Great project managers will tell you it’s always smart to start at the end. What does done look like? That’s the first question. Always. When faced with collecting ESI in connection with litigation, there are several project objectives to consider.
Collecting ESI is a critical task
First, though, it is important to remember that collecting ESI is a critical stage of a discovery project. Activities undertaken during collection impact every subsequent stage of the process. It is essential to perform a collection in a defensible manner. Using appropriate tools and personnel, planning the collection, and documenting the collection are some of the critical elements of a defensible collection process.
As I write in Project Management in Electronic Discovery, “during a collection project, the objectives are to perform a comprehensive—but not over-inclusive—collection of relevant materials, maintain the integrity of the ESI . . . and provide for proper documentation to maintain the chain of custody and to establish the authenticity of the documents. At the same time, the collection must not disrupt the organization’s business operations.”
Plan the collection project
The first objective is simple: Collect only the ESI that is needed. Make reasonable efforts to identify the potentially relevant ESI and keep the collection effort proportional to the needs of the case.
Planning is crucial when collecting ESI. At the outset, define the scope of the collection. Identify the custodians and data stores and narrow the collection by date range, file type, or other criteria.
I also write in the book that a “project manager is responsible for communicating with the client’s IT personnel and the individual performing the collection, and should coordinate, schedule, and monitor the actual collection process.” Obviously, project managers are well-suited to plan and coordinate collection activities, so be sure to involve them in the process.
Maintain the integrity of the collection
Next, it is important to maintain the integrity of the ESI. Collecting ESI improperly increases the likelihood for problems later in the project and there is a risk of spoliating metadata. If, for example, a case turns on whether or not a party took action or knew something on a specific date, and an electronic document that resolves the issue was collected in a way that altered or did not preserve the file or system dates, then the party advancing the argument is going to have difficulty making their point.
Additionally, in most cases it is necessary to produce metadata. Collecting ESI improperly could make it impossible to produce some metadata and it is often difficult to go back and do it again. Moreover, rework or performing a second or supplemental collection can only increase cost and expand the time to complete a project.
Quality assurance and validating measures are necessary, too. Like performing a file hash analysis prior to and after collection. This ensures the integrity of the ESI by confirming that no files were altered during collection.
Document the process when collecting ESI
Third, document the entire process when collecting ESI. The documents may be important evidence in a legal proceeding and there are rules for the proper admission of evidence in court. Preparing a collection log and chain of custody documentation shows that the collection is defensible. They provide a record of the process that goes not only to the integrity of the collection itself, but also will assist in authentication and admissibility of the evidence in later proceedings.
Meeting the collection objectives
Many organizations face the initial question of whether to outsource collection processes or perform them internally. There are benefits and risks in both methods. One benefit of outsourcing is to transfer the risk associated with a technical process to trained professionals accustomed to performing such work. Few organizations are staffed with forensics experts, and few have the tools necessary to perform a proper collection. Engaging a service provider for this purpose mitigates and transfers the risk to that service provider.
In addition, it is rarely a good idea to subject individuals within a client organization to scrutiny regarding the handling of their own ESI. Individual custodians or IT professionals may not recognize the relevance of certain electronic documents. And the process of self-selecting ESI may lead to errors and/or inadvertent spoliation of data. Trained technicians, on the other hand, are accustomed to collecting ESI and can provide expert testimony if necessary. Also, they routinely prepare documentation and reports associated with collecting ESI.
That said, it does not mean that, in appropriate circumstances, a client organization may never collect their own ESI. There are relatively simple to use and affordable software tools on the market that make collecting ESI defensible. The question for the organization and perhaps their counsel is how much risk they are willing to assume in connection with the collection.
Conclusion: What does “done” look like?
Each case and collection project turns on its own unique circumstances. The collection method used should be based on the needs of the case and the client. Regardless of which collection tool is used, the objectives here provide the framework for development of a defensible collection process. That process should include planning and scoping the collection and trained personnel who use write-protecting tools and quality assurance measures. And, of course, the completion of documentation to memorialize the collection.
It is worthwhile to also consult other resources related to collecting ESI, such as the EDRM. Many white papers prepared by reputable service providers in the industry are good resources as well.