A. FEDERAL AND STATE RULES
Federal Rule of Civil Procedure 26(a) (1) requires disclosure of documents, data compilations and other tangible things that the parties may use to support their claims, defenses or damages computations. Although Rule 26(a)(1)’s requirements are seemingly straightforward, the process of identifying and locating responsive documents and data has become more complex as companies continue to shift their information transmission and storage functions from paper to electronic media.
Rule 26(a) (1) is a “self-executing” discovery rule which compels parties to produce documents and other items prior to formal discovery requests. Recently amended, Rule 26(a)(1) is now applicable in all United State District Courts. Amended Rule 26(a)(1) provides, in pertinent part, as follows:
“Except in categories of proceedings specified in Rule 26(a)(1)(E), or to the extent otherwise stipulated or directed by order, a party must, without awaiting a discovery request, provide to other parties:
- A copy of, or a description by category and location of, all documents, data compilations, and tangible things that the party will use to support its claims and defenses, unless solely for impeachment, identifying the subjects of the information;
* “A computation of any category of damages claimed by the disclosing party . . . and the documents or other evidentiary material, not privileged or protected from disclosure, on which such computation is based . . . ”
These disclosures must be made at or within 14 days after the Rule 26(f) conference, at which the parties meet to discuss settlement and a discovery plan. Although this time restriction can be amended by stipulation or court order, Rule 26(a)(1) is clearly designed to encourage early disclosure of important information supporting a party’s claims or defenses. Accordingly, parties must have efficient procedures in place to preserve and retrieve relevant documents and data at the outset of litigation.
Texas Rule of Civil Procedure 192.3 (Scope of Discovery)(b)(Documents and tangible things) allows a party to obtain discovery of the existence, description, . . . of documents and tangible things (including . . . electronic or videotape recordings, data and data compilations) that constitute or contain matters relevant to the subject matter of the litigation. Therefore, a properly drafted Request for Production could result in entitlement to similar electronic data information which is discoverable under the Federal Rules.
Arkansas Rule of Civil Procedure, Rule 34(a) permits a party to request any other party to produce and permit the inspection and copying of designated documents (including . . . other data compilations from which information can be obtained . . . ). Therefore, through a proper Request for Production and Inspection, electronic data information is discoverable under the Arkansas Rule of Civil Procedure.
B. Organizational e-discovery policies and procedures
All organizations should have a records-retention policy (RRP) that requires employees to regularly review, retain and destroy documents created and/or maintained in the course of business. Many organizations have instituted policies limiting the space users have available to them on network servers, forcing users to purge unnecessary documents.
First, the RRP should specify a process to “freeze the electronic scene” at the outset of litigation or indications of a potential claim or legal dispute. It should be noted that the parties’ obligation to preserve electronic data is not dependent on a specific request to do so.
Second, The RRP should confer the responsibility and authority on the record-retention team to preserve and maintain both the paper and electronic archives. This means that for many types of electronic data, records custodians need to manage technical assets and the organization’s IT infrastructure, including desktop and laptop computers, servers, backup tapes and other electronic data-storage devices. Procedures for archiving data within these sources should be set forth in the RRP.
C. Tracking various sources of electronic information
Electronic information may reside at various places within an organization described below:
*System users and administrators.
The system administrators and relevant system users should be asked how, when and where information is stored, and why it is stored in that manner - for example, how files are named, password-protected and encrypted.
*Personal computer and server hard drives.
Information should be extracted from PCs and servers. For PCs, the preferred extraction method is to create a bit-by-bit image of their hard drives. Failure to follow this procedure, such as by employing a simple un-erase or disk-copying utility, may lead to destruction of data, claims of spoliation and sanctions.
*Network backup tapes.
Backup tapes of server data are regularly archived in case of a server or system failure. The system administrator typically follows a backup-tape recycling rotation schedule in which tapes are overwritten after a certain period, typically two to four weeks. As discussed above, the rotation schedule should stop once litigation is commenced to preserve possibly relevant information.
*Internet server data and Internet visit data, such as cookies.
These data can help administrators trace someone’s Internet usage trail. The trail may be reconstructed from server logs and other trace evidence, such as cookies.
*Embedded chips and PDA devices.
Relevant data can often be found in voice mail systems, Dictaphone systems, EZ Pass, and Palm Pilots and other personal digital assistants.
*Databases-spreadsheets, e-mail and other dynamic systems.
Database printouts frequently do not accurately represent the system data available to and/or used by the user. Computer code under each field or cell may affect the presentation of data to the viewer and what is actually printed. If in that case, examination of the code under each field or cell will be necessary.
Meta data is embedded data. For example, many word processors store information about a document that is not readily apparent from the face of the document, such as the author or the time it was last accessed or modified. Likewise, the specification (international standard) for e-mail enables e-mail to be exchanged between different systems. The specification identifies about 30 fields, but the sender and recipients typically see only a few fields-to, from, subject, date and headline. The sending e-mail system may contain more information such as time sent or bcc’s. This information, particularly bcc’s, could be critical in a litigation.
Many computers and servers have their own “audit trail” software that traces user action and inaction on the system. Some track user identities, passwords and access times.
*File slack-deleted and encrypted files.
Files are stored in “allocated” space. Deleted files typically reside in unallocated or “slack” space. Computer forensics can recover deleted files even if they have been overwritten many times. Comparison of deleted files with the printed or current electronic versions of the file may reveal evidence of tampering or alteration. Encrypted files require a deciphering key to access the data.
D. Authentic copies of electronic information
Data that is not captured properly may not be admissible in evidence. What constitutes an authentic copy of electronic data? Most courts allow duplicates, subject to a proper foundation, which is premised on the data being authentic. Federal Rule of Evidence 1001(3) defines “original” computer data as “any printout or other output readable by sight, show to reflect the data accurately . . . ” Rule 1001(4) further defines “duplicate” as “a counterpart produced by the same impression as the original, or from the same matrix . . . or by mechanical or electronic re-recording . . . or by other equivalent techniques which accurately reproduces the original.” State law rules should be reviewed as well.
Determining whether computer data is authentic requires an evaluation of the specific data and the uses for which it is offered. For example, an insurance claims adjuster may rely on information provided on a computer screen in determining the value of certain damaged or stolen items. If the issue in the proceeding concerns what information was seen by, or was available to, the adjuster, then a “screen shot” printout may be admissible.
If, however, there are allegations that the database was programmed to manipulate the item’s value as presented to the adjuster (for example, if the database calculated the item’s value at $500, but showed $400 on the adjuster’s screen) then the screen shot would not, in all likelihood, be admissible as an accurate representation of the database.
Finally, IT specialists duplicating electronic information for use in legal proceedings should employ the following procedures to ensure admissibility: The copying process must be exact and complete; the data must be capable of independent verification as a duplicate of the original (accomplished through algorithmic electronic file comparison, which creates an identifying number that will match the original with the copy); and the data must be tamper-proof so as to protect against alteration of the data between copying and presentation in court (the IT specialist should write-proof the data, run virus checks and document the secure transport and storage of the data).
E. Use of e-mail
The CHIEF FINANCIAL OFFICER was in a panic. Investigators hired by her company’s outside auditors were coming over in less than an hour to look at the books, and she knew that if they got to her computer, they were not going to like what they found.
But, she figured, what they did not know would not hurt her. So she deleted dozens of e-mails in which she pushed the company’s brand of “aggressive accounting” and creative revenue recognition, and for good measure, deleted those e-mails again from the deleted bin.
“It took us five minutes to find everything she deleted,” said Kris Haworth, a note of glee in her voice. Ms. Haworth is a manager with Deloitte & Touche’s Forensic & Investigative Services Group in San Francisco, specialists in electronic evidence recovery and analysis.
The CFO and four other executives of the company - a consumer-products firm with more than $5 billion in annual revenue - were subsequently indicted for fraud by federal prosecutors.
This is an example of how electronic evidence, especially e-mail, is playing an expanding role in litigation, not just because e-mail has largely become the default mode of communication in the workplace, but also because it fits distinct qualities.
First, e-mail is virtually impossible to destroy. That is because when the user deletes a file, the computer actually just renames it and removes it to another portion of the hard drive, where it will remain “until Perpetuity.” Even if the hard drive is destroyed, the same information can generally be retrieved from the company’s back-up tapes.
Un-sent draft e-mails are usually recoverable, too, as are attached documents. And along with the document itself, other information, such as the changes made to it, what computer it was typed on and where it was saved, can frequently be gleaned.
An employment lawyer in the Los Angeles office said she has gotten defense verdicts as a direct result of damaging e-mails sent by the plaintiff. In one sexual harassment case the plaintiff had painted herself as a pious, churchgoing soul who had suffered greatly when her manager allegedly asked her, “Did you get any this weekend?” But the plaintiff’s claim suffered when a search of e-mail revealed hundreds of pages of pornographic material. E-mails can also hurt companies. The antitrust case against Microsoft Corp. is probably the best-known example of this. Incriminating e-mails among Microsoft management played a large part in building the government’s case.
E-mail imposes one other major evidentiary risk. Because of the sheer quantity of information that can pile up in hard drives and backup disks, discovery can become formidably expensive. In one case, In re Brand Name Prescription Drugs Against Litigation (1995 U.S. Dist., Lexis 8281, N.D. III. June 13, 1995), the court upheld a discovery request for about 30 million pages of e-mail.
F. Obtaining electronic data and e-mail
A litigant should carefully craft Discovery or formal letters to opposing Counsel identifying categories of documents or data compilations which would or should contain reference to or identification of data which relates to the claims or defenses of a party. The appropriate employees who enter the data as well as the system administrator should be identified. A letter should be immediately drafted to the opposing party or its Counsel requesting that the information be retained in its current status and not deleted, destroyed or attempted to be removed from the data system.
Retrieval of electronic data can be useful in a variety of legal disputes ranging from disputes between large corporations to divorces. For example, most homeowners have personal computers. The information stored or transferred by way of e-mail can never truly be deleted without total destruction of the hard drive. Therefore, it is common to see parties to divorce proceedings seeking court orders preventing a party to a divorce from altering, deleting, removing, destroying or any manner affecting data contained or stored in a computer or the computer itself. Interoffice e-mails between corporate employees discussing an accident or occurrence or a fellow employee which is the subject of a legal dispute could be valuable evidence in litigation. Therefore, electronic discovery will be a valuable tool in future litigation.
Any party involved in any type of claim which potentially could lead to litigation should retain copies of all correspondence received from the other party. If the correspondence consists of e-mail or some other form of electronic data which is printable, it should be printed into a hard copy and saved as back-up evidence should the transmitting person or party delete, destroy, alter or deny the transmission.
Contact me today!