Leaving No Stone Unturned In Data Collection

Saturday, March 1, 2008 - 01:00
SPi

Editor: Could you give us some of your background in technology?

Muir: I started my legal career over 20 years ago as a Legal Services Specialist in the United States Marine Corps. More recently, I was employed by McCarter & English in Newark, New Jersey for twelve years, the last five of which I was the Litigation Support Technology Manager - a position which opened the doors into the litigation support arena. After that, I spent just over a year at Skadden Arps Slate Meagher & Flom as a Project Manager in the Legal Technology Department. In May of 2005, I accepted a job with SPi as a Project Manager, spending almost a year in that role, and then transitioned to the consulting side - focusing primarily on the identification, preservation, and collection of electronically stored information (ESI). My responsibilities at SPi include, but are not limited to, the overall management of the collection of ESI and supervision of other companies that we partner with.

Editor: Why is it important to have a comprehensive data collection service tied in with the other businesses of SPi?

Muir: SPi Legal provides a comprehensive suite of litigation support services that give clear advantages to corporate law departments and outside counsel. Our end-to-end solution includes data collection, pre-process data culling, processing, data analytics, hosted and managed review in Attenex, iCONECT and Concordance, paper processing, document coding, electronic document productions, consulting and project management. In order best to support our clients' data collection needs, we prefer to get engaged early on in the discovery process, and even before discovery begins in working with the legal team and business client. Typically our involvement begins with the efforts to identify and preserve ESI. It is a critical step in the discovery process, it helps to predict timing and budget, and it affords our client a defensible approach and chain of custody leading into the next phases of electronic discovery.

Editor: You can archive the data?

Muir: Yes, we have the capacity for long-term storage through our SPi Repository (SPiRE). We developed SPiRE to manage the electronic data processing function, and to serve as a long-term repository for various forms of client data, including native files, processed databases, coded database records, and scanned or converted TIFF images.

Editor: Why is it necessary and important to have an IT person available at the business client's location to assist the data collection team?

Muir: Our initial communication with the legal team and business client's IT staff provides us with a roadmap to the ESI. The IT people know their computing infrastructure better than anyone and are typically our best allies. We coordinate closely with the IT staff to understand better the breadth and scope of what, where, and how ESI is stored. This relationship is an important part of the process as it allows us to get in and out of our business clients' offices as efficiently and as inexpensively as possible. Essentially, when we are able to effectively partner with our clients' IT staff, we are better able to perform our job within budget and with the least amount of disruption to the business client.

Editor: Why do we need to determine which computers the custodian (client) is using over a given time period?

Muir: This is just one of the many important pieces of the puzzle of the data collection project that we need to learn about: what devices are being used that store potentially relevant ESI. Often times, IT administrators have sufficient records about their computer inventory - the type of desktops, laptops, and handheld devices that are deployed within the organization. It is extremely helpful when they can supply us with this inventory ahead of our arrival.

Editor: Does the IT staff actually know of all the devices employees have?

Muir: For the most part they do. Although sometimes we discover media or storage devices that the IT Department was not aware of as part of our collections process. And the custodians often know the most. It is part of our job in discovery, along with the legal team, to uncover all of the potential areas that a custodian is using to store potential ESI.

Editor: Another question for the IT person is whether there have been any changes or upgrades to the custodian's computer during the relevant time period?

Muir: Very often, the computer that a custodian uses has been upgraded or replaced with newer technology or, if the hard drive experiences a malfunction or "crash," the drive is replaced. We need to know if a computer or the hard drive within it has been replaced. We need to know what happened to the data on the original hard drive. We also need to know if there have been software or operating system changes during the time period in question and what happened to pertinent data when the systems were changed or upgraded. These are all important investigatory questions that we ask the IT staff and the legal team when inquiring about the computing environment.

Editor: Is it a challenge to ferret out shared computers such as those used as a "traveling office" or computers not used by primary custodians but by office assistants?

Muir: The ideal set up for an onsite collection is to have an attorney and a data collection team working together. The attorney interviews the business client about their involvement in the case and what kind of information they are working with. These interviews can take an hour or more. Occasionally, you find a small percentage of executives who do little to no typing and claim not to access or store any ESI, with the exception of e-mail. These are usually custodians in upper management who read and send e-mail but for the most part have a separate entity that will create, save, store and revise the business documents. When the client provides the attorney with this information, we are alerted to expand the search to this custodian's personal assistant. Because of this, the office assistant potentially becomes a "custodian of data," and it is our responsibility to vet this out. In these cases, we have to collect data from their computers because they have become the de facto custodians of data. In almost every project I have worked on there is at least one instance of this happening because upper management people are not faced with the burden of heavy duty paper work. In most cases, the office assistant is capable of directing us to where the primary custodian's data is being stored.

Editor: Is another question: what computer applications are being used that can generate relevant ESI?

Muir: This is another important question to ask the IT administrator and, often times, the custodian. Knowing the different applications the organization uses is crucial in determining the types of ESI that will be in play. For example, e-mail is probably the number one source of ESI. Nearly everyone uses e-mail for business and personal affairs, and it has become the number one repository of information. There are many different types of computer applications that are capable of creating ESI, and depending on the type of organization we are working with, sometimes we encounter non-standard applications. It is important to vet this information with the business client's IT staff and the named custodians.

Editor: What is important about the size, frequency, and method of e-mail backup or archiving?

Muir: More organizations are adopting e-mail archiving systems to help streamline the voluminous amounts of e-mail within their organization, with the added benefit of becoming "litigation ready," when the moment is right, or more appropriately, when the moment is wrong. Within Microsoft Outlook, one can create archives in the form of .pst files, and these .pst files can be stored anywhere the end-user has permission to save them. The email archiving systems, when implemented, remove the high degree of duplication we often find among .pst files. When we are hired to perform the data harvesting, e-mail repositories are the most obvious place that relevant ESI may exist. With respect to e-mail backup, companies often enforce retention policies as part of the records management policies by enforcing rules that require e-mail be deleted every so-many days unless the custodian archives it manually. That, of course, complicates data collection when trying to collect old e-mail that is not being saved by the custodian. In this case, we are called upon to look into backup applications - most often backup tapes.

Editor: What is important about the size, frequency and methods of backup for information other than e-mail?

Muir: Sometimes, there is a need to review data that is not live on the business client's network, but does exist on backup tapes. Backup tapes are a challenge in and of themselves. This issue is always asked of the IT person: "what is the frequency and method of backing up your file servers?" We want to know about the method in which the client is backing up their data. How long are they holding onto the tapes before they are recycled and reused? We also would want to know what type of backup software and what type of tapes are being used. Often, we can assess the degree to which the content on backup tapes is duplicative, and help the client reduce the burden of dealing with backup tapes in discovery.

Editor: Are the questions posed in this interview questions you would like to have answered by the IT person and the custodian?

Muir: These are questions that we would address to the client's IT department and some are also addressed to each custodian. Part of the interview process is in trying to find the depth of computer usage for each custodian. Many custodians these days are storing a lot of information on computers, whether it be on the local drives, network, or removable media. Due to the increase in storage capacity and file sizes, larger storage units are in play, and they come in all sizes and flavors. Almost any type of media that is sold can store relevant ESI - from cell phones to PDAs and even iPods. If there is a unit that can store data, there is a custodian who has one. By combining the information from the IT department with the knowledge gained from custodian interviews, we are able to pinpoint exactly what we are looking for. If we fail to find relevant data, clients are liable to sanctions. We look in every cabinet, drive, and ask every question possible. There is enough case law history where businesses are sanctioned for not disclosing and/or turning over all of the relevant ESI when they should have. We make sure that this does not happen to our clients.

Please email the interviewee at k.muir@spi-bpo.com with questions about this interview.