the concise guide to e-discovery

!The Concise Guide to E-Discovery

"#$%"$&'(!)*!!

An Osterman Research White Paper Published January 2010

SPONSORED BY

sponsored by

sponsored by Osterman Research, Inc. • P.O. Box 1058 • Black Diamond, Washington 98010-1058

Tel: +1 253 630 5839 • Fax: +1 253 458 0934 • [email protected] • www.ostermanresearch.com

!!

!!

!!

!!

!!

!!

The Concise Guide to E-Discovery !!

©2010 Osterman Research, Inc. 1

Why Focus on E-Discovery? Discovery is the process of identifying, preserving, collecting, reviewing, analyzing and producing information during civil and criminal legal actions. The goal of discovery is to obtain information that will be useful in developing relevant information for pre-trial motions and for the trial itself. Information sought during discovery can include documents, testimony and other information that may be deemed necessary by a court, although not all discovery is court-imposed. E-discovery is simply the extension of the discovery process to information that is stored electronically, including email, instant messages, word processing files, spreadsheets, social networking content, and any other electronic information that may be stored on desktops, laptops, file servers, mainframes, smartphones, employees’ home computers or on a variety of other platforms. E-discovery is becoming much more important in the context of civil litigation – for example: • A study by Gibson, Dunn & Crutcher LLP1 found that courts applied more sanctions

in 2009 than they did in 2008. In fact, more than one-half of the opinions issued during the first five months of 2009 focused on consideration of sanctions and 36% of these actually resulted in sanctions.

• Roughly three out of four discovery orders today require email to be produced as

part of the discovery process. • E-discovery today represents 35% of the total cost of litigation2, and companies that

fail to produce emails and other electronic content in a timely or appropriate manner face the risk of paying millions of dollars in sanctions and fines, not to mention loss of corporate reputation, lost revenue and embarrassment.

• Even companies that ultimately prevail in a lawsuit can still be sanctioned for poor e-

discovery practices. Organizations can also use e-discovery tools outside the context of just civil litigation. These uses include, but are not limited to, helping to manage and avoid employee misbehavior and legal actions; helping an organization to comply with its regulatory obligations; preserving intellectual property, knowledge and other data; storage management; and avoiding embarrassing data loss or leaks. Getting control of e-discovery starts with a) understanding why e-discovery is important, b) gaining insights into the issues and regulations that are most pertinent, and then c) creating strategies, capabilities and technologies to meet needs that will also help manage corporate data properly.

1 2009 Mid-Year Update on E-Discovery Cases 2 Source: Pillsbury Winthrop Shaw Pittman LLP

The Concise Guide to E-Discovery


ABOUT THIS WHITE PAPER The goal of this white paper is to provide an introduction to the key areas involved in developing an e-discovery capability and to help organizations plan to become better prepared for the rigors of the e-discovery process. Note that the goal of this report is not to offer legal advice or legal opinions on specific legal issues related to e-discovery, and it should not be used in this manner. Key questions answered in this white paper include: • Should e-discovery be a top priority for your company? • What can the right e-discovery capabilities do for your company? • What are the key e-discovery issues to understand? • What should you do next? This document was sponsored by six vendors of archiving, email management, e-discovery and related technologies: Google, Guidance Software, Mimosa Systems, Recommind, Sherpa Software and Smarsh. Information on each of these vendors is provided at the end of this document.

Should E-Discovery Be a Top Priority for Your Company? First, let’s examine the question, should e-discovery be a top priority for your company or organization? WHAT ARE “DISCOVERY” and “E-DISCOVERY” Discovery is “the compulsory disclosure of pertinent facts or documents to the opposing party in a civil action, usually before a trial begins.3” E-discovery is simply the extension of this well-established process to the electronic content that an organization might possess, including email messages, instant messages, word processing files, spreadsheets, presentations, purchase orders, contracts, social networking content, files stored in collaboration systems, and all other electronic content to which an organization might have access. Further, e-discovery may extend to all of the devices on which this data might be stored, including desktop computers, laptops, smartphones, backup tapes and systems, servers of all types and even employees’ home computers, although not necessarily for some systems that are determined to be inaccessible. ELECTRONIC CONTENT IS GROWING BY LEAPS AND BOUNDS Businesses and individuals create, receive and store large and growing amounts of information: • IBM estimates that 15 petabytes of data is created every day.

3 The American Heritage® Dictionary of the English Language, Fourth Edition



• An analysis conducted by the University of California at Berkeley determined that 93% of all information today is created in an electronic format.

• The American Records Management Association (ARMA) has estimated that more

than 90% of records created today are electronic. • More than 70% of electronic information is never printed.

Unified communications and unified messaging systems will make these problems significantly worse as they add additional data to the already crowded mix of data types that organizations must retain and manage. In addition, organizations of all types are creating and using new types of electronic content at an ever increasing pace. These newer types of content include collaboration-related content created by document management and collaboration tools; social networking tools like blogs, Twitter, LinkedIn and Facebook; new types of electronic content like digital media and new software programs; structured data sources like databases; and the other content types that are emerging or will be created during the next few years. ORGANIZATIONAL REQUIREMENTS It is critical for any organization to understand the obligations that it faces with regard to the retention and disposition of electronic data. These obligations include: • Responding to e-discovery requests quickly

Formal court-ordered requests will almost always have an associated deadline. Additionally, it is almost always true that the longer and more manual the process, the more costly and subject to human error it will be.

• Understanding what can be accessed and what is not accessible

This is especially painful if this information is not readily known at the start of the process.

• Being able to discover a growing variety of content.

As outlined in this paper, new types of electronic content are being created or received by organizations. This means having both a strategy for, and the tools to identify, manage and organize this content is critically important.

IMPORTANT E-DISCOVERY LESSONS TO LEARN There are a large and growing number of cases and decisions that are relevant to consider in the context of e-discovery which highlight some of the common e-discovery mistakes to avoid, including the following:



• You can win a lawsuit and still lose on e-discovery issues Keithley v. Homestore, Inc. Kevin Keithley v. The Home Store.com, Inc., 2008 U.S. Dist. LEXIS 61741 (August 12, 2008) Keithley won on summary judgment, but still had to pay $283,000 in fees for failing to preserve produce required electronic evidence.

• Using a work computer can eliminate privelige

Alamar Ranch v. City of Boise Alamar Ranch, LLC v. City of Boise, 2009 WL 3669741 (D. Idaho Nov. 2, 2009) This case held that emails sent by a non-party to a lawyer are not protected by attorney-client privelige if a company policy exists that emails sent using company facilities are subject to monitoring.

• If you withhold emails, the sanctions can be significant

Qualcomm, Inc. v. Broadcom Corporation No. 05-CV-1958-B(BLM), 2007 WL 2296441 (S.D. Cal. August 6, 2007) Although Qualcomm initially prevailed in this case, it was discovered after the ruling that thousands of emails were withheld during the case; the Court awarded $8.5 million in attorney’s fees and costs against Qualcomm.

• If all you have is backup tapes, you might still be required to produce data

Disability Rights Council of Greater Washington v. Washington Metropolitan Area Transit Authority 2007 U.S. Dist. LEXIS 39605 Production of email from backup tapes was ordered by the Court at the expense of the producing party. The Court also noted that the Safe Harbor provisions of Rule 37(e) do not apply if data destruction is not suspended after a litigation hold. Omnicare, Inc. v. Mariner Health Care Mgmt. Co. 2009 WL 1515609 The court ruled in this case that just because “ESI is now contained on backup tapes instead of in active stores does not necessarily render it not reasonably accessible.”

• You might need to produce metadata in addition to electronic documents

Ryan v. Gifford Civ. No. 2213-CC, 2007 WL 4259557 (Del. Ch., Nov. 30, 2007) The Court ordered “the production of documents identified in plaintiffs’…motion to compel in a format that will permit review of metadata, as plaintiffs have clearly shown a particularized need for the native format of electronic documents with original metadata.”

• Your employees’ home computers might be subject to e-discovery

Orrell v. Motorcarparts of America, Inc. 2007 WL 4287750 (W.D.N.C. Dec. 5, 2007) The court ordered the production of a plaintiff’s home computer for forensic examination.



• You might have to produce data, no matter how difficult it is or how much it costs Auto Club Family Insurance Co. v. Ahner 2007 WL 2480322 (E.D. La. August 29, 2007) “Like other courts that have addressed this issue, this court will not automatically assume that an undue burden or expense may arise simply because electronic evidence is involved.” FRCP Rules 34 and 45 “were amended…to provide for routine discovery of electronically stored information from parties and non-parties. In fact, whether production of documents is unduly burdensome or expensive turns primarily on whether it is kept in an accessible or inaccessible format (a distinction that corresponds closely to the expense of production). But in the world of electronic data, thanks to search engines, any data that is retained in a machine readable format is typically accessible.” [Emphasis added]

• Don’t intentionally delete data that might be discoverable

Ameriwood Ind., Inc. v. Lieberman 2007 WL 5110313 (E.D. Mo. July 3, 2007) The defendants in this case deleted electronic content and used disk-scrubbing software on a number of hard drives a short time before they were to be provided to a forensic expert in a case involving misappropriation of trade secrets. The court entered a judgment for the plaintiff and ordered the defendant to pay the plaintiff’s attorney fees and other costs. Micron Technology, Inc. v. Rambus, Inc. C.A. No. 00-792-SLR (January 9, 2009) Rambus’ “aggressive” document deletion policy destroyed documents that the court ruled it had a duty to preserve, resulting in the court’s sanction that certain patents were not enforceable against Micron.

YOUR DATA COULD BE ANYWHERE It is also important to understand that content that is subject to e-discovery could be anywhere in your organization – on email servers, file servers, collaboration servers, desktop PCs, laptops, notebooks, netbooks, employees’ home computers, thumbdrives, iPods, CDs, DVDs, backup tapes, etc. Consequently, it is vital that organizations planning for or managing e-discovery take into consideration every potential venue and media type where discoverable data might be stored. KEY TAKEAWAYS Although there are hundreds of cases that can be cited in the context of e-discovery, Osterman Research believes that these cases focus on five relevant e-discovery lessons that organizations of all sizes should heed: 1. A failure to diligently search for and assess relevant content during the e-discovery

phase of a legal action can have serious, negative consequences. 2. Legal protections, such as the Safe Harbor provisions of the FRCP, are not

necessarily afforded to parties that do not adequately protect data to which a legal hold has been applied.



3. Metadata, as discussed in this white paper, is an important component of the data that must be evaluated and presented during e-discovery.

4. Data sources that must be searched during e-discovery can be far-reaching,

including employees’ home computers. 5. The difficulty of accessing ESI will not necessarily shield parties from their obligation

to produce this data. In general, recent surveys by Osterman Research and others demonstrate that organizations simply are not retaining as much data as they need to retain, nor are they implementing policies, procedures, and technologies to protect themselves from the consequences that might ensue.

What Can The Right E-Discovery Capabilities Do for Your Company? Let’s next examine what the right e-discovery capabilities can do for your company or organization.

RESPOND TO LAWSUITS MORE EFFECTIVELY The right e-discovery capabilities can help you respond to lawsuits more effectively. E-discovery tools will help you understand what content you have available. The right tools can also streamline the e-discovery process. BE PROACTIVE TO HELP YOU AVOID LAWSUITS ALTOGETHER The right e-discovery capabilities can help an organization to be proactive in two important ways: • Avoiding lawsuits altogether by ensuring that, through the use of analytics,

corporate policies are being followed on an ongoing (and, perhaps, near real-time) basis. This allows an organization to monitor employee behavior for potentially actionable statements or activities, and to adjust corporate policies on-the-fly to minimize the potential for legal action.

• If a legal action has already been initiated, good e-discovery capabilities can help an

organization to perform early case assessment to understand a legal position early on, sometimes to an organization’s advantage over the opposition. This might include reviewing the likelihood of victory very early in the case, allowing an organization either to settle quickly and avoid significant legal fees or an adverse judgment; or giving decision makers confidence that they can prevail and thereby minimize the likelihood of an adverse judgment.



In short, good e-discovery capabilities can help decision makers to make the right decisions armed with better information, thereby minimizing the negative impact of a legal action, significantly reducing legal fees, and significantly reducing disruption to normal business operations.

REDUCE THE COSTS OF EMAIL AND RECORDS MANANGEMENT The right e-discovery capabilities can help an organization reduce the overall costs of email and records management. These include: • Shortening the e-discovery process, resulting in hard cost savings of internal staff

time.

• Avoiding significant external legal counsel expenses.

• Driving down other related costs such as legal judgements, fines, and public relations damage from negative press.

Another important aspect of a good e-discovery capability is its ability to reduce storage management difficulties. Osterman Research has found that most of the leading problems involved in managing email systems are focused on storage-related problems, such as large attachments sent through email, increasing use of attachments and email itself, and storing content on live email servers. The right archiving, litigation hold and related solutions can dramatically reduce storage costs and provide a number of other email management benefits well beyond just e-discovery.

Key E-Discovery Issues to Understand Next, let’s consider the key e-discovery issues to understand.

THE ELECTRONIC DISCOVERY REFERENCE MODEL (EDRM) The Electronic Discovery Reference Model (EDRM) Project, diagrammed in the following figure, was a response to the relatively few standards and lack of generally accepted guidelines for the process of e-discovery that existed prior to its development. The team that developed the EDRM was facilitated by George Socha (Socha Consulting LLC) and Tom Gelbmann (Gelbmann & Associates), and included 62 organizations, among whom were software developers, law firms, consulting firms, professional organizations and large corporations.



Electronic Discovery Reference Model

Begun in May 2005, the EDRM Project had as its goal the creation of a framework for the “development, selection, evaluation and use of electronic discovery products and services”. The EDRM, which was placed into the public domain in May 2006, is designed to help organizations manage the process of e-discovery from the initial stages of managing electronic information through to its presentation. The development of the EDRM was important because it represented a major step forward in the standardization of the e-discovery process. Standardization will become increasingly important for e-discovery for several reasons, most notably because of the growth in quantity and diversity of ESI and the large number of entities that will need to process this data (internal and external legal counsel, senior managers, archiving vendors, outside forensics firms and others). Following development of the EDRM was the EDRM XML project in the 2006-2007 timeframe. The goal of this project was to “provide a standard, generally accepted XML schema to facilitate the movement of electronically stored information (ESI) from one step of the electronic discovery process to the next, from one software program to the next, and from one organization to the next. The EDRM XML 2 project continued the development of the EDRM XML schema for metadata, developing protocols for the number of electronic files that are preserved in their native format, and developing a compliance validation tool, among other projects. The EDRM is divided into eight sections that focus on the process of managing an ediscovery effort: • Identification

Understand the “inventory” of ESI that might be relevant in a particular legal action and that might have to be presented during discovery. At this point in the process, discovery demands, disclosure obligations and other pertinent claims and demands are reviewed and considered. The goal at this stage of the process is to understand the universe of information that might be required in order to respond to appropriate



ediscovery requests and then determine the subset of information that will be relevant for further processing.

• Preservation

This is a critical step that ensures that ESI is protected from spoliation and modification, such as through the imposition and enforcement of a legal hold on all relevant ESI. If spoliation does occur, the consequences can be expensive. For example, in the case of Leon vs. IDX Systems Corporation [2006 U.S. App. LEXIS 23820 (9th Cir. Sept. 20, 2006)], the plaintiff deleted 2,200 files from the laptop computer his employer had issued to him. The court dismissed the case and awarded the defendant $65,000 for the spoliation.

• Collection During this phase, all relevant ESI is collected from the various sources that contain it, including messaging archives, backup tapes, file servers, desktops, laptops, employees’ home computers, smartphones and other sources.

• Processing At this point, collected data should be de-duplicated in order to reduce the amount of data that must be processed during subsequent phases of the discovery process. Collected data should also be prioritized into a) that content that will likely be relevant later in the process and b) content that will likely not be relevant. At this point, decision makers may want to convert ESI into a form that will permit the most efficient and thorough review of its contents.

• Review The review phase includes redacting ESI as appropriate, evaluating the content for its relevance, determining if specific items are subject to attorney-client privilege, etc.

• Analysis This phase involves a variety of activities, including determining exactly what the ESI means in the context of the legal action at hand, developing summaries of relevant information, determining the key issues on which to focus, etc.

• Production The production of data involves delivering the relevant ESI to any parties or systems that will need it. It also includes the activities focused on delivering ESI in the appropriate form(s), including DVDs, CD-ROMs, paper, etc.

• Presentation The presentation of ESI is a key consideration at various points of the e-discovery process – as information is reviewed, analyzed, produced, etc. The specific forms of presentation for ESI will vary widely depending on the content; how, where and by whom the content will be presented; and other factors.



THE FEDERAL RULES OF CIVIL PROCEDURE The FRCP are a set of rules focused on governing court procedures for managing civil suits in the United States district courts. While the United States Supreme Court is responsible for creating and managing the FRCP, the United States Congress must approve these rules and any changes made to them. One of the most important drivers for e-discovery has been the new set of amendments to the FRCP that went into effect on December 1, 2006. These changes represented several years of debate at various levels and are having a significant impact on electronic discovery and the management of electronic data within organizations that do business in the United States. The changes to the FRCP require organizations to manage their data in such a way that this data can be produced in a timely and complete manner when necessary, such as during legal discovery proceedings. The amendments to Rules 16, 26, 33, 34, 37, 45 and revisions to Form 35 are aimed at electronically stored information (ESI). The amendments attempt to deal with the important issues presented by ESI, including: • ESI is normally stored in much greater volume than are hard copy documents.

• ESI is dynamic, in many cases modified simply by turning a computer on and off.

• ESI can be incomprehensible when separated from the systems that created it.

• ESI contains non-apparent information, or metadata, that describes the context of

the information and provides other useful and important information. The changes reflect the reality that discovery of email and other ESI is now a routine, yet critical, aspect of every litigated case: • First, the amendments treat ESI differently.

• Second, they require early discussion of and attention to electronic discovery.

• Third, they address inadvertent production of privileged or protected materials.

• Fourth, they encourage a two tiered approach to discovery – deal with reasonably

accessible information and then later with inaccessible data.

• Finally, they provide a safe harbor from sanctions by imposing a good faith requirement.

Unlike many information retention requirements in specific industries, such as those imposed upon broker-dealers, hedge fund managers and investment advisors by the Securities and Exchange Commission (SEC) and the Financial Industry Regulatory Authority (FINRA), the FRCP apply to virtually all organizations in all industries, including private, public and non-profit organizations. In short, if an organization can have a civil



lawsuit filed against it, then the FRCP should figure prominently in that organization’s data management strategy. For more information on the FRCP, please see The Impact of the New FRCP Amendments on Your Business, available at www.ostermanresearch.com. FEDERAL RULES OF EVIDENCE The Federal Rules of Evidence (FRE), formally enacted in 1975, are a set of rules that determine how evidence is presented during trial in the US federal courts. These rules are focused primarily on the initial presentation of evidence during trials. Individual states may use these rules as the basis for their own rules of evidence, or they may adopt a different set of rules for presenting evidence at trial. It is important to note that for purposes of presenting evidence, a printed or otherwise human-readable version of electronic evidence is considered to be an original and can be presented at trial according to FRE Rule 1001(3). Authentication is a very important part of the e-discovery process because its goal is to prove that a document is what its presenter claims it to be – a true and verifiable representation of an electronic document. Authentication for electronic content is even more critical than for paper-based documents, since electronic documents are more easily altered. Therefore, in order to prove the authenticity of a particular electronic document, such as an email, those submitting this evidence must provide affidavits or otherwise demonstrate that an original document was not modified after the fact. Despite the admissibility of electronic evidence in court proceedings, the authenticity of electronic records is a major issue that many organizations have not considered adequately. A classic case in point is Vinhnee vs. American Express Travel Related Services Company, Inc. In this case, American Express sought payment for more than $40,000 in charges on two credit cards from a California resident who had filed for bankruptcy protection. However, because American Express could not prove the authenticity of the electronic statements it presented during trial, it lost the case even without the plaintiff being present. An important case that deals with the authenticity of ESI is Lorraine v. Markel American Insurance Co. [2007 U.S. Dist. LEXIS 33020 (D. Md. May 4, 2007)]. This case involved a dispute between the owner of a ship that had been struck by lightning and the insurer of the ship. Although the insurance company paid for the damages, the ship’s owner subsequently found additional damage and made a second claim, which the insurance company disputed. During arbitration, the damages awarded to the plaintiff were reduced by $22,000. While both parties presented email evidence during arbitration, Chief Magistrate Judge Paul W. Grimm who presided over the case found that the email evidence presented could not be authenticated. In his ruling, the judge wrote:

“…there are five distinct but interrelated evidentiary issues that govern whether electronic evidence will be admitted into evidence at trial or accepted as an exhibit in summary judgment practice. Although each of these rules may not apply to every exhibit offered…each still must be considered in evaluating how to secure the admissibility of electronic



evidence to support claims and defenses. Because it can be expected that electronic evidence will constitute much, if not most, of the evidence used in future motions practice or at trial, counsel should know how to get it right on the first try.” “computerized data ... raise unique issues concerning accuracy and authenticity ... The integrity of data may be compromised in the course of discovery by improper search and retrieval techniques, data conversion, or mishandling.”

In short, Judge Grimm ruled that for ESI to be approved for use as evidence, a variety of FRE rules must be taken into consideration, including Rules 104, 401, 403, 801, 901, 902 and 1001-1008.

STATE LAWS IN THE UNITED STATES BASED ON FRCP The FRCP represents just the tip of the iceberg: many US states have already passed, or will soon pass, their own version of the FRCP for civil litigation that takes place within their respective state court systems. For example: • Minnesota modified its Rules of Civil Procedure, effective July 1, 2007, establishing

procedures for the discovery of ESI. • New Jersey adopted the new FRCP e-discovery rules effective September 1, 2006. • Texas adopted Rule of Civil Procedure 196.4 in 1999, which states, in part, “to

obtain discovery of data or information that exists in electronic or magnetic form, the requesting party must specifically request [it] and specify the form in which the requesting party wants it produced.”

• Other states that have integrated the new FRCP amendments into their respective

statutes include Utah, Louisiana, Arizona, Montana and Indiana. • A number of other states are also considering enhancements to their civil procedure

laws that will focus more on ESI. Among these states are Washington, Alaska, Florida, Illinois, Kansas, Connecticut, Ohio and Virginia.

LAWS OUTSIDE OF THE UNITED STATES AND CANADA While e-discovery in North American legal proceedings is difficult enough, laws in other parts of the world can significantly complicate e-discovery (often referred to as “e-disclosure” outside of the United States). For example: • The European Commission Directive 95/46/EC, adopted in October 1995, was

designed to standardize the protections for data privacy among all of the member states of the European Union and to protect individuals’ right to privacy. The Directive focuses on the processing of individual’s data within the EU, but also applies to any entity outside of the EU to whom this data might be provided, such as during an ediscovery exercise. The Directive does not permit data to be provided to anyone whose national laws do not adequately safeguard privacy rights.



• France imposes even more stringent requirements than Directive 95/46. French Penal Code, Law No 80 – 538 imposes fines and/or jail time for those who seek, request or disclose information intended to develop evidence for foreign legal proceedings.

• Blocking statutes, such as the French law noted above, have been in place for many

years in various countries and were enacted specifically to block discovery proceedings. For example, blocking statutes exist in Ontario, Canada (Business Records Protection Act), the United Kingdom (The Shipping and Commercial Documents Act) and the Netherlands (Economic Competition Act).

• Australia’s Supreme Court of Victoria, in its Practice Note No. 1 of 20074 (February 2007), strongly suggested that parties to a legal action should consider using technology to improve the efficiency of legal proceedings, including e-discovery. The Federal Court of Australia has gone further and developed e-discovery rules similar to those contained in the new amendments to the FRCP.

• India’s Technology Act of 2000 modified the country’s rules of evidence, effectively

expanding the scope of electronic data in e-discovery efforts and widening parties’ obligations for producing electronic data.

What Should You Do Next? While the information above presents an interesting background and insights, it is important to understand that the information must be put into action rather than being left as a theoretical exercise. Here are some ways to help harvest this new information’s potential into valuable actions and results for your organization. UNDERSTAND WHY E-DISCOVERY IS IMPORTANT TO YOUR BUSINESS First, understand why e-discovery is important to your business or organization. A myriad of external laws and factors as well as common e-discovery risks and scenarios could apply to your business. Additionally, each organization will have a unique mix of policies, processes, business operations, and technologies. So, an accurate baseline snapshot of e-discovery and corresponding expenditures today within your organization will help you develop, priortize, and justify changes and investments moving forward.

FOCUS ON THE PROBLEMS YOUR PEERS HAVE HAD IN RESPONDING TO E-DISCOVERY REQUESTS Next, focus on the problems your peers are having in responding to e-discovery requests. That is, understanding the common costs, risks, and potential problems based on your organization peer group based on industry, size and geography can help avoid problems and will lead you to best practices.



An overall information risk management process focused on e-discovery is an important best practice that will help an organization to identify the risks it faces and help it to mitigate these risks. The advantages of establishing an information risk management process are that it will make senior management aware of the risks associated with e-discovery, aid in the development of policies focused on managing or mitigating risks, improve the methods by which information assets are managed, improve information security, and assist organizations in choosing the appropriate technology to manage e-discovery and information security. ESTABLISH DATA RETENTION AND DELETION SCHEDULES FOR ALL CONTENT TYPES Also, establish data retention and deletion schedules for all content types. It is important for any organization to retain all of the electronic data that it will need for current and anticipated e-discovery and other retention requirements. However, many organizations, either by overspecifying the amount of data they must retain and/or not establishing appropriate data deletion policies, retain more information than is necessary. This can result in dramatically higher e-discovery costs because more data must be reviewed, as well as unnecessarily high storage costs. Have the legal team review to ensure compliance with regulatory and statuatory requirements.

IMPLEMENT A LEGAL HOLD CAPABILITY If a legal action is anticipated or once it is underway, it is vital that an organization immediately begin to identify and preserve all relevant data, such as all email sent from senior managers to specific individuals, outside legal counsel, the subject of a legal action, etc. A properly configured e-discovery capability will allow organizations to immediately place a hold on data when requested by a court or regulator, or on the advice of legal counsel, and retain it for as long as necessary. If an organization is not able to adequately place a hold on data when required, it can encounter a variety of serious consequences, ranging from embarrassment to serious legal sanctions or fines. Litigants that fail to preserve email properly are subject to a wide variety of consequences, including reputational harm, additional costs for third-parties to review or search for data, court sanctions, directed verdicts or instructions to a jury that it can view a defendant’s failure to produce data as evidence of culpability.

DEPLOY TOOLS THAT WILL ENABLE YOUR ORGANIZATION TO BE PROACTIVE Next, deploy tools that will enable your organization to be proactive. As outlined above, these tools will ensure that all necessary data is accessible and reviewable early in the lifecycle of a case. Your organization will control the use of tools that may have differing levels of business value. The right technology will help classify data as it is created and then discover content wherever it exists. These can include, but are not limited to, email servers, file servers, local machines, and other sources like mobile devices. Good tools will also create a complete e-discovery repository and deduplicate the data. For example, true single-instance storage can reduce the size of some data.



UNDERSTAND THAT BACKUP TAPES ARE NOT YOUR “ARCHIVE” Finally, understand that backups and archiving are not the same thing. Particularly for e-discovery purposes, do not assume that having good backup procedures are synonymous with good archiving practices. Almost all organizations perform regular backups of their email system, file servers and other data repositories. While many organizations believe that these backups constitute an “archive” of their business information, this is not the case. A traditional backup takes periodic “snapshots” of active data so that deleted or destroyed records can be recovered, such as after the failure of a server’s hard disk or an application upgrade gone awry. Most backups are retained typically for no more than 60 to 90 days as subsequent backups on tape or disk are recycled or overwritten. There are fundamental problems with using backups as an archive, including that backups constitute “raw” content and lack any sort of indexing, the integrity of backup tapes is not guaranteed, and because backups capture a snapshot of data, information generated and deleted between backups will not be captured. While backups are a critical and necessary component of an organization’s data management strategy, they are not a substitute for an archive. In short, a backup is designed to preserve data for short periods in support of the physical infrastructure that an organization maintains, while an archive is designed to preserve information on a long-term basis in support of more strategic corporate objectives.

Summary E-discovery capabilities are no longer an option – they are a critical “must have” capability that will enable organizations to respond to legal actions and be much more proactive about how legal actions, regulatory audits and related activities are managed. New statutes at all levels of government focused on ESI, as well as a growing body of court rulings, are making the discovery and presentation of electronic data more important. In order to satisfy e-discovery obligations, organizations should be fully aware of their current and anticipated information retention and deletion obligations, become more proactive about how they retain and manage their data, implement the right technology that can preserve data, allow legal holds to be implemented as soon as they are necessary, and take the other steps necessary to minimize the risks of non-compliance with e-discovery obligations.



Sponsors of This White Paper Google Message Discovery, powered by Postini, goes beyond the functionality of our security offering to give you maximum control and flexibility over your electronic records archive, meeting discovery, and compliance objectives. Google Message Discovery is a secure, hosted email archiving service that allows you to cost-effectively protect and access archived email data. Google Message Discovery enables you to:

• Create a centralized and searchable email repository for your organization • Quickly search across the archive to collect email for legal discovery • Secure your email from spam, viruses, and other threats Google Message Discovery is delivered in an on-demand, Software as a Service (SaaS) model, so you don’t have to worry about planning for current and future storage capacity needs – Google does it for you. By storing your messages in Google’s secure and geographically redundant data centers, you can ensure that messages will not be lost in the event of an onsite server failure. You can archive all mail without worrying whether you have enough disk space and eliminate storage quota headaches by allowing users to access historical mail. In addition, by offloading excessive mail from your existing servers, you can decrease backup windows and reduce recovery times. With Google Message Discovery, access to all your archived messages is always at your fingertips. What’s more, legal, human resources, and compliance staff does not need to rely on IT personnel to conduct searches and inquiries. Google’s easy-to-use web-based interface lets anyone – even end users – manage and search the message archive according to policy and depending on specific roles and authorizations. And because Google Message Discovery saves all messages based on your defined retention policies, indexes them, and stores them in a centralized repository, you can quickly and easily pinpoint relevant messages, place them on litigation hold to disable message deletion, and share as needed with legal counsel, law enforcement officers, or regulatory officials. Best of all, it’s hosted by Google. So there’s no hardware or software to download, install or maintain. Google Message Discovery improves litigation readiness, eases IT administration burdens, and lowers the total cost of ownership compared to software or appliance based solutions.

Google, Inc. 1600 Amphitheatre Pkwy. Mountain View, CA 94043 +1 650 253 0000 www.google.com



Guidance Software is recognized globally as the world leader in eDiscovery and other digital investigations. Our EnCase® software solutions provide the foundation for corporate government and law enforcement organizations to conduct thorough and effective computer investigations of any kind, including intellectual property theft, incident response, compliance auditing and responding to eDiscovery requests—all while maintaining the forensic integrity of the data.

We also offer customized services in eDiscovery, incident response, computer forensics, evidence presentation and trial testimony, utilizing a team of former law enforcement professionals, eDiscovery and litigation support experts, information assurance specialists and project managers who have front-line, hands-on experience in all areas of digital investigations. Guidance Software trains over 6,000 corporate, law enforcement and government professionals annually in the areas of computer forensics, enterprise forensics, eDiscovery, and computer incident response. Courses and materials are offered in a variety of languages in Guidance Software facilities worldwide, through partners and online. Our customers are corporations and government agencies in a wide variety of industries, such as financial and insurance, technology, defense, energy, pharmaceutical, manufacturing and retail. More than 100 of the Fortune 500 and over half of the Fortune 50 use EnCase solutions, including: Allstate, Chevron, Ford, General Electric, Honeywell, Mattel, Northrop Grumman, Pfizer, UnitedHealth Group, Viacom and Wachovia. Guidance Software is recognized by industry analysts such as Gartner, Forrester and IDC as a worldwide leader in digital investigations.

Mimosa enables enterprises to harness the value of their unstructured and semi-structured information, and improves business process performance and productivity. As the recognized visionary in enterprise content archiving, Mimosa is driving innovation in the industry and is continually delivering cutting-edge solutions to address the evolving needs of customers around collaboration, communication, productivity and social media.

Guidance Software 215 North Marengo Avenue Suite 250 Pasadena, CA 91101 +1 866 973 6577 www.guidancesoftware.com

Mimosa Systems 3200 Coronado Drive Santa Clara, CA 95054 +1 408 970 9070 www.mimosasystems.com



Mimosa Systems delivers next-generation content archiving solutions with its NearPoint™ solution platform. Mimosa NearPoint is the industry's most comprehensive solution unifying email archiving, file archiving, and SharePoint archiving with recovery and storage consolidation. With policy-based retention and a sophisticated eDiscovery application, Mimosa NearPoint enables enterprises to reduce risk, lower eDiscovery costs, and enforce corporate governance and compliance. Mimosa NearPoint enables IT to gain control over their enterprise content deployment, reduce storage costs, increase data availability and improve operational efficiencies. • Mimosa NearPoint™ for Microsoft® Exchange provides complete capture of

Exchange information with multiple capture methods, full-text indexing, global single instancing, and flexible and granular retention and disposition management. End-users have self-service access to enterprise information via Outlook, OWA, web browsers and a variety of hand-held devices. For legal, compliance and records management, Mimosa provides a powerful set of applications for in-house eDiscovery and case management, content monitoring and supervision and automated retention and classification. Exchange Administrators use NearPoint for storage optimization, PST archiving, and coarse and fine-grain recovery.

• Mimosa NearPoint for SharePoint provides a comprehensive solution to manage the

breadth of SharePoint content types with unified archiving, recovery, and eDiscovery, while maintaining seamless end-user access to archived information. Mimosa NearPoint for SharePoint protects your entire SharePoint farm and recover an entire farm, server or an individual list item with only a few clicks.

• Mimosa NearPoint File System Archiving (FSA) provides archiving, stubbing, end-user

secure search, eDiscovery and content monitoring across files and document types residing on a variety of platforms.

The Mimosa next-generation architecture is unique and differentiated in the industry due to its scalability, ease of implementation and use, and no load on production content systems. The Mimosa platform is built on a highly scalable and cost-effective grid architecture designed for global deployments of hundreds of thousands of users with high data volumes. The Mimosa platform is offered as a stand-alone or fully integrated solution for email, files and SharePoint. It is extended with value-added applications: eDiscovery, Content Monitoring, Advanced Retention and Classification, PST archiving, Tiered Storage and Disaster Recovery. Mimosa NearPoint is an open platform enabling the ingestion and access of content by a variety of third-party eDiscovery and Records Management applications. Mimosa NearPoint serves as an information management platform for corporate eDiscovery products and processes.



Recommind is the leader in sophisticated search, review and analysis software that provides the most accurate and automated tools available, giving people and organizations access to the information they need instantly. Global 500 corporations like Bertelsmann, BMW, Novartis, Pfizer, Staples and global law firms like Cleary Gottlieb, DLA Piper, Fulbright & Jaworski, Morrison & Foerster, O’Melveny & Myers, Orrick and Shearman & Sterling rely on Recommind’s products to quickly and accurately

search, organize, and review their critical documents and matters. With faster access to the right information, organizations can save time and money, increase the value of information assets, reduce corporate risk and improve competitiveness and profits. Axcelerate™ eDiscovery is a revolutionary automatic coding, review and analysis product that dramatically improves the way litigation review and analysis is conducted. Using its unique First-Pass Review™ and One-Click Coding™ functionality, Axcelerate eDiscovery is able to automatically assess document responsiveness, privilege and issue relation before the review process begins, drastically reducing the amount of time required to organize and conduct document review and analysis while simultaneously increasing review accuracy and consistency. Recommind is headquartered in San Francisco, California, and has offices in New York, Chicago, Boston, Atlanta, London and Bonn, Germany.

For nearly 10 years, Sherpa Software has been providing award-winning software specifically designed to address E-discovery, email, and PST management, archiving, and compliance requirements for Microsoft Exchange and Lotus Notes environments. Sherpa’s products are designed to streamline administrative processes while offering flexible management architectures and reasonable pricing models to companies of any size. Sherpa’s Discovery Attender Discovery Attender is a tool that fits into your discovery implementation plan. It allows in-

house talent to perform legal discovery on PST files, Exchange mail stores, NSF files and file servers in a cost-effective, efficient, reproducible manner. With minimal training, you can deploy Discovery Attender to find, collect and cull messages, attachments and files using your own hardware and in-house expertise.

Recommind, Inc. 170 Columbus Ave., Suite 310 San Francisco, CA, 94133 +1 415 394 7899 www.recommind.com

Sherpa Software 456 Washington Road Suite 2 Bridgeville, PA 15017 www.sherpasoftware.com



Key Features This application features a quick installation and intuitive search setup with a robust feature set unmatched for the price. Discovery Attender can automate searches across multiple data stores to produce significant time savings. In addition, the flexibility of the criteria will help answer the most challenging of requests. Searches can be customized by keywords (including wildcards, Boolean, proximity, regular expressions and more), addresses, dates and sizes over many common file formats. Why use Sherpa’s tools with in-house processing? • Time savings: Respond quickly by automating the retention, archiving and

discovery processes.

• In-house operation: Utilize existing resources to maintain control of the processes and fulfill requirements.

• Defensible: Establish recognized, repeatable processes for the collection and preservation of data.

• Targeted: Solutions created specifically for either an Exchange or Notes environment.

• Cost-effective: Target specific areas to reduce cost, manage data efficiently and automate processes with a favorable pricing model.

You wouldn’t tackle Mount Everest without the help of a Sherpa, so why tackle E-discovery without Sherpa Software? For detailed product descriptions, free white papers or a free trial download of Discovery Attender, visit www.sherpasoftware.com or call 1-800-255-5155 to speak with a Sherpa Software Sales Representative.

Smarsh is the managed service leader in secure, innovative and reliable email archiving solutions for litigation preparedness, compliance and records retention and mail server data management. Smarsh’s hosted offering is a full-service email management tool, an essential resource in early-case assessment and a proactive and cost-effective alternative to traditional e-discovery procedures. Administration of Smarsh’s proprietary solutions for message archiving, compliance

and security is consolidated within the secure, Web-based Smarsh Management Console. The system enables clients to:

Smarsh 921 SW Washington St. Suite 540 Portland, OR 97205 +1 866 762 7741 www.smarsh.com



• Centralize organizational email in a searchable archive • Search and produce evidentiary-quality messages on-demand in seconds • Analyze complete audit trails for every message and archive administrator session • Review and classify each message (based on company policy) in the archive • Enforce corporate retention policies • Classify messages for legal hold The SaaS (software as a service) delivery model enables clients to eliminate IT infrastructure costs and minimize operating burden, while benefiting from Smarsh’s expertise and experience in hosting large volumes of mission-critical client data. Customizable solutions fit the needs, budgets and technological infrastructure of any organization and are matched with unrivaled customer support and service.

Founded in 2001, Smarsh growth has been recognized at both the local and national level. In 2008 and 2009, the company was named to the Inc. 500, Inc. magazine’s annual analysis of the fastest-growing companies in the United States. Deloitte honored Smarsh with a spot on its Technology Fast 500 list for 2009 and the Portland Business Journal recently ranked Smarsh No. 1 in its 2009 growth rankings for the state of Oregon. © 2010 Osterman Research, Inc. All rights reserved. No part of this document may be reproduced in any form by any means, nor may it be distributed without the permission of Osterman Research, Inc., nor may it be resold or distributed by any entity other than Osterman Research, Inc., without prior written authorization of Osterman Research, Inc. Osterman Research, Inc. does not provide legal advice. Nothing in this document constitutes legal advice, nor shall this document or any software product or other offering referenced herein serve as a substitute for the reader’s compliance with any laws (including but not limited to any act, statue, regulation, rule, directive, administrative order, executive order, etc. (collectively, “Laws”)) referenced in this document. If necessary, the reader should consult with competent legal counsel regarding any Laws referenced herein. Osterman Research, Inc. makes no representation or warranty regarding the completeness or accuracy of the information contained in this document. THIS DOCUMENT IS PROVIDED “AS IS” WITHOUT WARRANTY OF ANY KIND. ALL EXPRESS OR IMPLIED REPRESENTATIONS, CONDITIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE DETERMINED TO BE ILLEGAL.

the concise guide to e-discovery

Technology

ediscovery discovery

e discovery

ediscovery process

ediscovery cases

ediscovery tools

ediscovery capability

goal of discovery

discovery orders