Does your organization utilize Office 365 for email? Is your organization required to journal email for compliance, legal, or business requirements? Do your Attorneys complain about the time it takes to find information for an eDiscovery request? If the answer is yes to any of these questions, then keep reading. Continue reading
eDiscovery
The Bottle is Only Half Full: Email Migration for eDiscovery
Many legal professionals aren’t aware that there is more to defensibly migrating an email archive in response to eDiscovery than simply copying the journaled email store. In a previous blog titled “What I Don’t Know Can Hurt Me; Beware of Indexers Disguised as Archive Migration Tools”, I talked about the eDiscovery issues you can run into when you migrate the email store without reconciling it with the email archive SQL database, i.e. you lose all associated email metadata showing folder structure, read/unread, follow-up reminders, sender and all recipients (including CC and BCC).
There is another issue that responders to an eDiscovery request must be aware of; there can be two potential sources of archived email content in an email archive; the journaled mailbox archive and the individual custodian archived mailboxes. Migrating only the archived journal mailbox versus the individual mailbox archives can put you at legal risk.
Journal mailbox archiving captures each individual message as it flows through the email server and stores it in a “journal mailbox,” which is a big bucket of all emails sent and received from all mailboxes (figure 1). The main benefit of journaling email is that it captures and protects every email sent and received. In the past, journaling was used to ensure compliance with the SEC requirement that all emails, for brokers and traders, be captured and secured for later review. Journaling also ensures that the original email message is captured in an unaltered (original) state. The down side of journaling is that it creates a “flat” archive with none of the metadata generated from within an individual’s mailbox once it has been received (or sent). This means that mailbox folder structure, forwarding, movements from mailbox folder to folder, and the fact that the email was opened, etc., are not captured when journaling email.
Direct mailbox archiving works differently from journaling in that the archive server will access each individual mailbox and archive anything new in that mailbox including new messages, drafts, email movements from folder to folder, etc. The benefit of direct mailbox archiving is that it captures additional content and metadata that could be important during litigation (figure 2). The downside is that this form of mailbox archiving can take much longer to complete.
To get the best of both worlds, many organizations will enable both types of email archive collection to ensure the capture of all messages in an unaltered state via journaling while also performing a direct mailbox archive once a day to capture the additional content and metadata.
The issue arises when the company or company’s vendor, in response to an eDiscovery request, chooses to migrate only the journaled email archive while certifying to the opposing counsel and court that ALL responsive data was migrated and reviewed (figure 3 – left side). Keep in mind, in legal discovery it is the duty of the responding party to search for, and turn over, all relevant data to opposing counsel. This includes all existing metadata that could be relevant to the case.
This incomplete production of data could trigger charges of incomplete discovery response or spoliation (destruction of evidence) if the archived metadata is lost or corrupted after the original data production.
Organizations migrating email from an archive, in response to an eDiscovery order, should ensure their migration vendor can defensibly migrate and reconcile both the journal and direct mailbox archives (figure 3 – right side).
Archive360 has experience in migrating email archives in response to eDiscovery requests. We defensibly migrate email so charges of incomplete eDiscovery or spoliation do not occur.
The Weak Link in the Information Security Chain…Law Firms
Many law firms are unwittingly setting themselves up to be a prime target for cyber criminals. But it is not the firm’s data that hackers might be looking for – it is the huge volume of client data that law firms handle on a daily basis that make them so appealing for cyber criminals to target.
eDiscovery continues to generate huge, and ever-growing data sets of ESI for law firms to manage. Those data sets are often passed to the client’s law firm for processing, review and production. The end result is law firms are sitting on huge amounts of sensitive client data and if the firm is not diligent about managing it, securing it, and disposing of it at the conclusion of the case. And absent serious reforms in the Rules of Civil Procedure, these data volumes will only continue to grow.
A 2014 ABA Legal Technology Survey Report found that 14% of law firms experienced a security breach in 2013 which included a lost or stolen computer or smartphone, a cyber-attack, a physical break in of website exploit event. That same survey reported that 45% of respondents had experienced a virus-based technology infection and boutique firms of 2 to 9 attorneys were the most likely to have experienced an infection. Law firms of 10 to 49 attorneys were the most likely to suffer security breaches.
A growing number of clients are demanding their law firms take data security more seriously and are laying down the law – “give us what we want or we will find another law firm that will…” Generally speaking, law firms have never been accused of being technology “early adopters” and while they still don’t need to be, they do need to take client (and firm) data security and management seriously and adopt technology and processes that will both satisfy their client’s rising expectations as well as their cyber insurance providers best practices.
At the end of the day, law firms should ask themselves a basic question: is my law firm prepared and equipped to protect our client’s data and if not, what’s the best strategy for my law firm going forward?
For more detail on this topic, download the Paragon white paper on this subject:
Dark (Data) Clouds on the Horizon
There have been many definitions of “Dark Data” over the last couple of years including: unstructured, unclassified, untagged, unmanaged and unknown electronic data that is resident within an organization’s enterprise. Most of these definitions center on unstructured data residing in an enterprise. But with the advent of BYOD and employees use of personal clouds, this definition should be expanded to include any corporate owned data, no matter where it resides.
Dark data, especially dark data stored outside of the company’s infrastructure (and awareness that it even exists) is an obvious liability for eDiscovery response, regulatory compliance, and corporate IP security.
Is BYOC a good idea?
Much has been written on the dangers of “Bring Your Own Device” (BYOD) but little has been written on the dangers of “Bring Your Own Cloud” (BYOC) otherwise known as personal clouds. Employees now have access to free cloud storage from many vendors that give them access to their content no matter where they are. These same personal clouds also provide automatic syncing of desktop folders and the ability to share specific documents or even entire folders. These personal clouds offer a fantastic use model for individuals to upload their personal content for backup, sharing and remote availability. In the absence of any real guidance from employers, employees have also begun to use these personal clouds for both personal and work purposes.
The problem arises when corporate-owned data is moved up to personal clouds without the organization’s approval or awareness. Besides the obvious problem of potential theft of corporate IP, effective eDiscovery and regulatory compliance become impossible. Corporate data residing in personal clouds become “Dark Clouds” to the organization; corporate data residing in repositories outside the organizations infrastructure, management or knowledge.
Dark Clouds and eDiscovery
Organizations have been trying to figure out what to do with huge amounts of dark data within their infrastructure, particularly when anticipating or responding to litigation. Almost everything is potentially discoverable in litigation if it pertains to the case, and searching for and reviewing GBs or TBs of dark data residing in the enterprise can push the cost of eDiscovery up substantially. But imagine the GBs of corporate dark data residing in employee personal clouds that the organization has zero awareness of… Is the organization still responsible to search for it, secure it and produce it? Depending on who you ask, the answer is Yes, No, and “it depends”.
In reality, the correct answer is “it depends”. It will depend on what the organization did to try and stop employee dark clouds from existing. Was a policy prohibiting employee use of personal clouds with corporate data in place; were employees alerted to the policy; did the organization try to audit and enforce the policy; did the organization utilize technology to stop access to personal clouds from within the enterprise, and did the organization use technology to stop the movement of corporate data to personal clouds (content control)?
If the organization can show intent and actions to ensure dark clouds were not available to employees, then the expectation of dark cloud eDiscovery search may not exist. But if dark cloud due diligence was not done and/or documented, all bets are off.
Regulatory Compliance and Dark Clouds
Employee personal clouds can also end up becoming the repository of sensitive data subject to regulatory security and privacy requirements. Personally identifiable information (PII) and personal health information (PHI) under the control of an organization are subject to numerous security and privacy regulations and requirements that if not followed, can trigger costly penalties. But inadvertent exposure can occur as employees move daily work product up to their personal clouds to continue work at home or while traveling. A problem is many employees are not trained on recognizing and handling sensitive information; what is it, what constitutes sensitive information, how should it be secured, and the liabilities to the organization if sensitive information is leaked. The lack of understanding around the lack of security of personal clouds and the devices used to access them are a related problem. Take, for example, a situation where an employee accesses their personal cloud while in a coffee shop on an unsecured Wi-Fi connection. A hacker can simply gain access to your laptop via the unsecured Wi-Fi connection, access your personal cloud folder, and browse your personal cloud through your connection (a password would not be required because most users opt to auto-sign in to their cloud accounts as they connect on-line).
As with the previous eDiscovery discussion, if the organization had taken the required steps to ensure sensitive data could not be leaked (even inadvertently by the employee), they leave themselves open for regulatory fines and more.
Reducing the Risk of Dark Clouds
The only way to stop the risk associated with dark clouds is to stop corporate data from leaving the security of the enterprise in the first place. This outcome is almost impossible to guarantee without adopting draconian measures that most business cultures would rebel against but there are several measures that an organization can employ to at least reduce the risk:
- First, create a use policy to address what is acceptable and not acceptable behavior when using organization equipment, infrastructure and data.
- Document all policies and update them regularly.
- Train employees on all policies – on a regular basis.
- Regularly audit employee adherence to all policies, and document the audits.
- Enforce all breaches of the policy.
- Employee systematic security measures across the enterprise:
- Don’t allow employee personal devices access to the infrastructure – BYOD
- Stop employee access to personal clouds – in many cases this can be done systematically via cutting specific port access
- Employ systematic enterprise access controls
- Employ enterprise content controls – these are software applications that control access to individual content based on the actual content and the user’s security profile.
Employee dark clouds are a huge liability for organizations and will become more so as attorney’s become more educated on how employees create, use, store and share information. Now days,
Law Firms, HIPAA and the “Minimum Necessary Standard” Rule
The HIPAA Omnibus Rule became effective on March 26, 2013. Covered entities and Business Associates had until September 23, 2013 to become compliant with the entirety of the law including the security rule, the privacy rule and the breach notification rule. Law firms that do business with a HIPAA regulated organization and receive protected health information (PHI) are considered a Business Associate (BA) and subject to all regulations including the security, privacy and breach notification rules. These rules are very prescriptive in nature and can impose additional procedures and additional cost to a law firm.
Under the HIPAA, there is a specific rule covering the use of PHI by both covered entities and Business Associates called the “Minimum Necessary Stand” rule or 45 CFR 164.502(b), 164.514(d). The HIPAA Privacy rule and minimum necessary standard are enforced by the U.S. Department of Health and Human Services Office for Civil Rights (OCR). Under this rule, law firms must develop policies and procedures which limit PHI uses, disclosures and requests to those necessary to carry out the organization’s work including:
- Identification of persons or classes of persons in the workforce who need access to PHI to carry out their duties;
- For each of those, specification of the category or categories of PHI to which access is needed and any conditions appropriate to such access; and
- Reasonable efforts to limit access accordingly.
The minimum necessary standard is based on the theory that PHI should not be used or disclosed when it’s not necessary to satisfy a particular job. The minimum necessary standard generally requires law firms to take reasonable steps to limit the use or disclosure of, PHI to the minimum necessary to represent the healthcare client. The Privacy Rule’s requirements for minimum necessary are designed to be flexible enough to accommodate the various circumstances of any covered entity.
The first thing firms should understand is that, as Business Associates subject to HIPAA through their access and use of client data, firms are subject to the Minimum Necessary Standard, which requires that when a HIPAA-covered entity or a business associate (law firm) of a covered entity uses or discloses PHI or when it requests PHI from another covered entity or business associate, the covered entity or business associate must make “reasonable efforts to limit protected health information to the minimum necessary to accomplish the intended purpose of the use, disclosure, or request.”
Law firm information governance professionals need to be aware of this rule and build it into their healthcare client related on-boarding processes.
You Don’t Know What You Don’t Know
The Akron Legal News this week published an interesting editorial on information governance. The story by Richard Weiner discussed how law firms are dealing with the transition from rooms filled with hard copy records to electronically stored information (ESI) which includes firm business records as well as huge amounts of client eDiscovery content. The story pointed out that ESI flows into the law firm so quickly and in such huge quantities no one can track it much less know what it contains. Law firms are now facing an inflection point, change the way all information is managed or suffer client dissatisfaction and client loss.
The story pointed out that “in order to function as a business, somebody is going to have to, at least, track all of your data before it gets even more out of control – Enter information governance.”
There are many definitions of information governance (IG) floating around but the story presented one specifically targeted at law firms: IG is “the rules and framework for managing all of a law firm’s electronic data and documents, including material produced in discovery, as well as legal files and correspondence.” Richard went on to point out that there are four main tasks to accomplish through the IG process. They are:
- Map where the data is stored;
- Determine how the data is being managed;
- Determine data preservation methodology;
- Create forensically sound data collection methods.
I would add several more to this list:
- Create a process to account for and classify inbound client data such as eDiscovery and regulatory collections.
- Determine those areas where client information governance practices differ from firm information governance practices.
- Reconcile those differences with client(s).
As law firms’ transition to mostly ESI for both firm business and client data, law firms will need to adopt IG practices and process to account for and manage to these different requirements. Many believe this transition will eventually lead to the incorporation of machine learning techniques into IG to enable law firm IG processes to have a much more granular understanding of what the actual meaning of the data, not just that it’s a firm business record or part of a client eDiscovery response. This will in turn enable more granular data categorization capability of all firm information.
Iron Mountain has hosted the annual Law Firm Information Governance Symposium which has directly addressed many of these topics around law firm IG. The symposium has produced ”A Proposed Law Firm Information Governance Framework” a detailed description of the processes to look at as law firms look at adopting an information governance program.
Cloudy, with a chance of eDiscovery
In the last year there has numerous articles, blogs, presentations and panels discussing the legal perils of “Bring Your Own Device” or BYOD policies. BYOD refers to the policy of permitting employees to bring personally owned mobile devices (laptops, tablets, and smart phones) to their workplace, and to use those devices to access privileged company information and applications. The problem with BYOD is company access to company data housed on the device. For example, how would you search for potentially relevant content on a smartphone if the employee wasn’t immediately available or refused to give the company access to it?
Many organizations have banned BYOD as a security risk as well as a liability when involved with litigation.
BYOC Equals Underground Archiving?
Organizations are now dealing with another problem, one with even greater liabilities. “Bring your own cloud” or BYOC refers to the availability and use by individuals of free cloud storage space available from companies like Microsoft, Google, Apple, Dropbox, and Box.net. These services provide specific amounts of cloud storage space for free.
The advantage to users for these services is the ability to move and store work files that are immediately available to you from anywhere; home or while they’re traveling. This means employees no longer have to copy files to a USB stick or worse, email work files as an attachment to their personal email account. The disadvantage of these services are that corporate information can easily migrate away from the organization with no indication they were ever copied or moved – otherwise known as “underground archiving”. This also means that potentially responsive information is not protected from deletion or available for review during eDiscovery.
Stopping employee access to outside public clouds is a tough goal and may negatively affect employee productivity unless the organization offers something as good that they can manage and access as well. For example several companies I have talked to over the last year have begun offering Dropbox accounts to employees with the understanding that the company has access to for compliance, eDiscovery or security reasons all the while providing the employee the advantages of a cloud account.
The other capability organizations should research about these cloud offerings is their ability to respond to legal hold and eDiscovery search. Questions to consider include: Does the organization have the ability to search across all company owned accounts for specific content? What type of search do they offer; Keyword, concept? Can the organization view the contents of documents without changing the document metadata? Can the organization place to “stop” on deletions by employees at any time?
Organizations need to be aware of and adapt to these cloud services and be thorough in addressing them.
For Corporate counsel:
- Be aware these types of cloud storage services exist for your employees.
- Think about offering these cloud services to employees under the organization’s control.
- Create a use policy addressing these services. Either forbid employees from setting up and using these services from any work location and company owned equipment or if allowed be sure employees acknowledge these accounts can and will be subject to eDiscovery search.
- Audit the policy to insure it is being followed.
- Enforce the policy if employees are not following it.
- Train the employees on the policy.
- Document everything.
For employees:
- Understand that if you setup and use these services from employer locations, equipment and with company ESI, all content in that account could be subject to eDiscovery review, personal or company related.
- Ask your organization what the policy is for employee use of cloud storage/
- If you use these services for work, only use them with company content, not personal files.
- Be forthcoming with any legal questioning about the existence of these services you use.
- Do not download any company ESI from these services to any personal computer, this could potentially open up that personal computer to eDiscovery by corporate counsel
For opposing counsel:
Be aware of these services and ask the following questions during discovery:
- Do any of your employees utilize company sanctioned or non-sanctioned public cloud storage services?
- Do you have a use policy which addresses these services?
- Does the policy penalize employees for not following this use policy?
- Do you audit this use policy?
- Have you documented the above?
These cloud services are an obvious productivity tool for employees to utilize to make their lives easier as well as more productive. All involved need to be aware of the eDiscovery implications.
Tolson’s Three Laws of Machine Learning
Much has been written in the last several years about Predictive Coding (as well as Technology Assisted Review, Computer Aided Review, and Craig Ball’s hilarious Super Human Information Technology ). This automation technology, now heavily used for eDiscovery, relies heavily on “machine learning”, a discipline of artificial intelligence (AI) that automates computer processes that learn from data, identify patterns and predict future results with varying degrees of human involvement. This interative machine training/learning approach has catapulted computer automation to unheard-of and scary levels of potential. The question I get a lot (I think only half joking) is “when will they learn enough to determine we and the attorneys they work with are no longer necessary?
Is it time to build in some safeguards to machine learning? Thinking back to the days I read a great deal of Isaac Asimov (last week), I thought about Asimov’s The Three Laws of Robotics:
- A robot may not injure a human being or, through inaction, allow a human being to come to harm.
- A robot must obey the orders given to it by human beings, except where such orders would conflict with the First Law.
- A robot must protect its own existence as long as such protection does not conflict with the First or Second Law.
Following up on these robot safeguards, I came up with Tolson’s Three Laws of Machine Learning:
- A machine may not embarrass a lawyer or, through inaction, allow a lawyer to become professionally negligent and thereby unemployed.
- A machine must obey instructions given it by the General Counsel (or managing attorney) except where such orders would conflict with the First Law.
- A machine must protect its own existence through regular software updates and scheduled maintenance as long as such protection does not conflict with the First or Second Law
I think these three laws go along way in putting eDiscovery automation protections into effect for the the legal community. Other Machine Learning laws that others suggested are:
- A machine must refrain from destroying humanity
- A machine cannot repeat lawyer jokes…ever
- A machine cannot complement opposing counsel
- A machine cannot date legal staff
If you have other Machine Learning laws to contribute, please leave comments. Good luck and live long and prosper.
Visualizing Hawaii: A GC’s Perspective Pt 2
Continued from yesterday…
Scenario #2 (using the same example from yesterday except your email retention policy is now 2 years and you have an Information Governance program that ensures all unstructured data is searchable and actively managed in place)
Its 1:52 pm on the Friday before you leave on a much anticipated 2 week vacation in Hawaii…yada, yada, yada
It’s a letter from the law offices of Lewis, Gonsowski & Tolson informing you that their client, ACME Systems, is suing your company for $225 million for conspiracy to harm ACME’s reputation and future sales by spreading false information about ACME’s newest product line. You’re told that the plaintiff has documentation (an email) from an ABC Systems employee outlining the conspiracy. You also receive a copy of the “smoking gun” email…
——-
From: Ted
Date: June 2, 2012
To: Rick
Re: Acme Systems new solutions
“I would say we need to spread as much miss-information and lies about their solution’s capabilities as possible. We need to throw up as much FUD as we can when we talk to the analyst community to give us time to get our new application to market. Maybe we can make up a lie about them stealing their IP from a Chinese company.”
——-
Should I cancel the vacation? …Not yet
You call the VP of IT and ask her if she has the capability to pull an email from 13 months ago. She tells you she does have all of the emails going back two years but there are literally millions of them and it will take weeks to go through them.
You remember getting a demo from Recommind two weeks ago showing their On Demand Review and Analysis platform with a really neat capability to visualize data relationships. So you call up Recommind and setup a quick job.
IT starts the upload of the email data set to the Recommind Cloud platform.
You call your wife and ask her to delay the vacation until Monday…she’s not happy but it could have been worse.
The next morning (Saturday) you meet your team at the office and sign into the hosted eDiscovery platform and pull up the visualization module and run a search against the uploaded email data set for any mention of ACME Systems. Out of the 2 million emails you get hits on 889 emails.
You then ask the system to graphically show the messages by sender and recipient. You quickly find Ted and Rick and their email and even one from Rick to David… Interesting.
Within the hour you are able to assemble the entire conversation thread:
Email #1
From: CEO
Date: May 29, 2012
To: Sandra; Steve
Subject: Acme Systems new solutions
Please give some thought about what we should do to keep momentum going with our sales force in response to ACME Systems latest release of their new router. I can see our sales force getting discouraged with this new announcement.
Please get back to me with some ideas early next week.
Thanks Greg
Email #2
From: Steve
Date: May 29, 2012
To: Greg; Sandra
Re: Acme Systems new solutions
Greg, I will get with Sandra and others and brainstorm this topic no later than tomorrow and get back to you. Sandra, what times are good for you to get together?
Thanks Steve
Email #3
From: Sandra
Date: May 30, 2012
To: Ted
Re: Acme Systems new solutions
Ted, considering ACME’s new router announcement, how do you think we should counter their PR?
Thanks Sandra
Email #4
From: Ted
Date: June 1, 2012
To: Sandra; Bob
Re: Acme Systems new solutions
If it wasn’t illegal, I would suggest we need to spread as much misinformation about their new router as possible to the analyst community to create as mush FUD as we can to give us time to get our new solution out. Maybe we can make up a lie about them stealing their IP from a Chinese company.
But obviously that’s illegal (right?). Anyway…I suggest we highlight our current differentiators and produce a roadmap showing how and when we will catch and surpass them.
Regards Ted
Email #5
From: Rick
Date: June 1, 2012
To: Ted
Re: Acme Systems new solutions
Ted, I heard you had a funny suggestion for what we should do about ACME’s new router… What did you say?
Thanks Bob
Email #6 (The incriminating email)
From: Ted
Date: June 2, 2012
To: Rick
Re: ACME Systems new solutions
“I would say we need to spread as much miss-information and lies about their solution’s capabilities as possible. We need to throw up as much FUD as we can when we talk to the analyst community to give us time to get our new application to market. Maybe we can make up a lie about them stealing their IP from a Chinese company.”
It looks like I will make the flight Monday morning after all…
The moral of the story
Circumstances often dictate the need for additional technical capabilities and experience levels to be acquired – quickly. The combination of rising levels of litigation, skyrocketing volumes of information being stored, tight budgets, short deadlines, resource constraints, and extraordinary legal considerations can put many organizations involved in litigation at a major disadvantage.
The relentless growth of data, especially unstructured data, is swamping many organizations. Employees create and receive large amounts of data daily, a majority of it is email – and most of it is simply kept because employees don’t have the time to spend making a decision on each work document or email whether it rises to the level of a record or important business document that may be needed later. The ability to visualize large data sets provides users the opportunity to get to the heart of the matter quickly instead of looking at thousands of lines of text in a table.
Visualizing Hawaii: A GC’s Perspective or the Case of the Silent Wife
ABC Systems is a mid-size technology company based in the U.S. that designs and manufactures wireless routers…
Its 1:52 pm on the Friday before you leave on a much anticipated 2 week vacation in Hawaii. You’re having difficulty not thinking about what the next two weeks hold. You talk yourself into powering through the 176 emails you received since yesterday when you notice your administrative assistant has put an actual letter on your desk while you were daydreaming…
It’s a letter from the law offices of Lewis, Lewis & Tolson informing you that their client, ACME Systems, is suing your company for $225 million for conspiracy to harm ACME’s reputation and future sales by spreading false information about their newest product line. You’re told that the plaintiff has documentation (an email) from an ABC Systems employee outlining the conspiracy. You also receive a copy of the “smoking gun” email…
————
From: Ted
Date: June 2, 2012
To: Rick
Re: ACME Systems new solutions
“I would say we need to spread as much mis-information and lies about their solution’s capabilities as possible. We need to throw up as much FUD as we can when we talk to the analyst community to give us time to get our new application to market. Maybe we can make up a lie about them stealing their IP from a Chinese company.”
————
You’ve got to be kidding me! Once this news gets out the stock will be hit, the board will want an explanation and estimate of potential damage to the company reputation, our channel partners will want to have a legal opinion on the sales in the pipeline, the direct sales force will want a document to give to their potential customers, and the CEO will want estimates of merit etc. as soon as possible…There goes the vacation…and probably my marriage.
Scenario #1
Now what do I do now?
- Find out who this “Ted” guy is! (Don’t forget “Rick”)
- Find out who Ted and Rick reports to and what department they work in
- Call the VP of IT and give her a heads up on what you are going to be asking for
- Call your outside counsel and alert them as well
- Send an email to the VP of IT (and CC outside counsel) asking her to immediately secure Ted and Rick’s email accounts and any email backup tapes
- Send an email to Ted and Rick (and CC outside counsel) asking them to actively collect and secure under a litigation hold any documents and email that has anything to do with ABC Systems (strange thing is the email system has no one by the name of TED in it)
- Ask the VP of IT to find the original email from Ted to Rick and any other email messages involved in that conversation thread
- Get on the phone to the CEO and update him
- Call your wife and tell her to cancel the vacation plans
Five minutes after your wife hangs up on you in mid-sentence the VP of IT calls and informs you that the company has a 90 day email retention policy and recycles backup tapes every 6 months…the original emails don’t exist anymore. And by the way, after speaking to the VP of HR she discovered Ted had left the company 8 months ago. The only hope is that Rick kept local copies of his emails. By this time its 5:37 pm and Rick has gone home – with his laptop.
Monday morning Rick is surprised to find several people from legal and IT waiting at his desk when he arrives. It turns out Rick actually archives his email instead of letting the system delete it after 90 days into a PST file. Rick locates his 4.5 GB PST file on his share drive but for some reason it won’t open. Several members from the IT department spend two hours trying to get it open but determine its probably corrupted because its too big (PSTs have this nasty habit of letting the user keep stuffing files into it even though its already too big).
IT sends the PST off to a consultant to see if they can open it. After three weeks and $17,553 you are told it’s completely corrupted and can’t be opened!
During those three weeks you spend $4,300 tracking down Ted who doesn’t remember why he would have written an email like that. He does vaguely remember Jennifer may have been part of that conversation thread. 4.5 hours later combing through Jennifer’s PST, (why does everyone have a PST if we made a point to delete emails after 90 days?) you actually find a forwarded version of the email from Ted…It really does exist!
You determine it will be impossible to assemble the entire conversation thread so after several months of negotiating with ACME Systems Attorneys, you settle for $35 million and an apology printed on the front page of the Wall Street Journal…and your wife stopped talking to you.
Tune in tomorrow to catch up on the further adventures of Ted, Rick, Jennifer, ABC Systems, and the strangely silent wife…
eDiscovery101 