EDRM - OLP

EDRM –
Collection, Processing, Analysis
Presented by: David Kearney

www.linkedin.com/in/davidjkearney
The Organization of Legal Professionals
www.theolp.org
February 2013

The Phases of EDRM
Four sessions – 90 minutes each session

I. Overview/Collection
II. Collection/Processing
III. Processing
IV. Analysis

OLP - eDiscovery Certificate Program

EDRM - Overview
• http://www.edrm.net/
• Stands for The Electronic Discovery Reference Model
• First launched in 2005 and released publically in 2006
• Developed to provide a standardized approach to e-
Discovery related activities
• Helps visually depict the movement of electronic
discovery components from one phase to the next.
• Contains 9 phases/stages;
Information Management  Review
Identification  Analysis
Preservation  Production
Collection  Presentation
Processing


EDRM - Overview
• Stages standardize workflow
• Stages are not fixed sequentially
• Not meant as a literal, linear or waterfall model
• The EDRM is meant to be iterative in nature


EDRM - Overview
Stages
• Information Management
– Getting your electronic house in order to mitigate risk & expenses should e-discovery become an issue, from initial
creation of electronically stored information through its final disposition.

• Identification
– Locating potential sources of ESI & determining its scope, breadth & depth.

• Preservation
– Ensuring that ESI is protected against inappropriate alteration or destruction.

• Collection
– Gathering ESI for further use in the e-discovery process (processing, review, etc.).

• Processing
– Reducing the volume of ESI and converting it, if necessary, to forms more suitable for review & analysis.

• Review
– Evaluating ESI for relevance & privilege.

• Analysis
– Evaluating ESI for content & context, including key patterns, topics, people & discussion.

• Production
– Delivering ESI to others in appropriate forms & using appropriate delivery mechanisms.

• Presentation
– Displaying ESI before audiences (at depositions, hearings, trials, etc.), especially in native & near-native forms, to elicit
further information, validate existing facts or positions, or persuade an audience.


EDRM - Overview
• Information Management
– Many issues can be better managed if this stage is
taken seriously and implemented with consistent
& sound practices.
– This is THE STARTING POINT for the entire
process. Sound and comprehensive information
management strategies aid organizations in the
identification, preservation, and collection steps
of the process and can lower the number of
documents that need to be preserved, collected,
reviewed and produced. This is where more
organizations can GET IT RIGHT. Furthermore,
risks and costs are reduced.


EDRM - Overview
• Identification
– Locating potential sources of ESI &
determining its scope, breadth & depth.


EDRM - Overview
• Preservation
– Ensuring that ESI is protected against
inappropriate alteration or destruction.


EDRM - Overview


EDRM - Overview
Common Terms
ECA/EDA – 2 definitions
 Legal – End-to-End
 E-Discovery/Data - Analyze unstructured electronically
stored information
Proportionality
 Ways to Limit Burdens
 Court may look for ways to use proportionality
FRCP – Federal Rules of Civil Procedure
 Governs all aspects of procedure for civil matters in United
States District Courts
 Rules 26 to 37 - Discovery

1/21/2013 OLP - eDiscovery Certification Course

COLLECTION


EDRM - Collection
Gathering ESI for further use in the e-discovery process (processing,
review, etc.).
 Once documents/files have been preserved (sometime one and
the same), collection can begin
 Transfer/acquisition of data for review
 Includes; Servers, PCs, Macs, Linux, Windows, iOS, Android,
handheld devices, flash/thumb drives tablets, MP3 players, phone
systems, backup tapes, CD/DVD, databases (financial, CRM, ERP),
structured/unstructured data, Cloud/Social Networking Sites
 Proper planning and careful implementation can reduce time &
money spent
 Ensures integrity of evidence
 Proper collection can guard against future disputes (discovery
about discovery – causes unneeded rancor between parties)
 Process must be defensible, proportionate, efficient, auditable,
and targeted.
 May impact and expand the scope of the discovery process
 Collection costs can be significant


EDRM - Collection
You Oughta Know…

In an Exchange/Outlook E-Mail environment, if a
user deletes E-Mail from the deleted items folder
(sometimes called double-deleting) the E-Mail is
then stored in the Dumpster on the Exchange Server.

The administrator can set the Dumpster to retain
deleted E-Mail for a specified period or indefinitely.

This should be a discussion point when looking to
collect data from an Exchange Server.


EDRM - Collection
The collection methodology for acquiring ESI in a legally defensible manner


EDRM - Collection
A reasonable collection strategy must address
what ESI should be collected, when, and how
 What: The total corpus of potentially
collectible ESI will usually have been defined
during the process of formulating the internal
preservation directive/litigation hold. Usually
consists of four main categories of data
locations:
1. Individual employee files
2. Department/group files
3. Enterprise databases
4. Backup Media


EDRM - Collection
 When: Not all data identified for preservation
needs to be collected right away. Some data may
never need to be collected. Collecting all data that
has been preserved may unnecessarily inflate costs
and overwhelm the case team with irrelevant data

 How: Once the timing of collection from a data
location has been decided, the team must assess
what level of forensic defensibility should be
employed for the collection


EDRM - Collection
Normal collection processes generally involve straight
forward copying, that maintains the integrity of the
metadata, of the ESI as it exists on the system

A forensic protocol must ensure that the process is
carried out in a way that will produce reliable
information consistently, so the individual conducting
the collection can testify

The protocol must also provide for a means of verifying
the integrity of the work that has been done by
maintaining an untouched mirror copy of the inspected
materials

EDRM - Collection

Maintaining Integrity of Metadata…
The single most important thing that can
be done is to use a software or hardware
write blocker.


EDRM - Collection

Metadata
System Metadata - Data about the
architecture of the system
File Metadata - Data about the data in a
specific file that is recorded internal to
that file


EDRM - Collection
You Oughta Know…
Acquisition is actually the proper term for
collecting electronic data. In digital
forensics, examiners refer to the copying of
data as acquiring to avoid any confusion
that might be caused by using “copying”,
since copying doesn’t imply that the copy
was made in a forensically sound manner.


EDRM - Collection
Tools Used During Collection:
Write Blocker
LEO
Suites
Task Specific
Software
Hardware


EDRM - Collection
• Forensically Defensible Collection – a forensically sound
collection will preserve all potentially relevant metadata that
may be of use to the trial team in its claims. This collection
type utilizes a “write-blocker” to prevent alteration of source
media when a device is attached to retrieve the data.
• Maintains rigorous chain-of-custody controls that document
all collection steps, from initial access to the point of storage
or processing.
• Ensures that nothing about the data is altered or degraded
• A collection by a third-party vendor will often be the best
method.
• Typical of a targeted collection


EDRM - Collection
• Forensic Collection – a forensic copy of a hard
drive will include every byte of data on that
drive, including data in unallocated space and
slack space. Forensic inspection of a party’s
computer system is rarely necessary.
• Because forensic collections are much more
invasive and inclusive, there is a greater risk
of disclosure of information that is either
irrelevant to the matter or protected by
privilege claims. The forensic protocol must
therefore take steps to mitigate risks and
protect the producing party.


EDRM - Collection
• Unallocated Space – The area of computer media,
such as a hard drive, that does not contain
normally accessible data. Unallocated space
usually occurs as the result of a file being deleted.
Until portions of the unallocated space are used
for new data storage, in most instances, the old
data remains and can be retrieved using forensic
techniques.
• Slack Space – The space that remains on a hard
drive when a file is saved that does not take up
one or more complete clusters of space on the
drive. Slack Space is part of the Unallocated space
on a hard drive


EDRM - Collection
You Oughta Know…
Re-booting, Defragging, or running other disk management
utilities may clear some data from the unallocated space on a
storage device.
Some MAC systems, the later ones, are installed with a secure
delete function that deletes a file and then goes in behind the
actual deletion and overwrites with zeros the space that was
occupied by the file.
Also, there are third party applications, know as File Wiping
applications that can obliterate a file, within reason. One
cannot delete or overwrite a file that is being used by another
part of the system.

EDRM - Collection
 The decision regarding the degree of forensic
defensibility will be required for ESI collection.
This decision must be made on an individual basis
depending on the cost, accessibility, and needs of
the case.
 The software & process used must, at least, be
capable of write protecting the files during the
collection process and maintaining the integrity of
both the system and file metadata associated with
each file/document
 One constant is the need to have detailed and
complete documentation of the critical decisions
and actions made during the collection process

EDRM - Collection
Whether or not a file server should be
forensically collected depends on the
nature of the investigation. More often
than not, collecting the active data and
relevant network shares is appropriate
If extracting an event, log, intrusion, or
other time critical event, forensic imaging
of the entire server may be necessary


EDRM - Collection

• Collection can be accomplished by:
– The Client – Corporate/IT Personnel
– Custodians – Potential dangers when
custodians/clients try to collect their own
data – especially when seeking consistency
and unbiased process, e.g. 10, 25, 50
custodians and a delete key.
– Outside Law Firm
– Vendor


EDRM - Collection
• Forensic inspection protocols
– There are no “standard” protocols for forensic
inspection, but at least must mitigate the risk of
disclosure of irrelevant or protected information
– Parties and courts generally consider the same issues
when crafting protocols:
• Qualifications and objectivity of the inspector
• Methods that the inspector(s) will use
• Detailed set of instructions for exactly what is subject to
inspection and copying
• A means of verifying the integrity of the work


EDRM - Collection
 The court may limit discovery and shift costs
when ESI is not reasonably accessible because of
undue burden or cost
 Rule 26(b)(2)(B) of the FRCP states:
A party need not provide discovery of electronically
stored information from sources that the party
identifies as not reasonably accessible because of
undue burden or cost
 The Federal Rules also provide an outline of how
objections are to be me made and resolved


EDRM - Collection
• Not Reasonably Accessible
– Balancing Test:
• Cost of converting data into more accessible format
• Cost to review the data for responsiveness, privilege, or
other concerns
• Business disruption and other internal costs
– Other issues to address:
• Relevance of data residing on the source
• Overall litigation value of the data at issue
• Other means to get information


EDRM - Collection
On motion to compel discovery or for a protective order, the
party from which discovery is sought must show that
information is not reasonably accessible because of undue
burden or cost. If that showing is made, the court may
nonetheless order discovery from such sources if the
requesting party shows good cause. However, the court may
put conditions on the discovery from the source, such as
cost-shifting.

Legacy data is frequently the subject of claims that it is “not
reasonable accessible”. Backup tapes are being considered
more-and-more as reasonably accessible, but have
historically been classified a not reasonably accessible.


EDRM - Collection
• Sources of ESI
– Shared network resources are resources, files, or
other data shared throughout the network being
examined, such as
• E-Mail servers
• Document Servers
• Files Servers
• Other resources shared across the network


EDRM - Collection
• Other sources
– Cloud/web-based storage and E-Mail (e.g.
Gmail, Yahoo, Box, Dropbox, Facebook…
• Absent a subpoena or court order, it is nearly
impossible to collect the data held by an ISP
• Flash, temporary, and ephemeral data storage
(e.g., thumb/external drives leave data droppings)
• Social Networking applications
• Databases (reports v. exporting the data)


EDRM - Collection
• Structured v. Unstructured data
• Differences & Specifics
– Structured Data - Information with a high degree of organization
» Relies on users
» Legal Hold at application level
– Unstructured Data
» No identifiable structure
» Potential large number of users
» May be largely duplicative
• How it is applied to e-Discovery
– Structured Data – e-Discovery expenses are IT & User costs for
identification, Collection, and Legal Hold
– Unstructured Data – Costs are for Processing, Analysis & Review


EDRM - Collection
• Cost Factors
– Travel to different locations to have personnel on-site to
perform collection
– Whether the collection is performed by use of an
automated script that can run remotely or without manual
operation
– Custodian interviews at the time of the collection may
raise initial costs, but are more efficient in the long run
since such interview will likely to be ultimately needed
– Forensic collection require the use of different, more
complicated techniques, and the collected data will need
extra handling during processing and review


EDRM - Collection
• Cost Factors
– Impacted by the number of megabytes, gigabytes, terabytes,
Petabytes, Exabytes, etc. needed to be collected
– The human review, which can be the most time consuming and
expensive part of the entire e-discovery process…even if using
Technology Assisted Review…volume of review becomes larger
with the amount of data collected, just by basic nature of
more…
– Controlling, Monitoring, and being able to justify a sound
stepped approach to limit the data being collected (custodians,
data range, etc.)


EDRM - Collection
Quality Control
 Validating that all ESI has been collected. In general, over-inclusive
collections, coupled with repeatable, documented, and defensible
methods to cull and search ESI will be most effective at validating the
collection of ESI.
 Court are increasingly sensitive to the costs of electronic discovery and the
concept of proportionality, which should be taken into account when
assessing the scope of the collection
 In some cases, the use of software tools will aid in validating the collection
of ESI. Failure to use commonly accepted methods and technologies may
expose the client to additional risk
 In addition, each piece of digital data can generate a unique value, known
as a HASH VALUE. Commonly used hash formats are “MD5” and “SHA-1”.
If a dispute arises about the integrity of a piece of information, the hash
value of the original data can be compared with the original's has value.


EDRM - Collection
A word about foreign data discovery…
 What is routine and mandated practices in the U.S.
may amount to criminal conduct abroad.
 Counsel must consult local authorities before engaging
in discovery related activities.
 Absent a connection with a party to the U.S.-based
litigation, obtaining ESI in a foreign country requires
resort to the Hague Convention, the Data Protection
Directive, or local laws of the particular jurisdiction
 Foreign countries are extremely sensitive to privacy


EDRM - Collection
…Outside of the U.S.
Special attention should go to the collection of data
from sources outside of the United States. Many
countries, including the European Union have laws,
regulations, and policies that restrict a company’s
ability to collect and transmit data outside of the
jurisdiction for use in legal proceedings in the U.S.
Careful evaluation should be given to collection of
data outside of the U.S. and extra time needs to be
allocated for such collections


EDRM - Collection

• Other commonly used tools and devices
for collection
– Faraday Bags
– Inventory & Tracking System
– Check-in & Check-out Procedures
– Cameras and Video Recording


EDRM - Collection
Resource:
Digital Forensics for Legal Professionals - Understanding
Digital Evidence From the Warrant to the Courtroom

Larry E. Daniel
Lars E. Daniel


EDRM - Collection
Tips
 When wrongdoing is suspected, don’t “take a quick
peak” at a computer without forensic collection
 Don’t delay to preserve a device
 Don’t assume that all devices are the same a PCs
 Always document the process
 Don’t assume that the device is not encrypted
 Do not save time/money but using traditional file copy
methods
 Don’t process everything at one time
 Test and sample search terms and expressions
 Examine foreign language types


PROCESSING


EDRM - Processing
Processing
Reducing the volume of ESI and converting it,
if necessary, to forms more suitable for review
& analysis.


Native Format
• Documents in native format:
– Have not been converted in any way from its
original form
– Will appear and behave exactly as they did at the
point of creation
– If produced in native form, no costs incurred to
convert into another format
– Contains full metadata, which often includes
privileged or sensitive information (subject,
author, date, tracking changes, etc.)


Imaged Format
• Documents in imaged format:
– Equivalent to printing a document and creating a
static page image
– Can be time-consuming, expensive to process
– Can lead to loss of information useful to
requesting party, i.e. the loss of metadata


Metadata
• Metadata, which is a part of all types of ESI, exists in
fields that can be used to populate a load file
database created by the requesting party.
• Examples of metadata fields are:
– Names (author, sender, recipient, blind recipients)
– Dates (create date, sent, received, modified)
– Subject (primarily for e-mail)
– Document type
– “Text” (searchable field containing the text or body of the
document itself) –


EDRM - Processing
You Oughta Know…

“Text” field needs to be removed when redacting
OCR needed re-done after redactions applied –
Maybe a You Oughta Know slide


EDRM - Processing


EDRM - Processing

Assessment
• Assessment is a critical first step in the workflow
as it allows the processing team to ensure that
the processing phase is aligned with the overall
e-discovery strategy, identify any processing
optimizations that may result in substantive cost
savings and minimize the risks associated with
processing. A critical aspect of this step is to
ensure that the processing methodology will
yield the expected results in terms of the effort,
time and costs, as well as expected output data
streams.

EDRM - Processing

Preparation
• During assessment a determination is
made as to which classes of data need to
be moved forward through processing. At
that point there may be a number of
activities required to enable handling and
reduction of that data.


EDRM - Processing

Selection
• One of the primary reasons for
“processing” data in an e-discovery project
is so that a reasonable selection can be
made of data that should be moved
forward into an attorney review stage


EDRM - Processing
Output
• The data that has been selected to move
forward to review is transformed into any
number of formats depending on
requirements of the downstream review
platforms, or in certain circumstances simply
passed on to a review platform in its existing
format; or it may be exported in a native
format.


EDRM - Processing
Overall Analysis / Validation
• Throughout the four phases of processing
there are opportunities to analyze the data
or results of certain sub-processes to
ensure that overall results are what was
intended, or that decisions as to the
handling of the data are valid and
appropriate.


EDRM - Processing
Overall Quality Control
• Validation is the testing of results to
ensure that appropriate high level
processing and selection decisions have
been made, and ensuring that ultimate
results match the intent of the discovery
team. Quality Control (“QC”) involves
testing to see that specific technical
processes were performed as expected,
regardless of what the results show.

EDRM - Processing
Overall Reporting
• To meet the needs of project management;
status reporting; exception reporting; chain
of custody and defensibility it is important
that processing systems track the work
performed on all items submitted to
processing.


EDRM - Processing

• Collected ESI must first be entered into an
appropriate software program or tool with
processing ability
• Regardless of who processes the data, it is
imperative that the resulting data sets are
reviewed and that the process is validated
• The processing software must provide logs
of what was accomplished and what failed
during processing.

EDRM Processing
Tools Used for Processing
 PC/Server-Based
 Cloud-Based
 Vendor-Based


EDRM - Processing

• Methods for limiting volume include:
– Culling to exclude particular document types
– De-duplication
– Elimination of system files
– Application of search terms and date
limitations


EDRM – Processing

• Culling
– Processing methods must account for and
remove irrelevant data
– Before data is indexed for processing, it can
be culled by the following criteria:
• Remove all files of file types deemed to have not
evidentiary value
• Remove documents with certain file paths
• Eliminate files that fall below a size threshold


EDRM - Processing
• Common Search Techniques:
– Used to locate relevant and eliminate irrelevant
– Keyword
• List of words likely to be contained in relevant documents
– Boolean
• cat AND dog
• cat NOT lion
– Proximity searches
• cat /10 scratch
• cat /p scratch


EDRM - Processing

• Search terms (cont.):
– What is being searched?
• Text of document?
• Metadata?
• Attachments?
• Images?
– Formulating terms
• Witness interviews
• Names of key persons
• Product/project/code names and numbers
• Consider input from opposing party


EDRM - Processing

• De-duplication:
– The process of removing exact copies of the
same message or file from a data set, thus
reducing the number of files that need to be
reviewed.
– Within-custodian
– Across-custodian
– “Near duplicates” – slight changes to a
document; different hash values

EDRM - Processing

Culling Methods
• Deduplication
• DeNISTing
• Paths
• Size
• No evidentiary value


EDRM - Processing

• Deduplication
• DeNISTing


EDRM - Processing

• Budget based on assumptions from actual
data
– Client should have a good idea of custodian data
– Know the data being worked with, e.g. E-mail will
have a much different volume vs.
databases/spreadsheets
– Having more time permits greater cost control, &
consistency
– Open communications and discussions with
opposition to agree on scope and methods
– Collecting all data that has been preserved may
inflate costs unnecessarily

EDRM - Processing
You Oughta Know…
Foreign Language Documents

Unless your software application understands Unicode, it
will not handle foreign language documents easily.

In order to successfully search and review foreign language
documents, you need to make sure the software used to
collect and process them is Unicode compliant.


ANALYSIS


EDRM - Analysis
Analysis
Evaluating ESI for content & context, including key
patterns, topics, people & discussion.


EDRM - Analysis


EDRM - Analysis

• Fact Finding


EDRM - Analysis

• Search Enhancement


EDRM - Analysis

• Review Enhancement


EDRM - Analysis

• Process Analysis


EDRM - Analysis

• Validation/Quality Assurance


Analysis
• Evaluating ESI for relevance & privilege.
– Privilege issues
– Review methods
– Budgeting and costs
• Evaluating ESI for content & context, including
key patterns, topics, people & discussion.


Review & Analysis: Privilege Issues
• Rule 26: “Parties may obtain discovery
regarding any non-privileged matter that is
relevant to any party’s claim or defense…”
• We review to:
– Distinguish relevant from irrelevant
– Protect privileged material
• Attorney-client communications
• Attorney work product


• Waiver of privilege
• Clawback agreements
– Agreement that inadvertent production of privilege
material will not constitute a waiver
• Quick peek agreements
– No effort to weed out privileged material up front
• Evidence Rule 502
– Generally establishes that inadvertent production will not
result in waiver
– Encourages use of protective orders including clawback
agreements


Alers v. City of Philadelphia, No. 08-4745, 2011 WL
6000602 (E.D. Pa. Nov. 29, 2011)
• Where defendants inadvertently produced a
privileged memorandum as part of a multi-page
document amid more than 2000 pages of document
production and where they requested return of the
document four days after learning of its disclosure at
a deposition (where there was no objection made),
the court found that privilege was not waived
(despite defendants’ choice to attach the
memorandum to a publically available motion)


Review & Analysis: Review Methods
• Coding
– Responsive or non-responsive
– Privileged
– Confidentiality
– “Key” documents
• Basic linear review
• Concept searching
• Clustering (uses linguistic, latent semantic technologies)
– E.g., when searching the term “diamond,” clustering will allow you to
distinguish between “baseball” diamond and diamond “ring.”
• Predictive coding


Technology Assisted Review
• …or Predictive Coding
• …or Computer Assisted Review
• …or Intelligent Review
• …or ???? Review


EDRM - CARRM
• EDRM’s Computer Assisted Review Reference
Model


Review & Analysis: Review Methods
• Predictive coding
• Da Silva Moore v. Publicis Groupe & MSL Group, No. 11 Civ.
1279, 2012 WL 607412 (ALC) (AJP) (S.D.N.Y. Feb. 24, 2012)
– Magistrate Judge Andrew Peck approved use of computer-assisted
review (predictive coding) to locate responsive documents
– “*C+omputer-assisted review is an acceptable way to search for
relevant ESI in appropriate cases.”
– “As with keywords or any other technological solution to e-
discovery, counsel must design an appropriate process, including use
of available technology, with appropriate quality control testing, to
review and produce relevant ESI while adhering to Rule 1 and Rule
26(b)(2)(C) proportionality. ”


Review & Analysis:
Budgeting and Costs
• Discovery costs may well be the largest budget
item, other than trial
• Since few cases ever get to trial, discovery is
often the single most expensive part of any
litigation matter


Review & Analysis:
Budgeting and Costs
• Understand the cost drivers
– Number of custodians
– Volume of ESI each custodian will handle
– Review of ESI
• Create a budget of the estimated costs as
early as possible
• All assumptions should be stated explicitly in
the budget so that variances can be noted and
the client can adjust expectations accordingly

Review & Analysis:
Budgeting and Costs
• The complexity of the case will have a direct impact
on the cost of e-discovery
– Complexity of the coding schema (number of tags the
reviewers will be applying)
– Sophistication of the privilege issues presented by the facts
of the case
– Number of passes of review that are anticipated
• The most efficient way to organize a review is with
numerous decisions during a single pass review
rather than through separate review phases of the
same material


Review & Analysis:
Budgeting and Costs
Race Tires Amer., Inc. v. Hoosier Racing Tire, Corp., 674 F.3d 158
(3d Cir. 2012)
• On appeal, the Third Circuit vacated the District Court’s
approval of taxable costs related to electronic discovery and
remanded with instruction to re-tax in accordance with this
opinion. Specifically, the court concluded that the relevant
vendors’ charges “would not qualify as fees for
‘exemplification’” and that “of the numerous services the
vendors performed, only the scanning of hard copy
documents, the conversion of native files to TIFF, and the
transfer of VHS tapes to DVD involved ‘copying’” and were
thus recoverable.


Production
• Delivering ESI to others in appropriate forms &
using appropriate delivery mechanisms.


Production
• Parties should agree on a form of production at the
outset of discovery, ideally at the earliest stage of
discovery.
• Under Rule 34, the requesting party may specify a
format to which the producing party may object and
offer an alternative format.
• Rule 34 of the FRCP states that the format must be
either the form in which it is ordinarily maintained in
the usual course of business or a reasonably usable
form.


Production
• Native format
– The form in which the document is maintained in
the system where it was created
• Reasonably useable formats
– Any imaged format of the ESI such as TIFF or PDF
– Should include metadata


Production: Native Format
• Documents in native format:
– Have not been converted in any way from its
original form
– Will appear and behave exactly as they did at the
point of creation
– If produced in native form, incur no cost to
convert into another format
– Contain full metadata, which often includes
privileged or sensitive information
(subject, author, date, tracking changes, etc.)


Production: Imaged Format
• Documents in imaged format:
– Equivalent to printing a document and creating a
static page image
– Can be time-consuming, expensive to process
– Can lead to loss of information useful to
requesting party, i.e. the loss of metadata


Production: Metadata
• Metadata, which is a part of all types of ESI, exists in
fields that can be used to populate a load file
database created by the requesting party.
• Examples of metadata fields are:
– Names (author, sender, recipient, blind recipients)
– Dates (create date, sent, received, modified)
– Subject (primarily for e-mail)
– Document type
– “Text” (searchable field containing the text or body of the
document itself) –
• TIP: “Text” field needs to be removed when
redacting

Documenting Production
• ESI productions should include
correspondence, production
shipments, confirmation and shipping
receipts, and a tracking log showing:
– What material was produced
– On which type of storage media (CD, DVD, hard
drive)
– How it was transmitted


Documenting Production
• The production media should be subject to
quality-control checks to:
– Assure completeness
– Show lack of corruption
– Conform with production format (as agreed upon
in the parties’ 26(f) discovery plan)
• Documentation of these processes should be
kept to show timely and accurate compliance
with production requests.


Overall Tips
• Consult FRCP and local rules of pertinent jurisdiction
• Stay organized and keep complete records, specifically about
critical decisions and actions during the processes
• Track what was done, by whom, when & how it was done
• Maintain specific routine practices across cases/projects to
increase efficiency and ensure critical steps are not missed

IT IS NOT IF PROCESSES/ACTIONS WILL BE SCRUTINIZED…

…BUT WHEN

BE PREPARED!


Additional Resources
• E-Discovery and Electronic Records - Healthcare
Resource Guide to e-Discovery and Electronic
Records - Focuses on the process of electronic
discovery (e-discovery) and electronic records
management for healthcare document retention and
production.
– Authors:
Kimberly A. Baldwin-Stried Reich
Katherine Ball,
Michelle Dougherty,
Ronald J. Hedges


THANK YOU

David J. Kearney
www.linkedin.com/in/davidjkearney

EDRM - OLP

More Related Content

Similar to EDRM - OLP (20)

More from David Kearney (20)

EDRM - OLP