Last week The Sedona Conference (“TSC”) published revisions for public comment to its very influential Sedona Principles: The Sedona Principles, Third Edition: Best Practices, Recommendations & Principles for Addressing Electronic Document Production. Per the TSC, the update was “necessitated by an even greater explosion in the volume and diversity of forms of electronically stored information, the constant
evolution of technology applied to eDiscovery, and by further amendments to the Federal Rules of Civil Procedure” as well as by many years of experience in e-discovery. Public comments are invited through June 30, 2017.
The third edition of the Sedona Principles are a must-read. They are well written, providing excellent and important guidance to lawyers and eDiscovery practitioners alike. The drafters do not shy away on taking some strong stands on important eDiscovery issues, such as the over-use of forensic disk imaging for eDiscovery preservations. While full disk images may be warranted in some limited situations, the expense and burden associated with the practice can be quite extensive, particularly in matters that involve multiple custodians. The Sedona Commentary correctly notes: “Civil litigation should not be approached as if information systems were crime scenes that justify forensic investigation at every opportunity to identify and preserve every detail.”
Section 8c of the newly revised Commentary is dedicated to forensic imaging, stating that: “Forensic data collection requires intrusive access to desktop, server, laptop, or other hard drives or media storage devices.” While noting the practice is acceptable in some limited circumstances, “making a forensic copy of computers is only the first step of an expensive, complex, and difficult process of data analysis . . . it should not be required unless circumstances specifically warrant the additional cost and burden and there is no less burdensome option available.”
The commentators are absolutely correct here. It is established law that the duty to preserve evidence, including ESI, extends only to relevant information. The vast majority of ESI on a full disk image will typically constitute irrelevant information. As stated by one court, “imaging a hard drive results in the production of massive amounts of irrelevant, and perhaps privileged, information.” Deipenhorst v. City of Battle Creek, 2006 WL 1851243 (W.D.Mich. June 30, 2006) at *3. In noting that the “imaging of computer hard drives is an expensive process, and adds to the burden of litigation for both parties.”
This disfavoring of forensic imaging in the revised Sedona Principles also stems from the increased emphasis of proportionality under new Federal Rule of Civil Procedure 26(b)(1). In fact, of the 14 enumerated principles in this third edition, 12 of them address preservation in whole or in part. The over-arching theme is that ESI preservation efforts should be reasonable, proportionate, and targeted to only relevant information, as opposed to being overly broad and unduly burdensome.
In regard to forensic collection, courts do require that ESI be collected in a forensically sound manner, which does not mean a full forensic disk image is required, but generally does entail that metadata is not altered and a documented chain of custody is maintained. More advanced enterprise class technology can accomplish remote searches across multitudes of custodians that are narrowly tailored to collect only potentially relevant information while preserving metadata at the same time. This process is better, faster and dramatically less expensive than manual disk imaging.
In fact, The Sedona principles do outline such an alternative to forensic disk imaging: “Automated or computer-assisted collection involves using computerized processes to collect ESI meeting certain criteria, such as search terms, file and message dates, or folder locations. Automated collection can be integrated with an overall electronic data archiving or retention system, or it can be implemented using technology specifically designated to retrieve information on a case-by-case basis.”
This language maps directly to the capabilities of X1 Distributed Discovery (X1DD), which enables parties to perform targeted search and collection of the ESI of up to thousands of endpoints over the internal network without disrupting operations. The search results are returned in minutes, not weeks, and thus can be highly granular and iterative, based upon multiple keywords, date ranges, file types, or other parameters. This approach typically reduces the eDiscovery collection and processing costs by at least one order of magnitude (90%). This method is sound from an evidentiary standpoint as the collected data is preserved in its native file format with its metadata intact. X1DD features a solid chain of custody and robust logging, tracking and reporting.
And in line with the concepts outlined in the revised Sedona Commentary, X1DD provides a repeatable, verifiable and documented process for the requisite defensibility. For a demonstration or briefing on X1 Distributed Discovery, please contact us.