If you’re like most of us in IT, you probably have a relatively small number of individuals in your firm that you’re used to working with fairly closely.
For example, if you’re a development manager, you probably work closely on a daily basis with the business folks to understand their requirements for the systems you develop. If you’re a network architect, you might work closely with software architects in order to optimize the network to support the applications that people use daily.
However, no matter where you are in IT and no matter what firm you work for, chances are that one area of the firm you don’t work closely with is inside counsel — in other words, legal.
Now, that’s not to say that there’s never any interaction between these two areas. For example, in the case of human resource investigations or employee terminations, both areas might be brought in to perform a certain role.
However, if you’re an IT person and you have a speed dial, chances are that nobody from the legal team is on it. Get ready, though, because new rules for data discovery could be about to change all that.
What Is E-Discovery?
E-discovery is, simply, discovery of digital evidence. As electronic artifacts — documents, e-mail, instant messages and others — make up the vast majority of correspondence and record-keeping in most firms, it would make sense that they would be relevant to many legal proceedings.
These artifacts are transitory — that is, they can be deleted, archived or moved without manual intervention as part of the everyday process of doing business — and it makes sense that specific attention be paid to making sure that evidence is available should the need arise.
Given these factors, the Federal Rules of Civil Procedure (FRCP), or the corpus of court procedures governing how civil trials are conducted in the United States, have been amended to specifically address digital evidence.
There had been practical examples of discovery in a digital context prior to this (e.g., Zubulake vs. UBS Warburg), but the changes to the federal rules formalize the approach.
These amendments went into effect Dec. 1, 2006, and spell out what is required in case digital evidence is required during a legal proceeding.
So What’s Different?
The changes to the federal rules that specifically relate to discovery are rules 26 and 34. Without going into the specifics, they basically spell out that all nonprivileged electronic documents be searched, that all electronic documents be disclosed (without the requirement to await a specific request) and that all relevant documents be identified for use during the pretrial phase of the court proceeding.
From an IT perspective, this is a tall order. These requirements imply that we know where all of the digital archives, records and e-mails in the firm are located, how we can go about getting access to them, and the timetable associated with which e-mail, instant messages and documents might be routinely deleted in the course of doing business.
In most firms, the support of multiple e-mail servers, the use of off-site backups, and lack of a standardized policy for e-mail deletion and retention complicates satisfying these requirements.
Furthermore, different technologies might have different administrators that oversee their operation; for example, e-mail might have a different administrative team than messaging or mobile devices.
Minimizing the Burden
In sizable organizations, finding the right person to talk to about retention of these artifacts can be a lengthy exercise. Couple this with the fact that there’s a fairly tight timetable spelled out in the FRCP, and you have a recipe for trouble.
Of course, the rules are intentionally burdensome but they specifically indicate that requests for discovery should be balanced with an organization’s need to continue to do business; in other words, the goal is not to make it impossible for a company to survive while records are being produced.
However, it is important to recognize that some level of burden is inherent in doing anything outside the norm, and strategic, advance planning can reduce that level of burden quite significantly.
How to Prepare
I’m not a lawyer, and this is not legal advice. However, from a planning perspective, there are a few steps that IT can take that can spell difference between efficiently responding to requests from the legal team and being bogged down by “whose job is it to find this stuff anyway” concerns.
One of the main issues from an IT perspective is the tight time frame associated with discovery requirements.
If IT is not brought into the process early, individuals responsible for tracking down records, requesting backup tapes, ferreting out historical data and searching the archives can find themselves behind the eight ball when it comes to responding in a timely manner.
IT professionals can save themselves a great deal of hassle down the road by working with counsel to standardize a communication methodology that addresses potential discovery-related activity.
Define a Communication Channel
A useful preparation strategy would define a communication channel with counsel whereby IT personnel can be brought in to the discovery process as early as possible. This would allow IT to start tracking down where this information is and determining how to obtain it.
Additionally, it is useful to reassess overall record retention policies within the firm (in tandem with counsel) with an eye to efficiently responding to discovery. Specifically, the FRCP recognize that some firms delete data after a period of time as a normal course of business.
In these cases, companies that have a defined policy for the destruction of records are not obligated to produce records that are outside the window of when data is retained.
It is imperative that counsel oversee the development of these policies, as time frames should be short enough to minimize the burden associated with searching for artifacts, but long enough to be “reasonable” (i.e. not created specifically to destroy evidence).
Ed Moyle is currently a manager withCTG’s information security solutions practice, providing strategy, consulting and solutions to clients worldwide, as well as a founding partner ofSecurity Curve. His extensive background in computer security includes experience in forensics, application penetration testing, information security audit, and secure solutions development.