eDiscovery Compliance for Existing and Planned Information Systems

According to the National Law Journal (2006), about 90% of business documents are stored in electronic form, while between 60% and 70% of corporate data reside in emails or in attachments.

Recent government regulations, the amendments to the Federal Rules of Civil Procedure (FRCP) effective on December 1, 2006, mandate a completely new level of corporate ESI (electronically stored information) treatment and litigation readiness. An amended Rule 33(d) states that "the business should be able to give to the interrogatory party the reasonable opportunity to examine, audit, or inspect such records and to make copies, compilations, abstracts, or summaries."
Rule 34(b)(i) stipulates that "a party who produces documents for inspection shall produce them as they are kept in the usual course of business or shall organize and label them to correspond with the categories in the request".

The new regulation effectively forces businesses to develop an eDiscovery response strategy at a very early stage, making early acceptance of new record management technologies and tools a must. According to a survey by Océ Business Services (2007), only 10% of companies are fully prepared to face an eDiscovery request, 55% consider themselves not prepared enough, and 35% are not even aware of the changes involved in the FRCP amendments.

This paper discusses the most effective ways to make your enterprise information system eDiscovery compliant.

Why is eDiscovery compliance important? The main threats to a noncompliant enterprise come from litigation costs, company downtime, and brand damage.

Litigation costs and legal fees associated with improper ESI management result from spoliation of evidence, adverse inference, summary judgment, and sanctions (see Qualcomm v. Broadcom). In a gender discrimination lawsuit, (Zubulake v. UBS Warburg), the court ordered the defendant to produce all electronic evidence at its own expense—a huge amount of data stored on optical disks, active servers, and backup tapes. Some tapes appeared to be nonfunctional or tampered with—the defendant was facing monetary charges for its failure to preserve the missing tapes and emails. It is important to point out that while judicial procedures did not reveal any documents supporting the plaintiff, the defendant lost the case because of the improper storage and management of company documents.

The cost of company downtime due to on-site or off-site discovery processes is best illustrated with the following real-life example. The United States Secret Service executed a search warrant for SJ Games Inc.'s office computers looking for evidence of data piracy (SJ Games, Inc. v. United States Secret Service). Due to the huge amount of data, officers decided to move the company's hardware to a dedicated site for inspection. SJ Games was not able to recover the hardware until four months later. The company had to lay-off half of its employees and was ready to close its doors. SJ Games was only able to partially recover the expenses accrued in court, and didn't do so until 3 years after the search.

After the general public finds out that a search warrant is issued against an enterprise, brand damage and losses associated with bad PR, loss of trust leading to the loss of clients, stock plunges, etc. can develop, regardless of whether or not they are guilty. It is in the company's best interest to complete the unpleasant procedures and clear its name as soon as possible.

Good data organization, ease of retrieval, and protection from spoliation and tampering are the key elements of eDiscovery preparedness. In this article, we will consider two potential situations: when the data storage infrastructure is already in place, and when the system is in the planning stage.

Avoiding Disruption to Your Existing System with CBFS Connect

If your data storage infrastructure is working, you should take great care in making it eDiscovery compliant without disruptions to its operations. A compliance-oriented system should not interfere with the normal, everyday functions of the existing software and hardware infrastructure.

Ideally, a means can be found to avoid the introduction of changes into the stable and functioning logic of your system. Such changes generally lead to the introduction of potential instabilities and may lead to huge expenses for testing and bug-fixing. There exists a way to avoid these inconveniences: give access to your documents stored inside your system as if they were files and folders on virtual disks. You may object that in-house development of such virtual disk capabilities requires serious investments (thousands of man hours of highly skilled labor). CBFS Connect will solve this problem for you.

CBFS Connect is a software component for developers that allows the virtual, real-time representation of any data as files and folders in an ordinary filesystem. The use of CBFS Connect allows your developer to implement the FRCP provisions in the shortest amount of time: the files may be accessed through the software you currently use, without the necessity to write adapters, parsers, or converters. CBFS Connect is based on a kernel mode driver and, therefore, necessitates the implementation of only a limited number of callback functions, without needing low-level filesystem programming.

The main arguments for the use of CBFS Connect to increase eDiscovery compliance are:

1. The presentation of any data as files and folders improves preparedness for an eDiscovery event. Good document organization and availability makes an investigation possible and reduces the time law-enforcement officers need to find necessary documents, regardless of their format or location. You can arrange your documents by simulating virtual folders within a month-day-year hierarchy, a thematic hierarchy, or any other hierarchy.
2. To facilitate the eDiscovery procedure, the data comprising emails and instant messages must be made easily accessible to investigators. The functionality of CBFS Connect permits the presentation of this unstructured content as regular files, thus, making a search through them as easy as an ordinary Windows search. The distributed nature of CBFS Connect makes it possible to perform single-run searches of data spread across several platforms and storages.
3. CBFS Connect allows the presentation of data in any format stored either locally or remotely—in database records, on mobile devices, in Internet storage, spread over several data storages, or elsewhere.
4. The use of CBFS Connect allows for the assignment of data access privilege which makes it possible to set restrictions on read-and-write operations, or to protect the data from tampering by giving it read-only access.

To summarize: with the help of CBFS Connect, your developers will be able to adapt an existing information system to recent FRCP requirements quickly and without significant system downtime.

Planning eDiscovery-Compliant Systems with CBFS Vault

Needless to say, all newly developed enterprise infrastructures dealing with electronically stored information must be designed to be eDiscovery compliant from their inception. CBFS Vault provides a way to deeply integrate FRCP requirements into a system being planned. This software component makes possible the creation of encrypted file storages with support for metadata, tags, time-stamping, access rules, strong encryption, etc. The benefits of CBFS Vault can be briefly outlined as:

1. Excellent document organization: regardless of where documents are stored, the enterprise can be sure that they are not prone to loss, tampering/spoliation, or inadvertent or intentional destruction.
2. The built-in cryptographic protection of CBFS Vault excludes unauthorized data access. The most efficient modern cryptographic algorithms may be used to not only encrypt/decrypt data, but also to time-stamp them and allow integrity checks.
3. The self-integrity check is another useful functionality of CBFS Vault. Even if a media where the storage is located becomes physically damaged and unreadable through negligence or evidence of a spoilage effort, it will not result in the loss of the whole storage. The damaged part can be reconstructed from the previous version of the storage. This effectively excludes situations similar to the one that resulted in the defendant's loss in the Zabulake v. UBS Warburg case.
4. To enable access to your storage as regular files and folders from any application, you can utilize CBFS Vault. It facilitates the development of monitoring tools to watch the changes made to files inside the CBFS Vault and can export them in any convenient format for an eDiscovery investigation.
5. Providing a whole integral storage to investigators for on-site or off-site search is faster and cheaper than dealing with myriads of separate files, folders, database records, emails, instant messages, etc. scattered throughout the whole system.
   The eDiscovery compliance of an enterprise can be significantly improved through the implementation of efficient document storage, retrieval, indexing, and content search strategies. An efficient way to adopt an existing system is the use of CBFS Connect. At the stage of system design planning, it is natural to consider the use of CBFS Vault as a native data storage platform.