The case for e-discovery
Connecting state and local government leaders
A federal court ruling makes clear that in the event of a lawsuit, agency IT departments must be prepared to produce pertinent documents'including wikis, blogs and other Web 2.0 content. Having a framework for e-discovery can help make sure you can find them.
GOVERNMENT AGENCIES can no longer remain unaware of the legal
implications of their new technologies.
In June 2007, the U.S. Court of Federal Claims chastised the
Justice Department and the Army for failing to properly preserve
electronic records, in the case of United Medical Supply Co. v.
United States (77 Fed. Cl. 257).
United Medical claimed the Army had failed to adhere to the
terms of a procurement contract with the company by ordering
supplies from other vendors. When the suit was brought, the Army
Defense Supply Center's legal team sent e-mail messages to
the medical facilities asking them to save any electronic
documentation relevant to the case. However, many of those
facilities never got the electronic dispatches and routinely
destroyed the records, in the process destroying the
government's line of defense.
For the judge, the failure to establish proper procedures to
save and identify electronic records constituted reckless disregard
by the federal government. As a result, Justice could not
cross-examine the plaintiff 's expert regarding destruction
of evidence and had to reimburse the plaintiff for additional
e-discovery costs.
'Aside perhaps from perjury, no act serves to threaten the
integrity of the judicial process more than the spoliation of
evidence,' wrote Judge Francis Allegra in the order
summarizing the case. And the fact that the communications were
electronic provided no excuse.
For Jason Baron, director of litigation at the National Archives
and Records Administration, the case serves as a wake-up call for
agencies: Get your electronic house in order.
In 2006, laws were enacted that clarify how agencies and other
organizations should handle electronic documents. No longer could
an agency's legal counsel throw up his or her hands in
confusion when asked about information that existed only on a
server somewhere.
'Everyone [such as federal agencies] who find themselves
to be a party litigant needs to be aware of the adoption of these
new federal rules," Baron said.
Such mandates can prove to be a challenge for agencies,
especially those using Web 2.0 technologies, such as wikis, blogs
or instant messaging.
'We're way beyond e-mail,' Baron said.
'If the chief information officer deploys it, the lawyers
will come. That is just the way things are. If you can deploy
something out there, some lawyer will inevitably ask, 'Give
me any and all documents on a given topic,' and [he or she]
won't care if it is voice mail, a blog, wiki or an island on
Second Life as long as it is relevant to litigation.'
Such new technologies 'are an enormous challenge to
electronic discovery because they are so volatile and change so
frequently,' said George Socha, founder of the industry group
behind the Electronic Discovery Reference Model (EDRM).
And make no mistake: Litigation can be disruptive to computer
systems. Just ask the Interior Department. In 2001, a federal judge
ordered five of the department's systems off-line until the
agency fixed security holes that made Indian trust fund data
vulnerable to hacking. Only this year were those agencies allowed
to reconnect to the Internet to conduct routine business. Moreover,
the court compelled the agency to buy e-discovery software, from
Zantaz, now owned by Autonomy, to sort through the e-mail messages
and other documents pertaining to the case.
'The risk of disruption can be so high in any given case
' one lawsuit can be a game changer,' Baron said.
'Agencies need to deal with this new environment, and that
means a better understanding on the part of lawyers, executives, IT
professionals and records managers about what the risks
are.'
What's new?
In many ways, the court system only came to terms with computer
technology in 2006. That was when the Supreme Court updated the
U.S. Federal Rules of Civil Procedure (FRCP).
In the update, a new term ' Electronically stored
information (ESI) ' was introduced. 'ESI can be
anything that is electronic,' Baron said. This means not only
mainstream technologies such as e-mail, spreadsheets and word
processing documents, but any other form of communication or
documentation that is encoded in bits, such as Twitter posts, wiki
entries and instant-message chats.
In the discovery process, the defense counsel must produce for
the plaintiffs any documentation that is relevant to the case.
Before 2006, legal teams tended to print electronic records so they
could be dealt with as paper documents.
The newly amended FRCP clarifies many aspects of the process,
Baron said. Perhaps most important, the new rules require that both
sides of the litigation meet with each other at the outset of the
case to determine what documents will be relevant to the case. That
requires the defense's legal counsel to know what
technologies are being used and how electronic data is being saved,
Baron said.
FRCP also takes into consideration the archiving process. It
recognizes that an organization might have a records management
process in place that saves old documents on hard-to-access media,
such as tape, and that data might be destroyed after a certain
period of time. However, an organization is also obligated to
freeze the discarding process if documents of interest might be in
the pipeline.
Although an agency would not be obligated to spend a lot of
money to unearth hardto- reach electronic documents during the
first rounds of e-discovery ' such as those that can only be
read by obsolete tape drives ' subsequent rounds of the
e-discovery process could require such documents if they prove to
be of interest to the plaintiffs.
Fortunately, new guidelines, standards and software programs are
now in place that can help agencies get a handle on the e-discovery
process.
One of the chief guides is EDRM, developed by the industry group
of the same name.
'EDRM provides a framework for electronic
discovery,' Socha said. It breaks the discovery process into
multiple steps that organizations can use to help manage their own
e-discovery efforts. The group also offers a great deal of reading
material online that can help records managers better understand
the issue.
In addition, EDRM has released an e-discovery schema in an
Extensible Markup Language format. Using XML tags, organizations
can annotate information that can be used in e-discovery.
'One of the major challenges someone who has to deal with
e-discovery will have to face is how to move the data from one step
of the process to another, from one organization to another,'
Socha said. The XML schema, when used by content management
systems, can pass data across disparate systems.
'If the tool you are using to gather the data is capable
of exporting that data in a way that is compliant with the schema
and the tool you are using to process that data can import that
data using the schema, then you don't need to worry about
[whether] the two tools could talk with each other directly,'
Socha said.
In the system
How should an information technology project manager prepare for
e-discovery? The good news is that many providers of content
management and records management systems have built-in features or
add-on modules for handling e-discovery duties.
'You need to have good records management in place,'
said Johannes Scholtes, president of ZyLab North America. 'If
you don't have that, your discovery process will be much
harder.'
When an agency gets a legal-hold letter, it must determine which
information falls under that hold and which systems have that data.
An e-discovery software package will help the agency records
manager identify what the data is and where it is stored. The data
must also be captured so that it cannot be changed, which usually
involves making an image of the data. From there, the data should
be collected into a file server, where it can be analyzed and
redacted by the legal staff.
CMS provider Open Text, for example, offers a litigation
management module for its Open Text ECM Suite. The software allows
records managers to put a hold on documents for review, establish a
workflow process for reviewing documents, eliminate duplicate
documents, redact confidential portions of the documents before
they go out and format them for delivery.
Cheryl McKinnon, a marketing director at Open Text, said the
Open Text ECM Suite would have no problem ingesting the data from
Web 2.0 applications such as wikis, blogs and even voice-mail
messages. The software can handle all information encapsulated in a
file. The administrator would just need to direct the Open Text
software to the appropriate directory to collect copies of the
files.
ZyLab is another content management vendor offering an
e-discovery tool ' the ZyImage eDiscovery platform.
The software helps agencies develop a file plan for collecting
data and then offers a repository for searching. It can capture
documents, format them for discovery and allow users to search
across them, regardless of the format. Like Open Text's
software, it deploys metatagging to annotate documents for later
retrieval. It also extracts file properties and document
properties, such as the date a file was created or modified.
'We deliver an archive which is searchable and
preorganized,' Scholtes said. 'Then the lawyers can
focus on the parts of the data that [are] most relevant.'
Despite such tools, the act of re-creating a document can still
be difficult, especially with Web 2.0 technologies. Consider tools
such as Web pages, that allow users to rearrange content according
to their preferences, wikis for which content is frequently revised
and updated (though they do keep change logs), or mashups that draw
data from different sources.
In those situations, the answers don't come as
quickly.
'The more disparate the pieces that get pulled together,
the more end-user control the users have over how those pieces are
combined, the more difficult it is to say what a person saw at a
particular point in time because we don't know what
parameters they used for looking at a certain thing,' Socha
said.
He said that although no one has an answer for how to definitely
capture such data, the courts might understand its ephemeral
nature. 'You'll have to depend on people's
recollections and what you can reconstruct, unless they happened to
take a screenshot,' Socha said.
The important thing records managers should keep in mind is that
if a new technology is being used to conduct work business and if
that business could end up in court one day, then copies of data
produced by that technology should be saved, said Whit Andrews, an
analyst at IT research firm Gartner.
'If you have something that needs to be saved, then it
needs to be saved,' Andrews said. 'If you have a wiki
for a new project, you have to treat the wiki as a record to be
managed just like anything else.'
Beyond technology, one of the most important things an agency
can do is get its IT staff, records managers and legal counsel
together. Because of the new rules, if a case arises, the legal
counsel will need to know ' in a hurry ' where data of
interest is stored and the platforms on which it resides. That is
something too few lawyers know these days. What they need is a data
map, an inventory of the systems and a system of protocols for
dealing with litigation when it arises.
'I've gone to too many agencies where I talked to a
general counsel and she or he didn't know who the records
manager is,' Baron said. The lawyer, records manager and IT
staff all speak different languages when it comes to their
respective professions. For instance, each has a different
definition of what a file is.
'A process needs to be in place where people regularly are
talking with one another,' Baron said.
NEXT STORY: Protecting network ports