This is the 4th and final blog in a multi-part blog discussing various critical requirements that can serve as the road map to allow a lawyer to fulfill his/her duty of technological competence. [Click here to read Part 1, here to read Part 2, and here to read Part 3].
You have assessed the discovery needs of your matter, implemented appropriate preservation mechanisms to prevent spoliation concerns, and studied your client’s electronic information systems and the ways in which data is stored therein. Now, it is time to collect the potentially relevant ESI. At this juncture, I would consider working with someone who brings to the table a depth of technical knowledge that allows for a forensically sound collection of ESI. Whether that involves retaining an ESI vendor, partnering with an in-house team, or retaining ESI counsel, it is important that you work with someone knowledgeable. This is because the metadata can very easily and inadvertently be altered during the collection process.
You may have heard the term “metadata” before, but are not exactly sure what it is. Often people think metadata is “data about data.” And, while that is technically correct, what does that mean? I often equate metadata with the fingerprint of a given electronic file. It tells you the who, what, when, and where about the file, along with other unique information. For example, every time you take a photo with today’s cameras, metadata is gathered and saved with it including the photo’s date and time, filename, camera settings and geolocation. Likewise, every email you send or receive has a number of metadata fields, many of which are hidden in the message header and not visible to you in your mail client. This metadata includes, among other things, the subject, from, to, date and time sent, sending and receiving server names and IPs, format (plain text or HTML), anti-spam software details. Capturing, without altering, the various pieces of metadata associated with a file is important when you perform your ESI collection. And, if not handled correctly, the collection can be forever compromised (i.e., the entire collection of emails effectuated on 2/12/19 now has that date as their sent date, when in actuality they were sent on various dates over the course of many years). You can understand why this inadvertent alteration could have lasting impact on a litigation.
When it comes to the mechanics of collecting the ESI there are many questions to be asked including whether to “self-collect” or engage a vendor? There are also decisions to be made as to whether to image an entire data source (i.e., hard drives) or perform a targeted collection? Is an “onsite” collection necessary (it is often exponentially more costly)? Or can the data be collected “remotely” (i.e., wherein the individual collecting the data remotely accesses the computer/device housing the data)? At the end of the day, the two most important questions to ask yourself are: (1) is your intended collection methodology going to allow for a defensible and sound collection? And, (2) is the data, now collected, (and even during collection) encrypted and secure? Once the data is defensibly collected and stored securely, the review process for purposes of production (and building your case) begins.