When data needs to be collected, many struggle as to whether they should hire an outside forensic consultant or whether their IT staff or outside counsel can handle the collection themselves. The courts have provided limited guidance on this issue, so below is a combination of case law and an expert's opinion on the topic.
Not unlike many other subjects, this topic can be seen in shades of gray. Defining self-collection can be difficult, as some consider allowing key custodians to go through their own data and put it aside for discovery as self-collection. Others consider allowing trained IT to go into the back end of servers to grab relevant data as self-collection. There may be some appropriate instances in which data can be capably captured by inside IT staff with minimal additional cost to the company and still be used without prejudice. But always remember that with self-collection comes inherent risk.
When Self-Collection Is Not Appropriate
The courts have made it clear that allowing custodians with a stake in the litigation to collect their own data is never appropriate. In Green v. Blitz, 2011 WL 806011, 2:07-CV-37 (E.D. Tex. Mar. 1, 2011), after the trial ended, the plaintiff discovered evidence that was never produced by the defendant in her case. The court determined that the defendant relied solely on its own employees to find and produce relevant emails. The court then stated that there are many dangers inherent in self-collection, including good faith omission by inadvertence, laziness or lack of technical or legal training. The chief danger is bad faith omission by fraud, by the natural desire of a witness to protect him or herself by not producing incriminating emails. Due to the manner in which the data was collected, the court allowed the plaintiff to reopen her previously settled suit based on the discovery abuses committed by the defendant.
Another case in which the courts spoke to self-collection abuses is Nat'l Day Laborer Org. v. U.S. Immigration and Customs Enforcement Agency, 2012 WL 2878130 (S.D.N.Y. July 13, 2012). In this case, various governmental agencies had to collect and produce data in an FIOA action. The various agencies used different collection techniques with little or no documentation as to their processes. In the end, the agencies were sanctioned for overreliance on self-collection processes by employees and were admonished for not having a unified documented process in place for collection and allowing some employees to conduct their own searches. Judge Schiendlin wrote "[m]ost custodians cannot be 'trusted' to run effective searches because designing legally sufficient electronic searches in the discovery or FOIA contexts is not part of their daily responsibilities. Searching for an answer on Google (or Westlaw) is very different from searching for all responsive documents in the FOIA or e-discovery context."
Another example of self-collection gone wrong is Suntrust Mortgage, Inc. v. AIG United Guaranty Corp., 2011 U.S. Dist. LEXIS 33118 (E.D. Va. Mar. 29, 2011). In this case an employee cut and pasted several emails together to effectively create a new email chain. When collecting the data, the plaintiff imaged employees' hard drives but did not hire forensics experts or any other kind of outside help to assist in the collection and analysis of the employees' electronic files. Tampered emails were produced, and after a lengthy review of activities of management and in-house counsel for the plaintiff, the court issued sanctions against Suntrust for falsifying evidence.
It is important to note that documents need to be properly authenticated to be entered into evidence. If collection is done by means of a method that does not properly preserve the original document including metadata, that document may not be admitted into evidence. To ensure that this does not happen, it is always recommended to ensure that a collection is done forensically by a third-party consultant. When data is collected forensically, the original source is protected from alteration, and the resulting data set is protected by a self-authenticating forensic image format that protects the contents.
Other situations in which self-collection is not recommended are when you know your adversary has employed a forensic expert with experience in assessing the processes and procedures utilized in data identification, preservation and collection. Securing an expert may signal that the opposing party has a desire to audit your processes and procedures and, if the expert finds any problems, bring a motion for sanctions. Getting to the heart of the case is what every attorney wants, and getting caught up in fights over collection slows down the discovery cycle and costs clients extra money. While forensic consultants can be an up-front expense, doing the collection right the first time around can save time, money and heartache in the long run. Having your own expert who can oversee the collection, participate in and respond to any issues raised by opposing counsel can enable the case team to focus on developing the strategy needed to win the case.
Another instance when bringing on a third-party consultant makes sense is when there are looming discovery deadlines and an overworked client IT staff. Most IT departments in U.S. corporations are understaffed and overworked. Their first priority is to maintain the company's IT infrastructure and access to data. As a result, conducting a data collection does not take priority over resolving email issues, restoring data from backups, fixing access issues and many other typical daily IT tasks. When IT does conduct the collection, they typically rely upon the tools they have access to and have been trained to use for moving volumes of data. There are usually better tools available for discovery purposes, and a forensic expert will be well-versed in many. Forensic experts will be able to use the tool most appropriate for collecting the data and in a way that is least burdensome to the operations of the company.
Many forensic collections are done at night after everyone has shut down and gone to bed so as not to disrupt business. Depending on the size of the organization, typical IT staff do not work during these times and would have to do the collection during normal business operations. This can negatively affect or possibly require the shutdown of systems that employees need to access, thus slowing down productivity. Also, the tools IT staff have at their disposal for collection are not the best ones for discovery-related data preservation and acquisition. Forensic hardware and software tools can be very expensive and require training and certifications to use properly. It is important to note that if an expert does the collection with the appropriate tool, at any point in the future, even the smallest alteration to an image can be detected. This ability to authenticate, when coupled with the documentation created to support the data collection (chain of custody and collection tracking), can aid in the authentication process of evidence for admission at trial.
When Is Self-Collection Acceptable?
With the above caveats, there are situations when self-collection may be acceptable. First, whenever there is a case with a small amount in controversy, it may be universally agreed that the parties do not need spend a large proportion of the potential outcome on discovery costs. A small case might seem to mandate a more DIY approach. However, whenever collecting data, it needs to be done carefully, and all aspects of your approach must be completely and accurately documented. If your process is not well-reasoned or well-documented, the resulting work product may not be admissible or defensible in court. Also keep in mind that if data is not collected properly and even if there is a clawback agreement in place, FRE 502 may not protect you. Doing collections in an unsound manner can potentially break the privilege of a document.
There are also many cases when an individual's email simply needs to be pulled from a server and handed over to opposing counsel or the data needs to be pulled from an individual file share. When the data is easy to access and all in a live environment, if IT takes the data off the server(s) while preserving all metadata and then gives it to outside counsel for review, it may be admissible in court.
For situations like the above in which self-collection is suitable, inside counsel is encouraged to have a forensic consultant either oversee the processes used or train the staff ahead of time on defensible procedures. While the collection still will not be a forensic collection, there is greater likelihood that all appropriate data will be captured and unaltered if proper tools are used by trained individuals and proper documentation is kept to explain the steps taken by IT.
Self-collection always has a major risk, that being authentication into evidence. Unless data is collected in a forensically sound manner, it is not going to be able to be authenticated based on hashtag values. However, if and when data is collected in-house, processes and procedures for the collection should be set ahead of time, and IT staff doing the collection should have access to and be trained on a variety of collection tools. Also, remember documenting the processes for the collection is essential. While self-collection can save costs up front, if not done properly, it can cost a lot more than hiring a third-party forensic consultant in the long run.
Courtesy of Tony Merlino of DTI.
This article was originally published on December 9, 2013. For a more up to date discussion on this topic, please visit the eDiscovery section at our Technologist blog.