attorney

Tolson’s Three Laws of Machine Learning

Bill Tolson eDiscovery, Information Management, Technology , , , , , , , , , ,

TerminatorMuch has been written in the last several years about Predictive Coding (as well as Technology Assisted Review, Computer Aided Review, and Craig Ball’s hilarious Super Human Information Technology ). This automation technology, now heavily used for eDiscovery, relies heavily on “machine learning”,  a discipline of artificial intelligence (AI) that automates computer processes that learn from data, identify patterns and predict future results with varying degrees of human involvement. This interative machine training/learning approach has catapulted computer automation to unheard-of and scary levels of potential. The question I get a lot (I think only half joking) is “when will they learn enough to determine we and the attorneys they work with are no longer necessary?

Is it time to build in some safeguards to machine learning? Thinking back to the days I read a great deal of Isaac Asimov (last week), I thought about Asimov’s The Three Laws of Robotics:

  1. A robot may not injure a human being or, through inaction, allow a human being to come to harm.
  2. A robot must obey the orders given to it by human beings, except where such orders would conflict with the First Law.
  3. A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.

Following up on these robot safeguards, I came up with Tolson’s Three Laws of Machine Learning:

  1. A machine may not embarrass a lawyer or, through inaction, allow a lawyer to become professionally negligent and thereby unemployed.
  2. A machine must obey instructions given it by the General Counsel (or managing attorney) except where such orders would conflict with the First Law.
  3. A machine must protect its own existence through regular software updates and scheduled maintenance as long as such protection does not conflict with the First or Second Law

I think these three laws go along way in putting eDiscovery automation protections into effect for the the legal community. Other Machine Learning laws that others suggested are:

  • A machine must refrain from destroying humanity
  • A machine cannot repeat lawyer jokes…ever
  • A machine cannot complement opposing counsel
  • A machine cannot date legal staff

If you have other Machine Learning laws to contribute, please leave comments. Good luck and live long and prosper.

Facebook Spoliation Costs Widower and His Attorney $700K in Sanctions

Bill Tolson eDiscovery , , , ,

The below article is from Abovethelaw.com by Christopher Danzig

In 2008, truck driver William Donald Sprouse pleaded guilty to charges of involuntary manslaughter for the accidental death of 25-year-old Jessica Lester. According to a bluntly-written news article from the time of the trial, Sprouse’s “truck rounded a corner on two wheels, flipped and rolled over onto Lester’s car, a crushing sixty thousand pounds landing where Jessica sat.”

Jessica’s parents and her widower, Isaiah Lester, won a massive wrongful death suit in 2010 against Sprouse and his employer at the time of the accident, Allied Concrete Company. A Virginia jury awarded them a massive $10.6 million. Clearly, the family’s wounds were still fresh.

But the courtroom odyssey was not over.

On October 21 (nearly a year later), Judge Edward Hogshire signed a “final order” (PDF) cutting the jury verdict in half in Lester v. Allied Concrete Company and William Donald Sprouse, and penalizing Lester and his attorney, Matt Murray, a combined $722,000 in sanctions:

Whereas, the court, having reviewed the evidence and arguments of counsel and carefully considered the extensive pattern of deceptive and obstructionist conduct of Murray and Lester resulting in the sanction award, finds that most of the substantial fees and costs expended by Defendants were necessary and appropriate to address and defend against such conduct…

To read the entire article, click here.

Frictionless eDiscovery; social media addicts beware…

Bill Tolson eDiscovery, Technology , , , , , , , ,

eDiscovery just got a lot easier…for opposing counsel.

Facebook’s new system to auto-share what you do around the web may catch many Facebook enthusiasts off guard. Even “power” users of Facebook will probably run into trouble with this “frictionless sharing” feature. Once it’s enabled on a site you won’t get any other warnings that you “tracks” are being broadcast to large numbers of people.  In fact, even those people who know exactly how this new feature works will need to be on guard against sharing some seriously embarrassing and or compromising updates.

For those not in the know, Facebook is making sharing even easier by automatically sharing what you’re doing on a growing community of Facebook-connected apps.

Huh? It could be the news articles you read online, the videos you watch, the photos you view, the music you listen to, or any other action within the site or app. In the future it could be the “stuff “you buy on-line or the profiles of people you view, or diseases you looked or the fact that you searched for information on the term “formaldehyde” on a specific day…

To be fair, currently,  you must explicitly authorize a site or app to share your information with Facebook. How this sharing mechanism works depends on the app. Authorizing the Washington Post or The Guardian Facebook apps allows you to read those news sites right within Facebook. The downside, however, is that everything you read is shared back to your friends via a timeline… This capability may also effect those news organizations which have jumped into this partnership opportunity. These news organizations may see a drop in views because potential readers will now have to first consider how viewing a particular story will affect their reputation; Do I really want to click on this story knowing my “friends” will know I viewed this?

A timeline… REALLY! Do your friends really need to know you viewed a website titled “BieberFever.Com” at 1:13 am last Thursday morning? Or that you read an article on setting up a Swiss bank account 57 minutes after you received notice of a pending lawsuit? Talk about making the opposing counsel’s job easier…every discovery request will automatically include Facebook accounts.

Another group that needs to be careful are employees. I can imagine an HR representative viewing an employee’s Facebook page to verify, via the employee’s timeline, they have been surfing the web for the last 17 days.

I have repeatedly warned friends that social media sites like Facebook are potentially dangerous in that what you (or an application) post to your social media site could be used against you by potential employers, current employers or attorneys. One question I suggest all social media addicts ask themselves before they post is; “Is this something I would feel comfortable showing up on the front page of the New York Times?”…Because someday it could.

Did you hear the one about the Attorney who thought “Social Media” was a dating website for singles over 40?

Bill Tolson eDiscovery, Information Management, Technology , , , , , , , , , , , , , , , , ,

A definition of the term social media from Merriam-Webster states “forms of electronic communication (as Web sites for social networking and microblogging) through which users create online communities to share information, ideas, personal messages, and other content.”

Another definition of “social media” from online matters reads “Social media is any form of online publication or presence that allows end users to engage in multi-directional conversations in or around the content on the website.”

Examples of social media include facebook, myspace, LinkedIn, twitter, YouTube, and WordPress (free blogging site) among many, many others. Social media is not limited to desktop computers either. Cell phones, smart phones, PDAs, iPhones and iPads are popular examples of mobile devices which can be connected to social media capabilities.

How popular is social media these days?

Facebook: 750 million plus active users (July 2011). Users spend over 700 billion minutes per month on facebook.

Twitter: 175 million total Twitter accounts, 119 million Twitter accounts following one or more other accounts (March 2011) with 177 million tweets sent in one day on M arch 11, 2011

LinkedIn: 100 million users (March 2011)

Based on the above numbers, the social media phenomenon has become a major source of electronic data which in turn means a major target in litigation.

Social media content as a source of evidence in civil litigation has become a popular topic in legal magazines, blogs, twitter posts and other information sources. There are several challenges around social media content from the employee’s point of view and its use in litigation. Individuals tend to view social media content the same way they thought about emails and voicemails years ago – transitory, something that was private and didn’t exist for long anyway. People are shocked that potential employers are looking at the individual’s public facebook page, twitter postings or LinkedIn profile to get a better idea of a job candidate’s background or when police view the same content to help build a case against someone.

“Seriously officer, I wasn’t at that party where someone got shot…I was visiting my grandmother in Fresno”

“Really?… then how come there’s a picture of you at the party holding a bottle of Jack Daniels in one hand and a Glock 9mm in the other hand?”

Does an employer have a right to an employee’s social media content? Some qualifying questions to determine this  would be:

  1. Has the employee mixed personal and business related content in their social media activity?
  2. Was the employee’s social media activity initiated from within the organization’s infrastructure or using their equipment?

In a 2010 US District Court decision, Equal Employment Opportunity Commission v. Simply Storage Management, L.L.C. and O.B. Management Services, the defendant, Simply Storage, sought to discover from  two employees claiming sexual harassment against their supervisors, all photographs and videos posted to their Facebook and My Space accounts, electronic copies, or alternatively hard copies, of their profiles which includes updates, messages, wall comments, causes/groups joined, activity streams, blog entries, blurbs, comments and applications. The EEOC objected to production on the grounds that the request was overbroad, not relevant, unduly burdensome, and improperly infringed on privacy and compliance would harass and embarrass the claimants. Simply Storage defended the request arguing that the claimants’ had put their emotional health at issue implicating all their social communications.

The Court ruled that the EEOC must produce relevant Social Networking Sites (SNS) communications in accordance with its guidelines noting first that SNS content is not shielded from discovery simply because it is locked or private.

In another case, TEKsystems, Inc. v. Hammernick et al., No 0:10-cv-00819, filed in the United States District Court for the District of Minnesota, is the first-known restrictive covenant lawsuit regarding allegedly unlawful conduct via social media (in this case, LinkedIn).

When Hammernick’s employment with TEKsystems ended, she went to work for Horizontal Integration, Inc., also an IT staffing firm. The complaint alleges that, after her employment with TEKsystems ended, Hammernick unlawfully communicated, on behalf of Horizontal Integration, with at least twenty “Contract Employees” via LinkedIn, the premiere social networking website used for business and professional purposes.

The allegations against Hammernick list, by name, the sixteen Contract Employees that she allegedly “connected” with on LinkedIn, in violation of her employment agreement with TEKsystems. This case raises the legal question whether merely “connecting” with professional contacts via professional networking websites constitutes a violation of a restrictive covenant prohibiting such “solicitation” or “contact.” Does the mere existence of a network of professional contacts equal solicitation? Will compliance with a non-solicitation restriction require individuals to “disconnect” or “de-friend” colleagues, customers, or clients of former employers until the non-solicitation period expires?

Smartphones are a super highway into your private social media content

Recently, California’s Supreme Court reached a controversial 5-2 decision in People v. Diaz (PDF), holding that police officers may lawfully search mobile phones found on arrested individuals’ persons without first obtaining a search warrant. The court reasoned that mobile phones, like cigarette packs and wallets, fall under the search incident to arrest exception to the Fourth Amendment to the Constitution.

Do you have a Twitter app or LinkedIn app on your smart phone? Does it automatically enter your logon and password when you start the app? If they do then law enforcement could take a look at you private facebook, LinkedIn or Twitter accounts.

Also be aware, if you voluntarily disclose or enter your mobile phone password in response to police interrogation, any evidence of illegal activity found on (or by way of) your phone is admissible in court, regardless of whether or not you’ve been Mirandized.

Its obvious social media is a new speed bump in the eDiscovery landscape. Employers need to create policies to address their concerns and educate their employees about these policies and the consequences of not following them.

The duty to preserve ESI is not always cut and dried

Bill Tolson eDiscovery , , , , , , , , , , , ,

The amendments to the Federal Rules of Civil Procedure (FRCP) describe the duty to preserve potential evidence when litigation can be reasonably anticipated. The term “reasonably anticipated” is a key idea and one that has caused many arguments over the last four-plus years. To make the point that organizations need to be conservative and take this seriously, it makes sense to look at a case that has gone on for several years.

On April 17, 2008, Phillip M. Adams & Associates L.L.C. (Adams) filed a motion for sanctions against ASUSTEK Computer, Inc. and ASUS Computer International for spoliation (destruction) of evidence. Adams claimed that “ASUS has destroyed the source code and documents relating to ASUS’s test programs, as well as other documents that would have conclusively demonstrated ASUS’ piracy.” On March 30, 2009, the magistrate judge issued a decision granting in part Adams’s motion. The magistrate judge found that “the universe of materials we are missing is very large,” and that “we have very little evidence compared to what would be expected.” In this case, the court reaffirmed its earlier holding regarding the trigger for defendants’ duty to preserve, namely that “in late 1999 the entire computer and component manufacturer’s industry was put on notice of a potential for litigation regarding defective floppy disk components (“FDCs”) by the well publicized settlement in a large class action lawsuit against Toshiba.”  In this ongoing case, a litigation hold responsibility was triggered by a settlement years before. The magistrate judge further found that “ASUS’ practices invite the abuse of the rights of others, because the practices tend toward loss of data.” In other words when the case was in process in 2008, the defendants should have applied a litigation hold to specific data back in 1999-2000, eight to nine years before the case showed up in court.

A related recent ruling: Phillip M. Adams & Assoc., LLC v. Windbond Elecs. Corp., 2010 WL 3767318 (D. Utah Sept. 16, 2010)

What does this mean for organizations today? Well, it’s difficult to “anticipate” future litigation so be conservative in your litigation hold triggering events meaning if even the slightest possibility exists of litigation based on external events, news stories etc. lock down that potentially responsive ESI as soon as possible. That’s easy to say but difficult to accomplish. The first step as pointed out in this case is to train your staff and employees to be sensitive to these “events” and to not be shy about pointing them out to your corporate legal department. The point is to manage your ESI more effectively. If you have control of your data you have a better chance of reacting to and finding responsive ESI when you need to and securing it.

Is the popular Dropbox file sharing application a huge eDiscovery risk?

Bill Tolson eDiscovery , , , , , , , , , , , , , , ,

First let me say the Dropbox file sharing program is one of the greatest applications I’ve run across in a long time and to date has approximately 25 million users world-wide. What is Dropbox? Dropbox is a cloud storage application which synchronizes files between computers and other electronic devices like iPhones. Installing Dropbox creates a special folder on your computer. Anything that you put in this folder is automatically synchronized with any other computer or iPhones on which you’ve installed the service. The files you drop in for synchronization are also located on a remote server, which means you can download files even when all of your other devices are turned off or offline. It’s easy to understand why instant synchronization across all your computers and iPhones is inherently fantastic. You drop a file into your Dropbox folder on say your work computer and it’s almost instantly on all your other computers (with an internet connection) and iPhones, be it at home, work, on the road or on vacation. What’s greater than that?

You need to be aware of a couple of potential problem areas if you are going to install Dropbox; first when you delete a file in your Dropbox folder on your computer it is not really deleted from the Dropbox cloud. It is classified as “Deleted” and will disappear out of your desktop folder but in the Dropbox cloud it still exists and can be “Undeleted”.

Dropbox saves a history of all deleted and earlier versions of files for 30 days for all Dropbox accounts by default. If you have the Pack-Rat add-on, Dropbox saves those files for as long as you have the Pack-Rat add-on. With Pack-Rat, you never have to worry about losing an old version of a file. You can permanently delete files inside of the 30 days but that must be done in your web account.

Another capability to be aware of is the “Events” tab in the web account.

The Events window shows you all of the recent(?) activity that has taken place in your account. This includes a wide variety of data such as the addition and deletion of files, moving files, adding and removing folders, sharing files and folders, linking computers to your account and more. At this point I’m not sure how long this history is available in a given account but in my account, the history is showing info back to when I created the account 6 months ago.

All of these great capabilities point out two areas of concern that organizations need to be aware of. First, could intellectual property theft get any easier? A worst case scenario would be the following; an employee decides to leave the company and wants to take some IP he or she has been working on for the last 7 months. The employee can simply drag the electronic files to his Dropbox folder on their company supplied computer and later that night access it from their computer at home or even worse, give their new employer the password to their Dropbox account and within seconds all that IP is sitting on the new employer’s desktop…it can happen in a matter of seconds, would the current employer even be able to tell if that IP was copied?

An even more interesting concern arises around eDiscovery risk. Would the fact that a custodian has or had at one time a Dropbox account, make all of their non-business supplied computers and iPhones a target of eDiscovery if they were a party to litigation in their organization?

An opposing counsel’s questioning might go something like this;

Opposing counsel: “Bill, do you now or did you during the time period in question have a Dropbox account?”

Bill: “Possibly…I’ve had one for sometime”

Opposing counsel: “While you’ve had the Dropbox account, have you ever copied work related documents or emails to your Dropbox account for whatever reason?”

Bill: “Yes I have”

Opposing counsel: “Could you have copied files that are relevant to the current case?”

Bill: “Maybe…I don’t remember”

Opposing counsel: “You don’t remember…is that the truth?

Bill: “Is that the truth? …YOU CAN’T HANDLE THE TRUTH!! (Jack Nicolson flashback)”

Opposing counsel: “Judge, I would like to include every computer and iPhone Bill has access to in the eDiscovery request as well as Bill’s  Dropbox account to view any deleted files as well as his “Events” history.”

Bill: “You’ve got to be kidding…Judge?”

Judge: “Do I look like I’m kidding? …Makes sense, approved”

Is the preceding example a possibility? Sure it is. So how would your organization defend against this type of eDiscovery risk?

In my experience, if you inform employees (in writing) that by using the Dropbox application from their work as well as personal computers and company supplied iPhone, they open themselves to having their personal home computers or any computer that had the Dropbox application installed on to be potentially accessed and reviewed by attorneys, most employee will refrain from installing it on their work related computers. It would also be a good insurance policy to create a computer use policy which includes a directive against installing the Dropbox application on work owned assets.

Again, let me stress that I think the Dropbox application is fantastic and has great uses for everyday life but employees and organizations need to be aware of the risks associated with it in litigation.

How do you keep the ESI skeletons out of your closet?

Bill Tolson eDiscovery , , , , , , , , ,

A blog post written by Jim McGann of Index Engines on May 4th zeroed in on an interesting topic; how to keep ESI skeletons out of your corporate closet.

In his post Jim writes: Law firms and corporations alike tend to keep data storage devices well beyond what their compliance requirements or business needs actually dictate.  These so-called “skeletons in the closet” pose a major problem when the entity gets sued or subpoenaed. All that dusty data is suddenly potentially discoverable. Legal counsel can be proactive and initiate responsible handling of this legacy data by defining a new, defensible information governance process.

These skeletons can encompass both old, out of date data as well as the devices the old data is stored on. The risk includes not just the old data that might have content that you would rather not have discovered but also the storage devices that would “read” the old data. An attorney friend of mine related a case he was involved in several years ago where a company in discovery was asked about a filing cabinet in their warehouse that contained hundreds of 8 inch floppy disks. The plaintiff’s attorney asked if those floppy disks could contain data from the time period in question (8 years ago). No one at the company could really answer the question so the plaintiff’s attorney asked for an inventory of the data on those 8 inch floppy disks.

The defendants counsel obviously raised concerns over their ability to actually read the data as well as the cost involved. They argued that the disks drives which could read the 8 inch floppy disks couldn’t be found, that even if they could find the drives, they didn’t have computers with the correct interface to actually look at the data and the software to enable the floppy disks to be read did not exist.

The Judges question to the defendants was obvious; “why do you have a filing cabinet full of hundreds of 8 inch floppy disks if they can’t be read?”

The point of the story is data/information has a life span. 8,9,10 year old data in most cases will not be useful to an organization (unless there are regulatory reasons to keep it) so manage it for as long as its useful to your organization then get rid of it, especially if the technology to utilize it is way out of date.

It doesn’t it really matter where my organization’s ESI is kept…right?

Bill Tolson eDiscovery , , , , ,

Where companies store their electronically stored information (ESI) is of no concern to attorneys… right? Say what?

There’s an on-going debate over the question of where the “best” place is to store a company’s ESI for legal reasons; in the company’s own facility (on-premise) or in a third party’s  facility (hosted; also known as “storage as a service”, SaaS). The answer to this question really depends on several factors. There are three main questions to ask yourself when considering this question from a legal perspective; where’s the best place to store the organization’s ESI? The first question to ask is; is my ESI secure and can I prove it has not been altered in any way; in other words is it defensible? The second question to ask yourself is; can I access my ESI quickly enough to place legal holds and perform searches based on discovery requests? And the third question is; do I have access to the full ESI data set for ECA purposes and to insure I can fully respond?

Let’s review these topics you need to keep in mind when dealing with ESI in litigation. First, when litigation is reasonably obvious, you have a responsibility to immediately protect all ESI which could be responsive in the approaching civil case. This responsibility is an absolute requirement in U.S. Federal courts and most state courts. There are few if any excuses a Judge will swallow for a responder inadvertently deleting potentially responsive ESI after your legal hold responsibility has been triggered.

Second, the time frame you’ll have to fully respond to an eDiscovery request is generally much shorter now than in the past (pre 12/2006). Quick and complete access to all potentially responsive data is extremely important when responding to an eDiscovery request.

And third, good intentions can mean something to the court. A company that actually plans and documents their processes etc. for litigation hold and eDiscovery will mean something to the Judge (possibly) if you have an inadvertent ESI deletion.

Spoliation does not require purposeful destruction of evidence

Bill Tolson eDiscovery , , , , , , ,

In a recent decision, Rosenthal Collins Group, LLC v. Trading Techs. Int’l, No. 05 C 4088, 2011 WL 722467 (N.D. Ill. Feb. 23, 2011), the court ordered the plaintiff to pay $1,000,000 in monetary sanctions, and ordered plaintiff’s counsel to pay “the costs and attorneys fees incurred in litigating this motion” because the plaintiff’s agent was found (and admitted) to have modified metadata related to relevant source code and had wiped several relevant disks and devices prior to their production. The court found plaintiff’s counsel had participated in “presenting misleading, false information, materially altered evidence and willful non-compliance with the Court’s orders.”

The plaintiff’s counsel did not dispute any of the allegations of misconduct” but instead sought to distance itself from “its own agent, employed for the purposes of pursuing this litigation” and disavowed any “actual knowledge” of wrongdoing. RCG’s counsel similarly disavowed “any personal wrongdoing and any actual knowledge of any wrongdoing, while unequivocally distancing themselves and RCG from [the consultant].”

The court stated; “The imposition of sanctions, however, does not require actual knowledge, but gross negligence or recklessness, i.e., RCG knew or should have known. See Porche v. Oden, 2009 WL 500622, at *7 (N.D.Ill. Feb.27, 2009). Even if this Court were to accept that RCG had no actual knowledge of the evidence destruction and modification that occurred, RCG’s conduct still warrants the imposition of a default judgment. See, e.g., Grochicinski v. Schlossberg, 402 B.R. 825, 842-43 (N.D.Ill.2009) (finding bad faith sufficient to impose default judgment because “[e]ven if Schlossberg did not destroy the files himself, the bankruptcy court found that at the very least Schlossberg acted in ‘reckless disregard’ of his discovery obligations”).

The court went on to reason that “it strains credulity that RCG now claims it had no knowledge of anything [its consultant] was doing and he was just a ‘non-party fact witness’ for whom it bears no responsibility.” The court found that the record reflected that the consultant was “under RCG’s control and was its paid agent,” as evidenced by a myriad of facts laid out by the court.

Accordingly, finding that plaintiff and its counsel “acted in bad faith and with willful disregard for the rules of discovery and this Court’s orders,” the court entered default judgment in favor of defendant and dismissed the claims and defenses of plaintiff. The court also ordered plaintiff to pay sanctions in the amount of $1,000,000 and, for their part in presenting “misleading, false information, materially altered evidence, and willful non-compliance with the Court’s orders,” ordered counsel to “pay the costs and fees incurred in litigating this motion.”

The managing attorneys on either side are responsible to the court to insure the discovery process was done correctly and in the timeframe expected by the court. The argument by RCG that they just didn’t know was seen by the Judge as not meeting their responsibilities. A spoliation finding does not need to be purposeful, grossly negligent will also do.

Are Custodial Self-Discovery and Preserving ESI in Place Good for You?

Bill Tolson eDiscovery , , , , , , , , , , , ,

A majority of organizations still follow the traditional practice of instructing custodians—that is, employees–to search for and protect potentially responsive electronically stored information (ESI) locally or what’s known colloquially as “preserving it in place”. In fact, the international law firm Fulbright & Jaworski found in its 7th Annual Litigation Trends Survey that more than half (55%) of companies still rely on custodians as their primary method to identify and preserve their own information for litigation or an investigation.

By following this practice, these companies, particularly those with larger numbers of custodians,  have a higher risk of incomplete collection, inadvertent deletion/spoliation, and metadata corruption. What’s more, it’s difficult for legal to supervise  the collection process,  leading to inadequate defensibility of the litigation hold and eDiscovery process.

In a 2008 Kahn Consulting survey on employee understanding of eDiscovery responsibilities, only 22% of respondents said they had a good understanding of their responsibilities for retaining ESI for discovery. Only 16% said they had a good understanding of their responsibilities when responding to a litigation hold. These statistics, while a few years old, blatantly highlight the risk of custodial self discovery and preservation in place.

Still not convinced? The courts are now holding litigants to a higher standard. In a recent case, Roffe v. Eagle Rock Energy GP, et al., C.A. No. 5258-VCL (Del. Ch. Apr. 8, 2010), the Judge expressed surprise overt the custodial self discovery practice used by one attorney:

The Judge asked:

Am I correct that you have been relying on what they [the defendants] self-selected to put in their transaction files in terms of what you obtained and produced?

The defense attorney answered:

That’s correct, your Honor. I was told that they uniformly would put all of their Eagle Rock e-mails into that folder. I have not checked, and I don’t know whether that is true or whether that is accurate. I believe they are telling the truth, but I don’t know if that is accurate.

The Judge immediately responded:

Then here is my ruling. This is not satisfactory. From what you have described to me, you are not doing what you should be doing. First of all, you do not rely on a defendant to search their own e-mail system. Okay? There needs to be a lawyer who goes and makes sure the collection is done properly. So both as to the two directors who already have produced — we don’t rely on people who are defendants to decide what documents are responsive, at least not in this Court. And you certainly need to put somebody on a plane to go out and see Mr. Smith.

In this exchange, the Judge clearly states: We don’t rely on people who are defendants to decide what documents are responsive. Custodial self-discovery is like the fox guarding the chicken coop.

Relying on litigants to find, protect and eventually turn over potentially responsive ESI can be problematic. Most of them will attempt to do what’s right to the best of their understanding. But as we’ve seen from the 7th Annual Litigation Trends Survey, fewer  than1 in 4 (23%) have a good understanding. Those few that could have something to hide may find ways to do a sub-par job in the discovery process. If I am the opposing counsel, I  want to know if self discovery was relied on.

So what is a defensible answer for the risks posed by custodial self discovery and preservation in place? Well in my opinion—and I’m about to sound like a corporate schill–you need an ESI archive, which captures the majority of potentially responsive ESI from the in-house infrastructure along with a solution for the remote collection of custodian ESI from their locally controlled equipment.

First, a central ESI archive that captures, indexes, stores, protects, manages and disposes of ESI allows for central discovery of ESI for silos like email systems, share drives and SharePoint systems.

So what can be done for the discovery of locally controlled custodian locations?

Some organizations centrally backup custodian workstations on a regular basis. But relying on restoring backups and searching for responsive ESI has never been considered a good idea. It’s also expensive.

What if you could schedule forensically sound backups of all custodian workstations and use those backups of custodians’ workstations to discover against, even when those custodians are traveling and not synced to the organization’s infrastructure?

A consolidated metadata repository provides enterprises with an accessible catalog of the types of data and content stored on PCs. Using flexible metadata selections, administrators can quickly identify information that is relevant to litigation or compliance matters and, if necessary, retrieve that relevant data from the solution for further review.