and email servers, desktop and notebook computers, portable drives and optical media, and Blackberries and other PDAs. Details are important, to facilitate as comprehensive a records assessment as possible.
Consider less “active” data:
The data map also needs to consider relevant ESI that may be found in less "active" sources. Backup systems should be analyzed and cataloged, and facts should be gathered regarding what is backed up, whether the backed up material is available from other sources, where the backups are located, how backup media is rotated or recycled, and whether backup data is used solely for disaster recovery or is routinely accessed for so-called "convenience restores." To support any argument that the less active data is not readily accessible, this analysis should also document the costs associated with the accessing of such information, including the costs of data restoration and any hardware of software that may need to be acquired to access the data.
So-called "deleted" files, which while often difficult to retrieve can be relevant to litigation, should also be assessed, such as by determining whether the business uses file recovery software that hides deleted files, or retains deleted email files outside any user-selected parameters. In addition, the business should identify and analyze repositories of potentially relevant "metadata," such as email log files and internet histories. Potentially relevant "legacy data," e.g., data the business can no longer access because of software or hardware upgrades or replacements, should also be inventoried and analyzed.
Keep data map current:
Consideration should be given to ensuring that the data map remains current and relevant since digital storage growth and application upgrades seem constant and unrelenting. Rather than periodic update initiatives, data map maintenance should be tied to existing processes that already deal with change management, such as IT project management processes and financial department purchasing processes. For instance, the purchasing or software license compliance process might be amended to update the data map as part of its delivery confirmation. The data map could be updated with the sunset dates of any software version whose license expires or is superseded with a new version or product.
Conclusion:
Data mapping is crucial to putting businesses on track for compliance with the new e-discovery requirements introduced by the recent amendments to the Federal Rules of Civil Procedure. Essentially a catalog of the company's ESI, the data map represents a readily accessible resource of the sources, locations, formats and uses of the business' records and the corresponding written and unwritten retention policies and practices. This map will help the business and its outside counsel to navigate the often treacherous waters of e-discovery, yield e-discovery savings, protect against sanctions, and add value to the business enterprise.
^ Return to top
Author Bio:
Dan P. Sedor is a partner at Jeffer, Mangels, Butler & Marmaro LLP and a founding member of its Discovery Technology Group. His practice focuses on pre-litigation data management and litigation involving electronic discovery. He can be reached at dsedor@jmbm.com.
Author Bio:
Wayne Wong is an Information Technology Consultant in the sRIM Consulting Group at LexisNexis Applied Discovery. Prior to joining Applied Discovery, he was the founder and CEO of a successful entrepreneurial venture in Hawaii and prior to that served as the Chief Technology Officer for Morse Best Innovation, a technical marketing and IT solutions firm. Mr. Wong has a B.S. in Natural Science from the University of Washington and an M.B.A. from the University of Puget Sound.