*** My n/w and phones are out, so I’m coming to you live from the Redondo Beach Public Library, courtesy of their free wireless service…THANK YOU!!! ***
Why did the goose cross the road? Let’s take a gander…
I.T. to the Attorneys and Management: “Great news! We can leverage our existing ESI backup and/or disaster recovery systems to solve many of our e-discovery challenges and simultaneously cut costs!”
The Attorneys to I.T. and Management: “Terrible news! You can leverage your existing ESI backup and/or disaster recovery
systems to solve many of your e-discovery challenges and simultaneously cut costs!”
Why both? Sauce for the goose is good for the gander – anything that makes it easier for you to access ESI, also makes it easier for your adversary. But is it that simple?
Key phrases to keep in mind; ‘accessible’, ‘not reasonably accessible’, ‘inaccessible’ and ‘cost-shifting’. The Federal rule states:
“A party need not provide
discovery of electronically stored
information from sources that the party
identifies as not reasonably accessible
because of undue burden or cost. On motion
to compel discovery or for a protective order,
the party from whom discovery is sought
must show that the information is not
reasonably accessible because of undue
burden or cost. If that showing is made, the
court may nonetheless order discovery from
such sources if the requesting party shows
good cause, considering the limitations of
Fed.R.Civ.P. 26(b)(2)(B), italics added.
The courts sought to define the parameters in a series of rulings, commonly referred to as ‘Zubulake I, II, III, IV & V‘! These are not new rulings by any means (2003-2004), and I dealt with a case on this very issue in 1997, but because so many IT groups are ramping up their e-discovery bona fides at this time, this would be a good opportunity to revisit Zubulake and make sure you understand the implications.
In the normal course of business, one might implement a solution, then policy follows. This is definitely one of those times where you should be thinking about policy – and consulting your legal resources – before you implement the solution or modify your current one. After all, a lot of IT professionals don’t read cases nor know of their implications.
I can’t count how many times I’ve been asked, “How long do we have to keep this stuff?” Is it possible 37 days is enough? Gippetti v. UPS, Inc., 2008 WL 3264483 (N.D. Cal. Aug. 6, 2008)
Think about it; what does “keep” mean, exactly? What does “stuff” mean, exactly? Can a single data retention policy apply to “everything” or only certain types of ESI; and should you apply a different retention standard to various forms of ESI, based on their use?
Let’s say you have a policy that you delete ESI after X months. Do you retain or destroy the backup media? Do employees thwart you by archiving data to their office PCs – or worse – store it on the internet, a personal PC or a thumb drive?
This should be part of your thinking as you craft policy. It matters whether you can answer those questions. If not, be prepared for an unpleasant surprise when your adversary comes looking for this information.