Self-data collection has often been a conundrum to organizations, many of which have struggled with whether they can handle it themselves. There is typically a compelling temptation to collect using in-house resources, such as in-house IT, employee custodians or inside counsel.
At the point of decision, a reality check is highly recommended. What could be an efficient and timely procedure, satisfying the stringent requirements of the court, and generating goodwill by running an efficient, timely and compliant collection, could instead backfire due to a host of unforeseen issues… and possibly subject the organization to costly challenges impacting its good standing, reputation and prestige, at the very least.
In other words, collecting in-house could potentially lead to big trouble, running the gamut from sloppiness, missed deadlines, to even outright fraud by omission.
And now, with the pending adoption of amendment 14 to Rule 902 of the Federal Rules of Evidence (FRE), the requirements imposed on organizations to properly collect have become much more rigid. The high standard and corresponding downside of not complying with the requirements imposed on collections created by Rule 902(14) can be avoided by making the decision instead to go with a proven and certified outside forensic expert, able to provide a consistent and defensible product, while also meeting and/or exceeding the bar imposed by FRE Rule 902(14).
So what is FRE Rule 902(14)?
FRE Rule 902(14) relates to data collection. For many years, self-collection has been considered an option for low- to medium-stakes litigation. There have always been a number of reasons to avoid self-collection, from concerns about altered metadata, poor search capabilities within
desktops, to custodians misunderstanding the nature of the requested information. The addition of rule 902(14) should necessitate taking a hard look at self-collection and consider abandoning the process altogether. The pending amendment reads as follows:
(14) Certified Data Copied from an Electronic Device, Storage Medium, or File.
Data copied from an electronic device, storage medium, or file, if authenticated by a process of digital identification, as shown by a certification of a qualified person that complies with the certification requirements of Rule 902.
For a collection to be self-authenticating and for a custodian to avoid testimony on questions related to it, draft FRE Rule 902(14) requires that a “qualified person” must certify that best practices were followed. This makes sense in light of the realities of collection. Collecting without spoliation is a process that requires some technical expertise. There are many pieces of data which are easy to spoliate, even when collected in good faith. They include collecting logs, and most frequently, file access related data.
To garner the benefits of the pending amendment to FRE Rule 902, organizations should engage with a well-qualified forensic professional who can certify that industry standard best practices have been strictly adhered to. Should a legal challenge arise, the expert in forensic collections, who understand the tools used to perform collection, rather than a custodian, can provide you with the defensible standing needed without exposing a witness you might otherwise not wish to put on the stand. Having such a resource in the collection tool kit figures to be welcomed by all stakeholders to the litigation process.
Let’s look at the flip side of this for a moment: In today’s digital environment, if still thinking about using in-house IT, realize there may be scheduling and competency deficits, beyond the fact that in-house IT, in order to perform the collection, will need to swing around dedicated resources, otherwise needed by your organization’s pressing operational and service needs. IT work requests, some with urgent turnarounds, may have to be reshuffled to allow the IT staff to meet court mandated collection deadlines while juggling various custodians’ scheduling issues. It becomes a balancing act, with poor or mediocre results very possible for the delayed or disrupted IT work requests amid court collection expectations and deadlines. Here, an outside forensic team could potentially eliminate work disruptions by scheduling collections after hours or when most convenient, while freeing up IT to do its normal thing.
The in-house IT staff may be capable, and collect with minimal disruption to ongoing processes, but there may still be risk. Collecting data for all responsive documents is far different than entering a search string in Google. Many don’t realize the enormity of the task. They may lack proper legal or technical training, which, in the eyes of the law, is not a viable excuse for poor collection results. And, it doesn’t need to be said that sloppiness, inattention, or even outright laziness can cloud the work performed, and open the organization up to sanctions or worse.
In-house IT will inevitably rely on the tools they have. This may be a serious mistake. There are specific forensic tools that are vetted and peer reviewed and appropriate for the task. Even making the investment to purchase the tools still doesn’t mean understanding them fully, especially in the face of an adversarial legal environment.
It is crucial that original prima facie evidence is preserved along with metadata allowing it to be admissible in court. There is also a great need to document the collection procedure providing enough granularity to ensure the court can understand the full scope of the collection. Here, we are talking about basic and vital forensic documents such as chain of custody, proper marking and tagging, documenting collection procedures, and evidence storage and transmittal, to name a few. And, it doesn’t need to be said that the whole process should be managed by one or more individuals empowered with the authority to keep the collection on track, while adhering to a well thought out and unified approach to the process.
Allowing employee custodians to self-collect can be fraught with danger. In this case, at the very least, some degree of disruption will inevitably be added to normal activities, and different employees may use different standards to determine relevancy and even deploy different collection techniques, providing inconsistent results. A big red flag is employee self-interest, including the most serious examples such as fabricating evidence or omitting to produce fraudulently. In some cases, there is a compelling desire to protect, delete, and/or destroy incriminating records, such as emails, calendars, and so on. Putting the custodian in charge of the collection process opens the door to these dangers, and can potentially lead to a Pandora’s box of issues later on.
Only in some isolated cases, for example when collections are small, might there be a reasonable basis for using in-house resources. There might be instances when a single file share needs to be pulled, or email from one or two custodians. However, no matter the size of the collection, deploying standardized collection techniques along with imposing proper documentation and labelling is critical to preventing spoliation. If done poorly, the organization might still be subject to allegations of foot dragging, malfeasance, or worse.
Ultimately, getting caught up in self-collection-related issues more often than not slows down production and muddies the matter. If problems are detected, sanctions, or worse, might be applied. Being forced to deal with court inquiries eats up valuable organizational resources and manpower. It is vitally important that the organization’s executive team stay focused on strategy to win the case, and not become bogged down by various self-collection issues. It is prudent more now than ever to avoid the pitfalls of going it alone, due to pending FRE Rule 902(14).
Instead, engaging with a vetted, reliable, and certified external forensic professional to handle the collection will negate the adverse effects of noncompliance with pending FRE Rule 902(14) while also providing consistency, and adding a valuable resource to accurately respond to inquiries from the court and/or opposing parties, and ensuring compliance in the most efficient manner, providing the best overall result. One additional caveat is that data collected now will more than likely not make it into court until after the amendment becomes effective so now is definitely not too soon to begin following the steps above to ensure best practices.
Written by Lee Stewart, a consultant at DSi