electronic discovery pearse ryan, arthur cox andrew harbison, grant thornton 26 september 2012
TRANSCRIPT
Electronic Discovery
Pearse Ryan, Arthur CoxAndrew Harbison, Grant
Thornton26 September 2012
2
Discovery 2009
"…an order of discovery which shall:verify that the discovery of documents sought is necessary for disposing fairly of the cause or matter or for saving costs;(b) furnish the reasons why each category of documents is required to be discovered, and(c) where the discovery sought includes electronically stored information, specify whether such party seeks the production of any documents in searchable form and if so, whether for that purpose the party seeking discovery seeks the provision of inspection and searching facilities using any information and communications technology system owned or operated by the party requested."
Statutory Instrument 93/2009
3
Discovery Issues in the Computer Age• the storage capacity of computers is vast - there’s too much
material to review• your computer’s memory is better than human memory- data
custodians don’t know all the files on their computers• accessing evidential computer files directly can change them• the electronic forms of the documents are the originals• to print a document is to lose data• electronic discovery is faster• electronic discovery is cheaper (per document)• electronic discovery is more complete• evidential computer data is easy to tamper with
4
The Landfill Data Management Model
5
How much data?
• complete works of Shakespeare* 5 Megabytes• complete works of Stephen King ~70 Megabytes• 1 metre Shelf of books* 100 Megabytes• one CD 700 Megabytes• one DVD 4.7 GB / 9.1 GB• 1 Kilometre stack of printed A4 paper 40 Gigabytes• Hodges Figgis, Dawson St. < 250 Gigabytes• largest USB thumb drive commercially available 256 Gigabytes• average sized hard drive 350 Gigabytes• 50,000 large trees 1 Terabyte• contents of TCD library 2.5 Terabytes• largest hard drive commercially available 4 Terabytes• contents of Library of Congress* 10 Terabytes• contents of computers in GT Ireland 120 TB• data retrieved to date in largest EU ED case to date 250 TB (0.25
Petabytes)• total of all words ever spoken* 5,000,000 TB (5
Exabytes)
6
What kind of data? Irish/UK version
active (or on-line) - as in the USembedded - metadatareplicate - duplicates of active filesback-up - tapes etc. same as archivalresidual - everything else. "forensic"
7
Correct Procedure
"The Good Practice Guide to Computer-Based Electronic Evidence"Association of Chief Police Officers UK
1. No action taken by investigators should change data on a computer or storage media which may subsequently be relied upon in Court
2. In exceptional circumstances, where a person finds it necessary to access original data held on a computer or on storage media, that person must be competent to do so and be able to give evidence explaining the relevance and the implications of their actions
3. An audit trail or other record of all process applied to computer based electronic evidence should be created and preserved. An independent third party should be able to examine those processes and achieve the same result
8
Why electronic discovery?
• 90% of data on computers is never printed• 70% of e-mails are never printed• 30% of word documents are never printed• >97% of business documents are electronic• 35% of corporate communications are never printed
USC Berkley 2003
9
… and it hasn’t been done much in Ireland, because?• Up to now no defined rules – no requirement• Irish precedents not well known• Costs were overestimated• Plenty of time available for litigation (changing
quickly)• Fear of loss of revenue
10
New Precedent
Hansfield Developments & ors –v- Irish Asphalt & ors (Menolly –v- Lagan)
http://www.irishtimes.com/newspaper/breaking/2010/0212/breaking133_pf.htm
http://www.courts.ie/Judgments.nsf/09859e7a3f34669680256ef3004a27de/023d5aef84eb4ea9802576c80043d13f?OpenDocument
11
New Irish e-discovery rules
• specifically names ESI as "documents"• requires provision of ESI in electronic format• possible two-tier discovery• renegotiation of discovery orders• court may order a party to give inspection and search
facilities • man-in-the-middle inspections• specific rules for ordering of discovered documents• Peruvian Guano Rule will apply
12
Peruvian Guano?
13
Objective No. 1: Data Reduction
Effective planning
Technical reduction
Relevant Non-relevant Privileged
Logicalsearch
14
Electronic Discovery Reference Model – www.edrm.com
15
Advice custodians of obligations - preservationServer custodians• do not engage in large scale deletion or movement of
material regardless of who may instruct it• preserve all tapes which may contain relevant information• continue to preserve tapes until otherwise advised• do not make significant changes to server configurations
before consulting legal team• send e-mail to legal team advising that they understand
these instructions
16
Advise custodians of obligations - preservationOther custodians• do not delete files either locally or on file
servers until otherwise instructed• do not make modifications to original files either
locally or on files servers until otherwise instructed
• do not delete e-mail until otherwise instructed• do not clear browser cache until otherwise
instructed
17
How wide does discovery need to be?
• all relevant documents which are in your power or possession, or were in your power of possession
• But the search needs to be "reasonable"• necessary for disposing fairly of the case or
saving costs• documents that might lead to other relevant
documents (the Peruvian Guano rule)• while cost of discovery is an issue, you cannot
rely on it as a protection
18
Backup Tapes
Pros• contain large amounts of potentially relevant
data.• single backups often straightforward to recover
(in non SMEs)Cons• difficult to recover (more than one or two)• multiplies the amount of data needing
processing• e-mail backups recoveries often difficult • obsolete technology also a problem
19
Some Useful Information SourcesA Process of Illumination: The Practical Guide to Electronic Discovery Mack, M.
Electronic Evidence and Discovery: What Every Lawyer Should Know Now Lange M.C.S. & Nimsinger K.S.
The Sedona Principleshttp://www.thesedonaconference.com/conhttp://www.thesedonaconference.com/content/miscFiles/publications_html?grp=wgs110
20
Cyber/Data Insurance
• Not new but new focus within insurance industry
• The risk landscape – data as a risk subject• Data as a risk subject:
• Data loss – internal- external
• Data theft - internal- external
• Data – unavailability/corruption• Data - misuse
• The internal threat – larger than external threat!
21
Cyber/Data Insurance – Drill Down• First party risks• Third party liability• Example of insurance schedule:
• Aggregate limit of liability per policy period “for all loss of Insureds under all insurance covers required” - €
• Sublimits per claim:• Data administrative investigations• Data administrative fines (note: may be retention eg 10% and may be min € floor)• Pro-active forensic services• Repair of company’s reputation• Repair of individuals reputation• Restoring, recreating or recollecting electronic data
• Optional extensions and sublimits:• Multimedia liability• Cyber/privacy extortion• Network interruption
• Key Question – is “data” tangible property and/or “property damage” and/or “asset” under policy or is it excluded? A key question under current insurance policies and in review of CDI policy
22
Cyber/Data Insurance
There is a fire – put it out!
• Speed of response of the essence• Effectiveness of response• Insurers – (self) interest in containing situation BUT
dovetails with insured (self) interest• This is particular aspect of CDI• CDI – premium setting
• CDI not cheap and neither should it be, given the central position of data for insured!
• But premium influenced by insured degree of good practice in data security area
• So degree of due diligence – may go beyond insurance proposal form to include active due diligence for larger policies
23
Cyber/Data Insurance
Conclusion• Insurers see large potential market• Q do potential insured see the need for CDI?• Do available policies meet demand?• Premium issue – relatively expensive and due diligence Q
• Response to data loss/corruption event – key for insurer and insured – crisis management
24
Thank You.