Stages of process
ThIdentification
The identification phase is when potentially responsive documents are identified for further analysis and review. In the United States, in '' Zubulake v. UBS Warburg'', Hon. Shira Scheindlin ruled that failure to issue a written legal hold notice whenever litigation is reasonably anticipated will be deemed grossly negligent. This holding brought additional focus to the concepts of legal holds, eDiscovery, and electronic preservation. Custodians who are in possession of potentially relevant information or documents are identified. To ensure a complete identification of data sources, data mapping techniques are often employed. Since the scope of data can be overwhelming or uncertain in this phase, attempts are made to reasonably reduce the overall scope during this phase - such as limiting the identification of documents to a certain date range or custodians.Preservation
A duty to preserve begins upon the reasonable anticipation of litigation. During preservation, data identified as potentially relevant is placed in a legal hold. This ensures that data cannot be destroyed. Care is taken to ensure this process is defensible, while the end-goal is to reduce the possibility of data spoliation or destruction. Failure to preserve can lead to sanctions. Even if the court ruled the failure to preserve as negligence, they can force the accused to pay fines if the lost data puts the defense "at an undue disadvantage in establishing their defense."Collection
Once documents have been preserved, collection can begin. Collection is the transfer of data from a company to their legal counsel, who will determine relevance and disposition of data. Some companies that deal with frequent litigation have software in place to quickly place legal holds on certain custodians when an event (such as legal notice) is triggered and begin the collection process immediately. Other companies may need to call in a digital forensics expert to prevent the spoliation of data. The size and scale of this collection is determined by the identification phase.Processing
During the processing phase, native files are prepared to be loaded into a document review platform. Often, this phase also involves the extraction of text and metadata from the native files. Various data culling techniques are employed during this phase, such as deduplication and de-NISTing. Sometimes native files will be converted to a petrified, paper-like format (such as PDF or TIFF) at this stage, to allow for easier redaction and bates-labeling. Modern processing tools can also employ advanced analytic tools to help document review attorneys more accurately identify potentially relevant documents.Review
During the review phase, documents are reviewed for responsiveness to discovery requests and for privilege. Different document review platforms can assist in many tasks related to this process, including the rapid identification of potentially relevant documents, and the culling of documents according to various criteria (such as keyword, date range, etc.). Most review tools also make it easy for large groups of document review attorneys to work on cases, featuring collaborative tools and batches to speed up the review process and eliminate work duplication.Production
Documents are turned over to opposing counsel, based on agreed-upon specifications. Often this production is accompanied by a load file, which is used to load documents into a document review platform. Documents can be produced either as native files, or in a petrified format (such as PDF or TIFF), alongside metadata.Types of electronically stored information
Any data that is stored in an electronic form may be subject to production under common eDiscovery rules. This type of data has historically included email and office documents, but can also include photos, video, databases, and other filetypes. Also included in ediscovery is " raw data", which forensic investigators can review for hidden evidence. The original file format is known as the "native" format. Litigators may review material from ediscovery in one of several formats: printed paper, "native file", or a petrified, paper-like format, such as PDF files or TIFF images. Modern document review platforms accommodate the use of native files, and allow for them to be converted to TIFF and Bates-stamped for use in court.Electronic messages
In 2006, the U.S. Supreme Court's amendments to the Federal Rules of Civil Procedure created a category for electronic records that, for the first time, explicitly named emails and instant message chats as likely records to be archived and produced when relevant. One type of preservation problem arose during the '' Zubulake v. UBS Warburg'' LLC lawsuit. Throughout the case, the plaintiff claimed that the evidence needed to prove the case existed in emails stored on UBS' own computer systems. Because the emails requested were either never found or destroyed, the court found that it was more likely that they existed than not. The court found that while the corporation's counsel directed that all potential discovery evidence, including emails, be preserved, the staff that the directive applied to did not follow through. This resulted in significantDatabases and other structured data
Structured data typically resides in databases or datasets. It is organized in tables with columns and rows along with defined data types. The most common are Relational Database Management Systems ( RDBMS) that are capable of handling large volumes of data such as Oracle, IBM Db2, Microsoft SQL Server, Sybase, and Teradata. The structured data domain also includes spreadsheets (not all spreadsheets contain structured data, but those that have data organized in database-like tables), desktop databases like FileMaker Pro and Microsoft Access, structured flat files, XML files, data marts, data warehouses, etc.Audio
Voicemail is often discoverable under electronic discovery rules. Employers may have a duty to retain voicemail if there is an anticipation of litigation involving that employee. Data from voice assistants like Amazon Alexa and Siri have been used in criminal cases.Reporting formats
Although petrifying documents to static image formats (tiff & jpeg) had become the standard document review method for almost two decades, native format review has increased in popularity as a method for document review since around 2004. Because it requires the review of documents in their original file formats, applications and toolkits capable of opening multiple file formats have also become popular. This is also true in the ECM (Enterprise Content Management) storage markets which are converging quickly with ESI technologies. Petrification involves the conversion of native files into an image format that does not require use of the native applications. This is useful in the redaction ofCommon issues
A number of different people may be involved in an electronic discovery project: lawyers for both parties, forensic specialists, IT managers, and records managers, amongst others. Forensic examination often uses specialized terminology (for example "image" refers to theEmerging trends
Alternative collection methods
Currently the two main approaches for identifying responsive material on custodian machines are: (1) where physical access to the organizations network is possible - agents are installed on each custodian machine which push large amounts of data for indexing across the network to one or more servers that have to be attached to the network or (2) for instances where it is impossible or impractical to attend the physical location of the custodian system - storage devices are attached to custodian machines (or company servers) and then each collection instance is manually deployed. In relation to the first approach there are several issues: * In a typical collection process large volumes of data are transmitted across the network for indexing and this impacts normal business operations * The indexing process is not 100% reliable in finding responsive material * IT administrators are generally unhappy with the installation of agents on custodian machines * The number of concurrent custodian machines that can be processed is severely limited due to the network bandwidth required New technology is able to address problems created by the first approach by running an application entirely in memory on each custodian machine and only pushing responsive data across the network. This process has been patented and embodied in a tool that has been the subject of a conference paper. In relation to the second approach, despite self-collection being a hot topic in eDiscovery, concerns are being addressed by limiting the involvement of the custodian to simply plugging in a device and running an application to create an encrypted container of responsive documents.Technology-assisted review
Technology-assisted review (TAR)—also known as computer-assisted review or predictive coding—involves the application of supervised machine learning or rule-based approaches to infer the relevance (or responsiveness, privilege, or other categories of interest) of ESI. Technology-assisted review has evolved rapidly since its inception ''circa'' 2005. Following research studies indicating its effectiveness, TAR was first recognized by a U.S. court in 2012, by an Irish court in 2015, and by a U.K. court in 2016. Recently a U.S. court has declared that it is " black letter law that where the producing party wants to utilize TAR for document review, courts will permit it."S.D.N.Y (2015)Convergence with information governance
Anecdotal evidence for this emerging trend points to the business value of information governance (IG), defined bySee also
* Data mining * Data retention * Discovery (law) * Early case assessment * Electronically stored information (Federal Rules of Civil Procedure) * File hosting service * Forensic search * Information governance * Legal governance, risk management, and compliance *References
External links