News, events, media, seminars and more
Evidence disclosure in litigation is a critical component of the legal process. If you are involved in a civil dispute, you are required to follow the disclosure process set out in the Civil Procedure Rules (CPR) and share information with the opposing party. This includes both documentation that supports your case and documentation that can potentially undermine your case. This ensures that both parties have all the documentation relevant to the matter available, enabling the Court to make an informed decision.
It is at this stage that the issue of whether an extensive search has been sufficiently completed is commonly disputed by the opposing parties. However, an aspect of disclosure that is just as critical is whether or not the information has been collected in a manner that preserves the metadata and captures all data effectively.
Collecting digital evidence in a forensically sound manner is crucial if electronic disclosure in litigation is to be used as admissible evidence in court. Allowing in-house IT departments to perform their own inadequate data workflow could severely jeopardise a legal disclosure exercise, especially when presenting evidence in court. If the correct steps to disclosure have not been adequately followed, then the opposing party will capitalise on this, critiquing your workflow and attempting to discredit the evidence. Using forensically sound workflows in accordance with the ACPO guidelines would eliminate any concerns or risks.
Should a client be unwilling to instruct experts to manage a disclosure exercise, then you leave yourselves open to an array of risks that include:
As eDisclosure specialists, CYFOR unquestionably advises clients to allow for the collection of data in a forensically sound manner. This ensures that the critical metadata within the digital evidence (such as documents) is preserved without alteration. If we have a forensically collected copy of the data, then we would be able to defend your disclosure process in a court of law. This would confirm that all documents are legitimate, which nobody would be able to do should your client do the searches themselves. Failure to do so would allow the opposing side to challenge your eDisclosure process and/or accuse your client of having fraudulently created documents.
Metadata exists within every digital item (such as documents and images) stored on physical devices, such as your computer and smartphone. It is the information generated within a piece of electronic data and the information contained within metadata can include:
These devices may also collect metadata about your usage, creating a digital footprint. These properties may be automatically generated by your operating system, or the application you are using. Metadata often tells the rest of the story about the document and, therefore, is often a key focus of disclosure in litigation. However, there are still lawyers who are not fully aware of the benefits of preserving, collecting and utilising metadata, in part because they are not entirely clear on what it is and how it can be beneficial.
CYFOR adhere to the methodology of ‘collect wide, review narrow’. This ensures that no digital evidence is overlooked during the forensic collection process. This eliminates the risk of the opposing party making accusations of not reviewing all relevant data for disclosure in litigation. If a client is allowed to review the data before you do, then they would be able to withhold potentially relevant information. Such an act would be detrimental as it would allow the opposing side to challenge the workflow in court.
CYFOR have first-hand experience of cases where corporates had initially attempted a document search themselves for disclosure purposes. Once the realisation set in that no forensic protocols had been adhered to and that a sufficient search of the data could not be confirmed, they turned to CYFOR to conduct a forensically sound analysis. Ultimately, it is far more cost and time effective to involve a third party once the disclosure stage is reached.
It is also worth noting that it may, in fact, be cheaper to outsource as opposed to conducting a linear review of the documents. If there are thousands of electronic documents involved within a disclosure in litigation, deadlines can be missed without having a more efficient way of reviewing the data. It would take significantly longer to manually review, which would also increase legal costs.
The Association of Chief Police Officers (ACPO) guidelines are a set of principles that should be adhered to when handling electronic evidence. It is critical that they are strictly adhered to when computers or digital media are investigated. This is to ensure that the evidence collected has the following attributes:
The ACPO Guidelines consist of four core principles:
Principle 1: No action taken by law enforcement agencies or their agents should change data held on a computer or storage media which may subsequently be relied upon in court.
Principle 2: In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions.
Principle 3: An audit trail or other records of all processes applied to computer-based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result.
Principle 4: The person in charge of the investigation (the case officer) has overall responsibility for ensuring that the law and these principles are adhered to.
The recent criminal disclosure issues highlighted the numerous cases that collapsed due to incorrect disclosure practises, with 916 charges dropped in 2017 alone. The BBC reported that the number of collapsed prosecutions in England and Wales had risen sharply by 70% over the last two years due to the disclosure of evidence failings.
The biggest issue surrounding these practices is largely down to the vast amounts of data that investigators are faced with. The Police don’t have adequate resources or training in order to thoroughly apply the disclosure test to each piece of data extracted from a device. For example; if an individual lodged a complaint due to being harassed via text messages, a full forensic image of the phone would be initiated. This forensic image would be an extract of all the available data within the device, including;
Once extracted, the solicitor or investigator dealing with the matter would be obliged to view every document, photograph, video, search term etc. to satisfy themselves that nothing undermined their case or assisted the prosecution. Due to the ever-increasing amount of storage capacity in modern mobile phones, this task soon becomes totally unmanageable. Evidence then gets overlooked, hence the disclosure failings highlighted in the media.
A key takeaway factor for lawyers involved in civil disputes is to be as specific as possible with data extractions, taking into consideration exact time frames and areas of information. Instead of extracting every piece of data, they should be target-specific based on the information they have at the time. For example, if they are only looking for text messages in a particular time frame, they should only extract this section of the telephone’s data. This will greatly reduce the amount of time and effort required when sifting through the files.
The counter-argument to this specificity is that if not all data is extracted and reviewed, evidence could emerge further down the line that proves critical to the outcome of a case. However, if the extraction is based on the information at that time, the policy decision around that should be appropriate and documented accordingly.
CYFOR were instructed by an international Magic Circle law firm to perform a complex eDisclosure at the eleventh hour. Their client was involved in litigation, with allegations of fraud and the theft of significant amounts of money. The client’s IT department had attempted their own electronic disclosure in-house, without abiding by certifiable digital forensic procedures admissible for court. This was exposed by the opposing party who had correctly instructed forensic professionals and had identified these failings within the workflow.
One of CYFOR’s digital forensic experts were tasked with travelling to Kazakhstan in order to evaluate the client’s information technology infrastructure, policies and operations. There was also the necessity to evaluate and assess the specific evidence collection process for disclosure in litigation proceedings.
Through the application of thorough step-by-step forensic procedures, the CYFOR expert was able to certify that the client’s employees who carried out the in-house electronic disclosure were competent to carry out the task required of them. It was also confirmed that they did so to the best of their ability with the tools available to them and that they did so in accordance with the agreement between the parties.
Whilst onsite, the expert was also instructed by the Claimants’ legal team to take a full forensic collection of any relevant data sources. This included forensic images of all hard drives and email servers available, in order to identify any documents that may inadvertently not have been caught by the Claimants’ electronic searches.
Although the conclusive findings were that the electronic disclosure process conducted by the Claimants’ was reasonable and proportionate given the circumstances, it came at great cost. Due to the inadequacy of the initial electronic disclosure in the eyes of the court, the client incurred considerable costs by having to perform the procedure twice. Hence the term, ‘buy cheap, buy twice’. There is also the reputational and embarrassment factor to consider given the high-profile reputation of the international law firm and their inability to instruct forensic professionals from the offset.
London: 0207 438 2045
Manchester: 0161 797 8123