Electronic Discovery

Pearse Ryan, Arthur CoxAndrew Harbison, Grant

Thornton26 September 2012

2

Discovery 2009

"…an order of discovery which shall:verify that the discovery of documents sought is necessary for disposing fairly of the cause or matter or for saving costs;(b) furnish the reasons why each category of documents is required to be discovered, and(c) where the discovery sought includes electronically stored information, specify whether such party seeks the production of any documents in searchable form and if so, whether for that purpose the party seeking discovery seeks the provision of inspection and searching facilities using any information and communications technology system owned or operated by the party requested."

Statutory Instrument 93/2009

3

Discovery Issues in the Computer Age• the storage capacity of computers is vast - there’s too much

material to review• your computer’s memory is better than human memory- data

custodians don’t know all the files on their computers• accessing evidential computer files directly can change them• the electronic forms of the documents are the originals• to print a document is to lose data• electronic discovery is faster• electronic discovery is cheaper (per document)• electronic discovery is more complete• evidential computer data is easy to tamper with

4

The Landfill Data Management Model

5

How much data?

• complete works of Shakespeare* 5 Megabytes• complete works of Stephen King ~70 Megabytes• 1 metre Shelf of books* 100 Megabytes• one CD 700 Megabytes• one DVD 4.7 GB / 9.1 GB• 1 Kilometre stack of printed A4 paper 40 Gigabytes• Hodges Figgis, Dawson St. < 250 Gigabytes• largest USB thumb drive commercially available 256 Gigabytes• average sized hard drive 350 Gigabytes• 50,000 large trees 1 Terabyte• contents of TCD library 2.5 Terabytes• largest hard drive commercially available 4 Terabytes• contents of Library of Congress* 10 Terabytes• contents of computers in GT Ireland 120 TB• data retrieved to date in largest EU ED case to date 250 TB (0.25

Petabytes)• total of all words ever spoken* 5,000,000 TB (5

Exabytes)

6

What kind of data? Irish/UK version

active (or on-line) - as in the USembedded - metadatareplicate - duplicates of active filesback-up - tapes etc. same as archivalresidual - everything else. "forensic"

7

Correct Procedure

"The Good Practice Guide to Computer-Based Electronic Evidence"Association of Chief Police Officers UK

1. No action taken by investigators should change data on a computer or storage media which may subsequently be relied upon in Court

2. In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions

3. An audit trail or other record of all process applied to computer based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result

8

Why electronic discovery?

• 90% of data on computers is never printed• 70% of e-mails are never printed• 30% of word documents are never printed• >97% of business documents are electronic• 35% of corporate communications are never printed

USC Berkley 2003

9

… and it hasn’t been done much in Ireland, because?• Up to now no defined rules – no requirement• Irish precedents not well known• Costs were overestimated• Plenty of time available for litigation (changing

quickly)• Fear of loss of revenue

10

New Precedent

Hansfield Developments & ors –v- Irish Asphalt & ors (Menolly –v- Lagan)

http://www.irishtimes.com/newspaper/breaking/2010/0212/breaking133_pf.htm

http://www.courts.ie/Judgments.nsf/09859e7a3f34669680256ef3004a27de/023d5aef84eb4ea9802576c80043d13f?OpenDocument

11

New Irish e-discovery rules

• specifically names ESI as "documents"• requires provision of ESI in electronic format• possible two-tier discovery• renegotiation of discovery orders• court may order a party to give inspection and search

facilities • man-in-the-middle inspections• specific rules for ordering of discovered documents• Peruvian Guano Rule will apply

12

Peruvian Guano?

13

Objective No. 1: Data Reduction

Effective planning

Technical reduction

Relevant Non-relevant Privileged

Logicalsearch

14

Electronic Discovery Reference Model – www.edrm.com

15

Advice custodians of obligations - preservationServer custodians• do not engage in large scale deletion or movement of

material regardless of who may instruct it• preserve all tapes which may contain relevant information• continue to preserve tapes until otherwise advised• do not make significant changes to server configurations

before consulting legal team• send e-mail to legal team advising that they understand

these instructions

16

Advise custodians of obligations - preservationOther custodians• do not delete files either locally or on file

servers until otherwise instructed• do not make modifications to original files either

locally or on files servers until otherwise instructed

• do not delete e-mail until otherwise instructed• do not clear browser cache until otherwise

instructed

17

How wide does discovery need to be?

• all relevant documents which are in your power or possession, or were in your power of possession

• But the search needs to be "reasonable"• necessary for disposing fairly of the case or

saving costs• documents that might lead to other relevant

documents (the Peruvian Guano rule)• while cost of discovery is an issue, you cannot

rely on it as a protection

18

Backup Tapes

Pros• contain large amounts of potentially relevant

data.• single backups often straightforward to recover

(in non SMEs)Cons• difficult to recover (more than one or two)• multiplies the amount of data needing

processing• e-mail backups recoveries often difficult • obsolete technology also a problem

19

Some Useful Information SourcesA Process of Illumination: The Practical Guide to Electronic Discovery Mack, M.

Electronic Evidence and Discovery: What Every Lawyer Should Know Now Lange M.C.S. & Nimsinger K.S.

The Sedona Principleshttp://www.thesedonaconference.com/conhttp://www.thesedonaconference.com/content/miscFiles/publications_html?grp=wgs110

20

Cyber/Data Insurance

• Not new but new focus within insurance industry

• The risk landscape – data as a risk subject• Data as a risk subject:

• Data loss – internal- external

• Data theft - internal- external

• Data – unavailability/corruption• Data - misuse

• The internal threat – larger than external threat!

21

Cyber/Data Insurance – Drill Down• First party risks• Third party liability• Example of insurance schedule:

• Aggregate limit of liability per policy period “for all loss of Insureds under all insurance covers required” - €

• Sublimits per claim:• Data administrative investigations• Data administrative fines (note: may be retention eg 10% and may be min € floor)• Pro-active forensic services• Repair of company’s reputation• Repair of individuals reputation• Restoring, recreating or recollecting electronic data

• Optional extensions and sublimits:• Multimedia liability• Cyber/privacy extortion• Network interruption

• Key Question – is “data” tangible property and/or “property damage” and/or “asset” under policy or is it excluded? A key question under current insurance policies and in review of CDI policy

22

Cyber/Data Insurance

There is a fire – put it out!

• Speed of response of the essence• Effectiveness of response• Insurers – (self) interest in containing situation BUT

dovetails with insured (self) interest• This is particular aspect of CDI• CDI – premium setting

• CDI not cheap and neither should it be, given the central position of data for insured!

• But premium influenced by insured degree of good practice in data security area

• So degree of due diligence – may go beyond insurance proposal form to include active due diligence for larger policies

23

Cyber/Data Insurance

Conclusion• Insurers see large potential market• Q do potential insured see the need for CDI?• Do available policies meet demand?• Premium issue – relatively expensive and due diligence Q

• Response to data loss/corruption event – key for insurer and insured – crisis management

24

Thank You.