Backups are an effective eDiscovery resource, if it’s the right backup

I have always been told relying on backups for eDiscovery purposes is a costly and time consuming mistake.

Searching through backup tapes or even a disk-based backup for eDiscovery is difficult. Imagine restoring 22 200 GB backup tapes of your employee workstations and

Consider an eDiscovery request which asks for any files on 73 custodian workstations which contain the terms “Mimosa” and “Iron Mountain” that were created or accessed between Feb 19 2008 and June 3 2010, all the while meeting a 30 day deadline from the court to produce. How would you quickly determine what if any responsive content exists on those 73 custodians laptops/desktops?

The scenario I laid out above is not a corner-case, made-up situation. I have seen this many times. Many of you will recognize a situation very close to this.

Now consider one additional requirement to the above scenario… you must insure any responsive ESI on those workstations are secure and not deleted (litigation hold) by the custodian starting right now.

Active content on custodian workstations and laptops is the single biggest risk when facing litigation hold and eDiscovery responsibilities for most organizations. The usual processes most organizations follow for custodian resource collection is either:

  1. Custodian led collection: the organizations legal department sends out a detailed email to all custodians’ involved asking them to search for specific content on their system (including any PSTs) and forward any results to the legal department. Many opposing counsel’s have a problem with this process


  1. The legal department creates collection teams which consist of a legal department employee and an IT employee to visit each custodian’s workspace to look for responsive ESI, usually including the imaging of the custodian’s hard disks. This imaging of the custodian’s hard disk takes hours and then has to be filtered somewhere else to look for responsive content.

What if you could utilize your centrally managed custodian workstation/laptop backup process for eDiscovery purposes?

Iron Mountain has addressed this major eDiscovery risk and cost with its newly announced Connected® Classify & Collect, a solution which simplifies the collection process for distributed PC ESI to comply with a legal hold request as well as discovery. The Connected Classify & Collect offering helps businesses to quickly find relevant data on laptop and desktop computers to meet litigation and compliance requirements.

The Connected® Classify & Collect offering makes laptop and desktop data easily visible, searchable and usable. It also protects data and prevents accidental deletion to support eDiscovery or internal investigations. Its enterprise-class data-classification capabilities give administrators visibility into vast amounts of data stored on enterprise PCs and allow them to lower eDiscovery costs by quickly collecting relevant information to be used for early-case assessments and first-pass reviews.

An interesting twist to this capability is the fact that even if the custodian is disconnected from the network, Classify & Collect can discover against the existing centrally managed backup of each custodian’s workstation or laptop. The next time the custodian connects to the network, additional searching will be accomplished automatically in the background on the custodian laptop.

Additionally, the Connected Classify & Collect offering helps businesses establish a thorough and defensible collection process with its ability to track all activities, including the search terms and documents returned to support internal reviews.

Employees Using Personal Email Accounts to Send Large Files

In a recent survey conducted by Osterman Research, it was revealed that 82 percent of employees use their personal email accounts to send large work-related files when an email attachment exceeds the size limit imposed by IT.

Is this a problem?…YES

Lets say your company is involved in civil litigation and has received interrogatories (written questions as part of the discovery process) from opposing counsel. One of the questions could be; “Has any of your employees or contractors ever sent business related emails or attachments to another party using their personal email account?” According to the Osterman data, 82% of your employees will answer yes to that question.

Why is this a problem?

First, your eDiscovery process including legal hold requirements will have to include searching your employees personal email accounts, if they give you permission. In my opinion, that doesn’t relieve you of the responsibility of protecting those responsive emails.

Second, eventually your employees are going to face the possibility of attorneys reading their personal emails and attachments from within their personal email accounts. There are few employees that will think this possibility is a good thing.

So how do you remove or at least lower this possibility?

First, create written email use policies that forbid employees from ever accessing their personal email accounts at work from employer provided equipment.

Second, Include in the above mentioned policy that company related records are never to be sent or received from personal email accounts.

Third, explain to employees that if they violate the policy, they could be fired.

Forth, explain that if they were to violate the policy, attorneys, including opposing counsel may be reading their personal emails in discovery some day.

Fifth, create a way within your infrastructure to send and receive large files so employees don’t have to fall back to using their personal email accounts to send or receive large business related files.