Exterro's Legal GRC Breakdown

Get your daily dose of news, best practices, and technology from Exterro's e-discovery, privacy, and digital forensics experts here.


Experts Weigh in on Targeted Collections in E-Discovery

Created on August 13, 2013


A couple of weeks ago we posted on some of the prevalent myths around e-discovery collection. During Exterro's recent webcast, “Are you Over Collecting (And Over Spending) on E-Discovery," two e-discovery experts weighed in on the topic and provided their perspectives on why there is so much confusion around what constitutes a truly defensible collection process. Attorneys Bill Hamilton, from Quarles & Brady, and Drew Hinkes, from Berger Singerman, agreed that many organizations take an overly broad approach to collection, which results in unnecessarily high e-discovery costs, a lot more work for internal legal and IT teams and, in some cases, increased risks. Following are some of the webcast highlights.

Bill Hamilton on the costs associated with overly broad collections:

Exterro-Webcast.jpg“Collection leads directly into processing fees. The more you collect, the more you're going to have to process, especially when you are doing broad forensic collections because most of the data you collect is going to be useless information about how the operating system works, the applications that are on the operating systems and various kinds of irrelevant logs that the computer is keeping and generating. A computer is a giant library in certain respects. You're going to collect all the racks and stacks and everything else associated with the data and you're going to have to host it, process it, and then you're going to have to filter it down. So if you start out with this huge mass of data it's just going to drive up your costs every step of the way."

Drew Hinkes on the benefits of a targeted collection strategy:

Data-Reduction-300x225.jpg“The reality is that getting everything in the hopes that you are going to catch the relevant stuff is a poor practice. It's ungainly, it's expensive and it's usually going to be unnecessary; and you can get the tail wagging the dog. What you want to do is work through an iterative process of gathering knowledge, working with custodians who understand the facts of the case, working with opposing counsel, believe it or not, to come up with protocols and understandings that embrace the proportionality principle and then coming up with set of materials to be collected which are relevant and make sense."

Bill Hamilton on why full bit-by-bit imaging is usually overkill in e-discovery:

“You can copy those bits of information off of a computer device or any other storage device that has ESI on it with various tools that allow you to go in and grab what is going to be relevant to the case. That doesn't mean you have to create a complete forensic copy of the entire disk. You can forensically copy part of the disk. This confusion might come from a misunderstanding that if you touch the electronically stored information you are going to automatically change the metadata. There are tools available that allow us to go in and pick out portions of that hard drive we were looking at, the files and documents we need, without altering the electronic bits that comprise the metadata and other information about the file."

Drew Hinkes on taking a “phased" collection approach:

“Phased discovery is critical. When I say phased discovery what I mean is get the most important things, the easiest things and the items most at risk first. Obviously if the case is about a contract dispute, you're going to know the contract, you're going to know the person who signed the contract and you're going to be able to tell who drafted the contract and who negotiated the contract. That's what I call the 'low hanging fruit,' the obvious stuff. Then you want to look at the easiest stuff. What's already preserved on a backup tape that you can get your hands on immediately? It's not going to be expensive, it's not going to be burdensome, you can find it and you can grab it; it's not tough. And then you want to look at the things that are most at risk, the things that might slip through your fingertips. These include the contents of live databases, where new information is replacing old information on an active, ongoing basis. Those can be things like big CRM systems, things like SAP or PeopleSoft , they can also be communication mediums that overwrite themselves like some messaging systems. There are also systems that have an active deletion or archiving process. You want to make sure that the things that are most at risk, easiest and most obvious are preserved and collected first."