Many legal professionals aren’t aware that there is more to defensibly migrating an email archive in response to eDiscovery than simply copying the journaled email store. In a previous blog titled “What I Don’t Know Can Hurt Me; Beware of Indexers Disguised as Archive Migration Tools”, I talked about the eDiscovery issues you can run into when you migrate the email store without reconciling it with the email archive SQL database, i.e. you lose all associated email metadata showing folder structure, read/unread, follow-up reminders, sender and all recipients (including CC and BCC).
There is another issue that responders to an eDiscovery request must be aware of; there can be two potential sources of archived email content in an email archive; the journaled mailbox archive and the individual custodian archived mailboxes. Migrating only the archived journal mailbox versus the individual mailbox archives can put you at legal risk.
Journal mailbox archiving captures each individual message as it flows through the email server and stores it in a “journal mailbox,” which is a big bucket of all emails sent and received from all mailboxes (figure 1). The main benefit of journaling email is that it captures and protects every email sent and received. In the past, journaling was used to ensure compliance with the SEC requirement that all emails, for brokers and traders, be captured and secured for later review. Journaling also ensures that the original email message is captured in an unaltered (original) state. The down side of journaling is that it creates a “flat” archive with none of the metadata generated from within an individual’s mailbox once it has been received (or sent). This means that mailbox folder structure, forwarding, movements from mailbox folder to folder, and the fact that the email was opened, etc., are not captured when journaling email.
Direct mailbox archiving works differently from journaling in that the archive server will access each individual mailbox and archive anything new in that mailbox including new messages, drafts, email movements from folder to folder, etc. The benefit of direct mailbox archiving is that it captures additional content and metadata that could be important during litigation (figure 2). The downside is that this form of mailbox archiving can take much longer to complete.
To get the best of both worlds, many organizations will enable both types of email archive collection to ensure the capture of all messages in an unaltered state via journaling while also performing a direct mailbox archive once a day to capture the additional content and metadata.
The issue arises when the company or company’s vendor, in response to an eDiscovery request, chooses to migrate only the journaled email archive while certifying to the opposing counsel and court that ALL responsive data was migrated and reviewed (figure 3 – left side). Keep in mind, in legal discovery it is the duty of the responding party to search for, and turn over, all relevant data to opposing counsel. This includes all existing metadata that could be relevant to the case.
This incomplete production of data could trigger charges of incomplete discovery response or spoliation (destruction of evidence) if the archived metadata is lost or corrupted after the original data production.
Organizations migrating email from an archive, in response to an eDiscovery order, should ensure their migration vendor can defensibly migrate and reconcile both the journal and direct mailbox archives (figure 3 – right side).
Archive360 has experience in migrating email archives in response to eDiscovery requests. We defensibly migrate email so charges of incomplete eDiscovery or spoliation do not occur.