Common Pitfalls and Key Takeaways, Identification and Preservation Fundamentals Series Part 6

6 / 6

A multi-part series on the fundamentals eDiscovery practitioners need to know about the identification and preservation of potentially-relevant ESI

In “In the Beginning,” we reviewed the importance of effective identification and preservation as well as the triggers for doing so.  In “Legal and Technological Scope,” we reviewed the scope of what must be identified and preserved.  In “Imagining the Possibilities,” we reviewed the first steps for identification.  In “Investigating the Realities,” we reviewed the investigative aspects of identification.  In “The Role of Legal Holds,” we reviewed the role of legal holds in preservation.  In this final Part, we discuss common pitfalls and key takeaways.

We have now reviewed how important identification and preservation are, how broad their scope might be, how to go about brainstorming and investigating to identify what needs to be preserved, and how to issue and monitor compliance with legal holds.  What remains is to think about common preservation pitfalls, about situations in which immediate collection is called for, and about our key takeaways from this series.

Common Pitfalls

The three most common pitfalls in identification and preservation all relate to technological blind spots:

  • Failure to deactivate automatic janitorial functions – many of the devices and systems in use within your organization will have some sort of automatic janitorial function in place, a feature that automatically deletes older materials to prevent the accretion of infinite emails, texts, etc.; failure to deactivate such features (or to collect before they delete relevant ESI) frequently results in the inadvertent loss of unique, relevant materials
  • Failure to account for third-party service provider materialsas we noted, third-party service providers may be storing relevant ESI belonging to your organization (potentially with their own storage limits or automated janitorial functions); failure to account for such sources can result in the inadvertent loss or alteration of unique, relevant materials
  • Failure to consider newer technology and source typesas we also noted, new devices, applications, and services are appearing all the time, and custodian behavioral patterns are constantly changing to incorporate them; failure to consider newer technology and source types can result in the inadvertent loss or alteration of unique, relevant materials

These pitfalls can be avoided – in part – by making sure you consider all source types and service providers when doing your identification, by making sure all the custodians and service providers responsible for the relevant systems and services receive your legal hold notice, and by following up to make sure those recipients have actually deactivated or modified automatic janitorial functions where needed.

The other part of avoiding these pitfalls is proceeding promptly to actual collection for any source or source type you fear is at a high risk of loss or alteration.  For example, smartphones entail a high risk of data loss due to the triple threats of automatic deletion of old messages, user deletion of messages, and frequent device replacements/upgrades.  Preservation through collection ensures at-risk data is preserved for later analysis, review, and production.

Considerations for Investigations

Another scenario worth discussing is an investigation in which there is a possibility of bad actors among the relevant custodians.  In such situations, there is a possibility that receiving a legal hold notice will prompt the bad actor(s) to intentionally destroy or alter materials prior to collection, effectively engaging in spoliation to hide evidence of their individual wrongdoing.

In matters where this is a concern, it may be necessary to undertake certain collection activities immediately – even before issuing a hold notice to all relevant custodians.  By moving immediately to collect what you believe to be the key sources from the key custodians, you can prevent loss due to intentional spoliation, and preliminary analysis and review can begin while additional identification, preservation, and collection efforts are still ongoing in parallel.

There are several collection strategies that can be employed to acquire key data without alerting suspected employees.  For example:

  • IT can typically collect from  employees’ active corporate accounts for email, messaging, documents, etc. without alerting the employees, and IT can also take steps to preserve existing backups of those sources as needed
  • For an individual, a laptop or computer (or mobile device) upgrade can be triggered, allowing IT to collect the current machine and image it without raising suspicions
  • For a team or department, IT can require all laptops be left at desks overnight for required security or software updates, and images can be made during those hours

Because, in this context, speed and secrecy are most important, it is generally best to err on the side of over-collection (e.g., capturing full images, mailboxes, etc.) from those key sources to avoid missing something that could then be spoliated after hold issuance.

Key Takeaways

There are five key takeaways from this series to remember:

  1. Identification and preservation are at the very heart of attorneys’ duty of technology competence for eDiscovery and are essential for preventing spoliation; almost every other type of failure can be fixed, but once unique, relevant ESI is gone, it’s gone
  1. The legal scope of identification and preservation extends to all unique, potentially-relevant documents in your possession, custody, or control, and the technological scope may extend to any device or application, including smartphones, social media, and more
  1. Effective identification begins with brainstorming what materials might exist, where they might be, and what key players might have them or know more about them; then comes investigating the reality as needed through interviews, sampling, and data mapping
  1. Effective preservation begins with issuing a legal hold to the relevant individual and institutional custodians; the hold should address the legal obligations, the substantive scope, the types of materials, the process to be used, and the communication rules
  1. Issuance of a legal hold must be followed by ongoing monitoring of compliance with the hold, including written verifications, sampling, and periodic reissuance; it must also be followed (or accompanied) by efforts to promptly collect materials at a high risk of loss

For Assistance or More Information

Xact Data Discovery (XDD) is a leading international provider of eDiscovery, data management and managed review services for law firms and corporations.  XDD helps clients optimize their eDiscovery matters by orchestrating precision communication between people, processes, technology and data.  XDD services include forensicseDiscovery processingRelativity hosting and managed review.

XDD offers exceptional customer service with a commitment to responsive, transparent and timely communication to ensure clients remain informed throughout the entire discovery life cycle.  At XDD, communication is everything – because you need to know.  Engage with XDD, we’re ready to listen.

About the Author

Matthew Verga

Director of Education

Matthew Verga is an electronic discovery expert proficient at leveraging his legal experience as an attorney, his technical knowledge as a practitioner, and his skills as a communicator to make complex eDiscovery topics accessible to diverse audiences. A fourteen-year industry veteran, Matthew has worked across every phase of the EDRM and at every level from the project trenches to enterprise program design. He leverages this background to produce engaging educational content to empower practitioners at all levels with knowledge they can use to improve their projects, their careers, and their organizations.

Whether you prefer email, text or carrier pigeons, we’re always available.

Discovery starts with listening.

(877) 545-XACT / or / Email Us