Defining eDisclosure and its relationship with digital forensics
23rd March 2016
With the advent of the digital age, a new name for the process involving evidence in digital form is required… eDisclosure (or eDiscovery)
Electronic discovery (eDiscovery) is the wider known process, however, for the purposes of this article eDisclosure will be the focus as this is a specific term used in the Civil Procedure Rules of England and Wales. Some of the terms and processes within can also still be applied to eDiscovery.
eDisclosure: the process of disclosing digital information, also known as electronically stored information (ESI). Given its nature, this ESI may be held in numerous formats across multiple locations and jurisdictions (including the cloud).
The digital forensics and eDisclosure industry has developed around preserving digital information such as emails, SMS, PDFs and other documents, and presenting them for review in a format that is readable by lawyers and their clients.
Typical forms of ESI (Electronically Stored Information)
- Personal computers
- Calendar files
- VOIP (Voice over internet protocol)
- Web based applications
- Mobile phones
- Social networking sites
- Portable data storage media e.g. DVDs,
- USB sticks
- Document files
- Email files e.g. Outlook, Lotus Notes
- (This list is not exhaustive)
Why is this important?
If there is an injunction to produce data relevant to a court case, it must be produced. Where there is a Disclosure Order, the costs involved in processing, reviewing and analysing the data can be substantial, sometimes in the region of hundreds of thousands of pounds for complex requests. All of this has combined to make it even more difficult for the judges to manage cases effectively.
Luckily, unlike the in US, in England and Wales we have the opportunity to estimate the costs prior to court; court rules require a Disclosure Report and an estimate of the broad range of costs of disclosure to be filed at court before the first case management conference (CMC).
Definition: Disclosure report
A report, verified by a statement of truth, that:
Briefly describes what documents exist or may exist that are, or may be, relevant to the matters in issue in the case, and describes where, and with whom, those documents are, or may be, located.
Describes how any electronic documents are stored.
Estimates the broad range of costs that could be involved in giving standard disclosure (including the cost of searching for, and disclosing, any electronically stored documents).
States which of the directions in CPR 31.5(7) or (8) are to be sought.
In an eDisclosure process, whenever a document is deemed relevant, irrespective of where in the world it may be located, it would be expected that all reasonable steps are taken to ensure all copies of the electronic data are captured. Failure to comply with a Court order or the parties’ agreement to forensically image all relevant ESI can result in substantial damages that may severely impact an organisation’s ability to operate.
Why is it necessary to use a digital forensics specialist in eDisclosure?
One might imagine that in this day and age with the availability of software tools, retrieving documents or computer records is a relatively easy task. Isn’t it just as simple as asking the IT Manager to copy and paste the relevant files onto a USB device and providing said memory back to you? The reality is, it is not as straightforward as that. In fact the scenario described above is not only a forensically unsound process, it would not be defensible in a court of law.
The reason being, precise data is required and retrieval of that data is carried out by digital forensics specialists in a manner that preserves and retrieves the document with all metadata (a set of data – often hidden – that describes and gives information about other data such as when the document was created, its owner and more). Once any digital device is deemed relevant as evidence to a case, even powering up that device could irrecoverably alter the data in question.
The scale of the task can be a massive barrier: eDisclosure can be a huge task and if not done properly, the sheer volume of data involved in a case can amount to terabytes (1 TB of paper stacked would be 66,000 miles high!), and that data is growing year on year. In 1993 the total internet traffic amounted to one terabyte. Costs can be incurred unnecessarily and you may be exposed to arguments by the other party that your disclosure is disproportionate and/or crucial evidence has been lost or not disclosed; this may result in adverse costs orders and other sanctions.
Both parties are under an obligation to preserve and disclose to the other party all relevant documents to the dispute. Specific requirements for data retrieval are defined in the pre-trial stage and will determine the actual costs involved.
As stated in Practice Direction 31B:
“As soon as litigation is contemplated, the parties’ legal representatives must notify their clients of the need to preserve disclosable documents. The documents to be preserved include Electronic Documents which would otherwise be deleted in accordance with a document retention policy or otherwise deleted in the ordinary course of business.”
In a traditional situation, businesses deal with:
- Active data – working content and live applications
- Recovery copies – generally stored on back-ups in the cloud or local network
- Archives – where older versions are stored
- Compliance copies – required for legislative or standard compliance – a separate archive.
The primary problem is that businesses often fail to link these disparate copies correctly and additional copies are often created inadvertently, as different revisions are created or email updates are sent. Information life-cycle management (ILM) is the ultimate aim, where each document is tracked from initial conception, through multiple revisions and to eventual purge and deletion.
Happily, there are software solutions that will handle these issues and ensure that compliance, eDisclosure and other data tasks are handled in the background without manual intervention. These solutions are customised to suit the activities of the practice.
Making the transition to electronic document management sooner rather than later is recommended, as it is much easier to work with electronic originals rather than handle conversions from paper-based records. Integrating radiology media and other image-based data is an added advantage.
It is also worthwhile reducing data volumes by purging unnecessary data in a secure manner. Staff training is essential and original data should be accessed from a single central location, without sending copies by email or other method, instead sending links that allow authorised users to view the data.
The fact remains that every business, regardless of size, faces a risk of exposure to such a situation. Preparation is key. Effective data management and careful control of data access will substantially reduce the costs associated with unexpected litigation or demands for data.
This can be achieved by use of cloud-based solutions, for example, as data is stored in a single location and accessed remotely by employees with the correct user credentials. This is an important consideration when sensitive information such as health records is involved.