Electronic Discovery, Remote Storage and Digital Land Mines
There’s a saying that while laws evolve at the speed of government, technology advances at the speed of the Internet. The technical evolution involves the growing availability of remote storage both as a form of backup, and as a place to store any document that a user wants to keep off of a local machine and network. Moreover, with the advent of cloud services aimed at consumers, electronically stored information is increasingly distributed and is outside of counsel’s immediate control.
Unbeknownst to HR or management, ESI may be retained at many locations other than employee hard drives and company servers. An employee may, for example, go to various search engines, open a free account, and upload substantial amounts of material. These documents may be stored on internet servers, which are accessible to the creator and the individuals or entities that the document creator authorizes. There are many other services that provide Internet-based storage solutions, whether for pure storage or document collaboration. Employees may also plug a portable disk drive into their computer (unless the company’s IT staff has taken steps to protect the access ports) and store hundreds of gigabytes of data off of the network. People often do this to avoid policies requiring deletion of e-mail. Despite contrary instruction, some employees believe that it is in their best interest to store every e-mail and document ever created, and move everything into archive files stored on an external storage device (either a physical device or an internet-accessible online repository) before messages are automatically deleted per a company’s destruction policy.
Unfortunately, most companies have not considered what this groundbreaking technology means in relation to increasingly strict requirements for production of ESI. The Federal Rules of Civil Procedure are predicated on a company knowing where information is stored and the form it is in (for accessibility determinations). The fact an officer or employee of an organization chooses – for whatever reason – to store documents in a remote repository does not relieve a duty to produce during the discovery process. But if counsel doesn’t know whether remote storage mechanisms are being used, and what type of documents and e-mail are contained within, serious problems may arise. Consider the following.
- Counsel receives a discovery request and collects the responsive documents. But counsel doesn’t know that one department arranged – without telling the central IT department – for online backup of user files. Counsel delivers relevant and discoverable on-site ESI and notifies the other party that nothing else exists. In a deposition, the opposing party discovers there are large numbers of responsive documents accessible from a remote storage site via the Internet. Shouldn’t counsel expect questions as to the failure of knowing about these repositories?
- Counsel is preparing a discovery request in a case and has reason to believe that there are offline repositories that contain information relevant to the complaint. How does counsel put the other party on notice to include such online repositories – if they in fact exist – in their search for responsive material?
- Counsel is advising the CIO on issues relating to online remote storage. How do counsel and the CIO work toward gaining knowledge of how and when such services and devices are being used by a company or staff?
What are the stakes? Enormous. The cost of sanctions imposed by courts against companies that fail to produce electronic evidence can far outweigh the actual costs of litigation. Having an ediscovery plan, understanding where your organization’s ESI is stored, how it is stored and what the potential is for offline repositories not controlled by the company, is a vital part of counsel’s role in both managing an organization’s litigation costs and ensuring compliance with the federal rules when the time comes.
Counsel should work with other internal resources including the CIO, Chief Information Security Officer and Internal Auditor to proactively to determine the location of offline or online storage repositories and what the repositories contain. If repositories contain material that should have been destroyed under corporate document retention guidelines (and assuming there is currently no litigation in progress or reasonably imminent that would require preservation of such documents) it should be eliminated. There should also be a requirement to keep the IT department notified of any newly created repositories, even including something as simple as the use of free online storage. Counsel should also consider written company policies regarding the use of external repositories by employees, as well as evaluate with the IT department how to restrict such use both from a technological (which is never easy), and procedural and workflow standpoint.
When discovery requests are pending, counsel should consider the possibility of online or offline repositories in the course of identifying responsive material. It may also be advisable to request written confirmation from those employees whose e-mails and documentation are known to be generally responsive in connection with a request, to certify in writing that they have produced information from all known sources. Anything showing due inquiry can assist in, at the very least, reducing potential sanctions imposed by a court for a surprise production of responsive ESI.
If one hasn’t done proactive investigation work, land mines disguised as remote repositories may contain damaging documents that should have been routinely destroyed, and, but for their existence in a remote location, should not have been discoverable
The options for storing digital information are growing. Counsel has to keep up with these changes. The little USB drive that only a couple of years ago held sixteen thousand characters – the equivalent of less than 10 pages of written text, may now store sixteen billion characters – the equivalent of hundreds of thousand pages of text. The physical size of the USB device is unchanged. However, the storage capacity, and the risk it poses in a world of electronic discovery, has grown at a tremendous rate. For practitioners, this means that even more diligence is required when identifying and preserving relevant sources of data. If counsel fails to get ahead of this problem, they may well find themselves in the middle of a digital information minefield, attempting to sidestep potential sanctions from angry judges, avoid uncomfortable meetings with CEO’s and audit committees, and thwart a litigation disaster.