Disaster, Recovery and e-Discovery – What You Don’t Know CAN Hurt You

Part I of a two-part series.  Part II will appear 11/25/08.

PART I – ESI IDENTIFICATION & PRESERVATION

j0439550Perception is reality – or so the saying goes.  With e-discovery, perception cannot be reality.  The divergence of these concepts is illustrated by the following statistics:

When queried, a high percentage of law firms and in-house counsel believe the companies they represent are ready to comply with a litigation request.

Apparently, they didn’t ask the IT department.  A dismal percentage of IT managers believe they are ready to comply.

A lot of this obvious disconnect can be attributed to lack of communication between the parties.  However, another major element is what’s lost in translation.  Do the attorneys understand how IT accomplishes this task – or the difficulty of achieving it?  Does IT understand what the attorneys are asking of them?  Do both groups understand what is encompassed in the term “ESI” (electronically stored information)?

Lawyers are thinking about the litigation hold.  IT is thinking about incremental, differential and full backups.  Never the twain shall meet.

How many times has IT received a call like this?  “I created a document this morning and I accidentally overwrote it this afternoon.  Can you please restore it for me?”  That’s a problem.  Regardless of what day it may be in the rotation, most companies perform a back-up once per evening.  As such, there is no back-up of the caller’s file.  Unless the over-written file can be restored somehow from the disk it was saved to, the caller is out of luck.

Back-ups are not normally a dynamic process; they’re snapshots in time.  Even if you do full backups every night, theoretically, an infinite number of people may “touch” a file between those two periods.  This is something lawyers would easily understand; but many are not aware of it.

What the lawyers need is for the data to not only be located – and restored, if necessary.  The data must also be preserved.  Nobody must touch or modify that snapshot – a line in the sand, so to speak.  Again, this is something IT would easily understand; but many are not aware of it; nor the massive amounts of storage that may be required to accomplish it.

Also, most rotation schemes involve eventually overwriting the media (Grandfather-Father-Son?  Tower of Hanoi?).  What happens if, like in the recent McAfee case, data is requested that is from the year 2000?

Rows of Drawers at Library ca. 2001

Basic definitions also come into play.  Do all of the parties mean the same thing when they use the terminology?  What is a back-up and a restore?  What is disaster-recovery?  Do you have separate processes for each?  Are they considered the same thing at your company?  What is the intent of the process; ready access to the files or worst-case-scenario access?  Is the data stored on-site or off-site?  Both?

IT is thinking about how feasible it is to access the data.  Attorneys are thinking about Zubulake.

Be careful you’re not creating your own homonyms.  Webster’s Dictionary defines them as, “Two words…pronounced or spelled the same way but have different meanings”.

If Legal thinks it’s one thing and IT thinks it’s another, both groups are going to face some very unpleasant realities down the road.  This would be a good time to get those definitions written down.  Then make sure you’re all on the same page.