Exterro's E-Discovery & Privacy Breakdown

The world of E-Discovery & Privacy is constantly changing – let us break it down for you with a weekly dose of News, Resources, Case Law, and Humor, all written in a concise and easy to understand format.

< BACK TO ALL STORIES

Wiped Hard Drives, Lost Devices, User Error, and Technology Nightmares

Created on July 29, 2019


Director of Marketing at Exterro

E Discovery Worst Case Scenario Post 3 Header

E-Discovery and technology go hand in hand. With most modern communications happening on mobile phones or computers, via text, email, or instant message, the challenges of finding, preserving, and producing data are inherently technical. The subject of the investigation is a technology, and the means of accessing the information is through technology as well. And as we all know, mistakes can happen. Whether user error or device failure, some of the worst case scenarios in e-discovery are technology issues.

In the third and final week of our e-discovery "worst case scenarios" blog post series our experts will be discussing technology nightmares and ways to overcome them.

Can You Fix It?

Sometimes what seems like a catastrophe is, in fact, not. Understandably, your first reaction to a major technology gaffe—say an accidentally wiped laptop hard drive—is to go full Chicken Little, “The Sky is Falling!” But given the capabilities of IT experts today, make sure you check that the data is damaged or deleted before you make any hasty decisions.

“Start from the beginning and go through your process to find out what caused the problem. It could be a situation where there’s intentional spoliation, or it could be an inadvertent mistake. Then at that point, determine what forensic exercise you can perform to make a good-faith effort to recover the data. Document the steps you’ve taken. Make sure you get a declaration that says, ‘We tried all these techniques, but we were unable to restore the data,’” says Albert Barsocchini, Director of Strategic Consulting at NightOwl Discovery.

Fess Up

Everyone has heard the saying, “It’s not the crime; it’s the cover up.” Even in a case where there’s no crime—just a technological mishap, oversight, or plain old screw up—you’re better off owning up to what’s happened and figuring out what you can do to make it right.

“Once you know what happened, go to the other side and be completely transparent and honest about what happened, instead of trying to hide it. Because when you try to hide it, or you try to push it under the rug, a small problem turns into a much bigger one. It’s better to take the consequences than to try to bury it or navigate around the problem,” explains Barsocchini. “That’s always been our policy.”

Notify the Court

Of course, you’re not entirely off the hook after notifying opposing counsel. You still have to inform the court of what happened. That’s why it’s important to document all the steps you’ve taken to identify what went wrong and how you went about fixing it.

If you’ve taken the right steps, Barsocchini explains, “You’re going to be in a much better position when you go in front of the judge to say, ‘We alerted them immediately. These are the steps we took.’”

That’s sound advice—also from the judge’s perspective. Hon. Andrew Peck, retired US Magistrate Judge (S.D. N.Y.), concurred, “If something goes wrong, your best bet is not to try to cover it up, not to try to hide the ball, but to come clean immediately.”

A Lost (and Found) Hard Drive

Back in the day (and in some cases, still today), relevant data may be stored on physical hard drives that you have to collect and store under lock and key. Typically, if this is the case, you’ll have records and processes to document where, when, and how it’s stored, so the device is collected and processed as part of the data set for discovery. But of course, accidents happen.

Exterro Managing Director of Client Operations, Nishad Shevde, recalls one such occasion. “It was a multi-tier litigation with regulatory impacts, class action securities litigation, and company versus company litigation. After everything was closed, we did a routine check of our data lockers and found three hard drives with about two terabytes of unprocessed data.”

Yikes.

All’s Well That Ends Well

“We immediately told the client and outside counsel what happened, and in parallel started figuring out what was going on with the contents of the hard drives. We started processing it, and counsel started informing who they needed to that there was more data to produce,” Shevde continued. As in other worst-case scenarios, jumping into action, informing the necessary parties, and doing whatever is possible to remedy the misstep are the foundation for a response plan.

“It worked out OK,” he concluded. “The immediate disclosure, the frankness and detailed information we provided, a detailed assessment of how it was missed, and the remediation steps taken all contributed to the successful resolution.”

Track Your Data

Having protocols for routine checks of data lockers helped catch this worst-case scenario before it was too late, but it still has lessons for e-discovery today. Shevde explains, “Whether it’s physical or virtual, there are still steps in e-discovery where we’re moving data around. Make sure you have systems and controls in place to account for the data movement. Do regular audits of that data movement to ensure that it’s been treated, handled, and processed in compliance with best practices—both for e-discovery and data protection.”

Technology can help. Unified and connected e-discovery platforms reduce the need for these handoffs and data movement by a large order of magnitude—and early processing of data can reduce the amount of data and the risks of moving it.

One Thing at a Time

If you’re an e-discovery professional, it’s pretty much a given that you’ll have a lot going on at any given time: managing legal holds, collecting and processing data, coordinating with IT, service providers, and counsel. But sometimes “one more thing” can be “one thing too many,” especially if that one thing is a significant software upgrade.

“We were in the middle of processing a big case and also doing a massive software upgrade of our processing engine. Because of the timing of the case, we had to do the two concurrently. Since we were processing the case on the new version of the software, we decided to regression test it using an old case at the same time. We knew how many files were there, document counts, etc.,” Joe Mulenex, Director of Solutions Consulting at Exterro, recalls.

“In the middle of the processing, the regression test showed huge holes. We saw a lot of documents that were getting dropped that shouldn’t have been. It wasn’t unpacking attachments correctly and leaving them out of search results.”

Backtracking Effectively

Faced with the problem caused by the new version of the software, Mulenex had to unwind the changes and then re-start processing the data for the current case. Fortunately, planning ahead has its rewards.

“It was all about having a remediation plan. If you know something might happen, make sure you’re able to back things out and redo the work. And of course, communicate clearly. We were able to go to outside counsel and say, ‘Stop what you’re doing. Don’t even start your review. We’ve got to get you a new data set,’” he said. “Outside counsel lost three days of review because of reprocessing. It had an impact on schedule and on cost, but we had a plan in case anything went awry.”

Fortunately, issues like this with on-premises software are lessening as more and more e-discovery teams move to cloud technology, where updates can be tested repeatedly on the vendor’s side before they get used in actual e-discovery.